Jump to content

iexplore.exe virus. Nothing working!


Recommended Posts

So I got this stupid iexplore.exe virus and it keeps running multiple processes in my task manager. I keep ending them, but they always pop back up. I have poured through the forums looking for a solution but nothing works. It keeps making popups come up that I can't see, but I can hear running somewhere. It's super annoying. I have the full versions of both Malwarebytes AND avast antivirus running and neither can pick it up. But whenever I scan it finds more appdata things to delete like it's creating new ones all the time. How the hell do I get rid of this? I've tried deleting it, but all the manual removal guides I've found haven't been helpful. I've even tried running a series of other virus scanners and nothing has found it. What do I do? 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01

Ran by Magdalena (administrator) on MAGDALENA-PC on 24-05-2015 19:27:39

Running from C:\Users\Magdalena\Downloads

Loaded Profiles: Magdalena (Available Profiles: Magdalena)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 8 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-23] (Avast Software s.r.o.)

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\...\MountPoints2: {eff86758-e655-11e4-89cd-10c37b9b9922} - H:\VZW_Software_upgrade_assistant.exe

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-23] (Avast Software s.r.o.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006

SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-363754102-1980314354-4055774757-1000 -> {3FCDBC62-9296-4003-992A-B62AA03D224B} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-23] (Avast Software s.r.o.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-23] (Avast Software s.r.o.)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-363754102-1980314354-4055774757-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)

Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2010-11-20] (Microsoft Corporation)

Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

 

FireFox:

========

FF ProfilePath: C:\Users\Magdalena\AppData\Roaming\Mozilla\Firefox\Profiles\oc2ttgjj.default

FF DefaultSearchEngine: Google (avast)

FF DefaultSearchEngine.US: Google (avast)


FF SearchEngineOrder.1: Google (avast)

FF SelectedSearchEngine: Google (avast)


FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-30] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)

FF SearchPlugin: C:\Users\Magdalena\AppData\Roaming\Mozilla\Firefox\Profiles\oc2ttgjj.default\searchplugins\google-avast.xml [2015-05-23]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-09-15]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-20]

 

Chrome: 

=======

CHR Profile: C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-24]

CHR Extension: (Google Docs) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-24]

CHR Extension: (Google Drive) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-24]

CHR Extension: (YouTube) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-24]

CHR Extension: (Google Search) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-24]

CHR Extension: (Google Sheets) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-24]

CHR Extension: (Bookmark Manager) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-24]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]

CHR Extension: (Google Wallet) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-24]

CHR Extension: (Gmail) - C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-24]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-23]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-23] (Avast Software s.r.o.)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-23] (Avast Software s.r.o.)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-23] (Avast Software)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)

R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-01] (NVIDIA Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-01] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-01] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-26] (Electronic Arts)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-23] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-23] (Avast Software s.r.o.)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-23] (Avast Software s.r.o.)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-23] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-23] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-23] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-23] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-23] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-23] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-23] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-24] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-01] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-23] (Avast Software)

R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-05-24 19:27 - 2015-05-24 19:27 - 02108416 _____ (Farbar) C:\Users\Magdalena\Downloads\FRST64.exe

2015-05-24 19:27 - 2015-05-24 19:27 - 00016840 _____ () C:\Users\Magdalena\Downloads\FRST.txt

2015-05-24 19:27 - 2015-05-24 19:27 - 00000000 ____D () C:\FRST

2015-05-24 18:51 - 2015-05-24 18:51 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\qtplwnuo

2015-05-24 18:45 - 2015-05-24 18:45 - 00000000 ____D () C:\Users\Magdalena\Documents\Simply Super Software

2015-05-24 18:37 - 2015-05-24 18:37 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\zzhdambt

2015-05-24 18:25 - 2015-05-24 18:25 - 00000000 ____D () C:\Users\Default\AppData\Roaming\AVAST Software

2015-05-24 18:25 - 2015-05-24 18:25 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\AVAST Software

2015-05-24 18:22 - 2015-05-24 18:41 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover

2015-05-24 18:22 - 2015-05-24 18:22 - 00000000 ____D () C:\ProgramData\TEMP

2015-05-24 18:22 - 2015-05-24 18:22 - 00000000 ____D () C:\ProgramData\Licenses

2015-05-24 18:20 - 2015-05-24 18:21 - 38982112 _____ (Simply Super Software ) C:\Users\Magdalena\Downloads\trjsetup692.exe

2015-05-24 18:06 - 2015-05-24 18:06 - 00001409 _____ () C:\Users\Magdalena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

2015-05-24 17:10 - 2015-05-24 17:10 - 22029608 _____ (SUPERAntiSpyware) C:\Users\Magdalena\Downloads\SUPERAntiSpyware.exe

2015-05-24 17:05 - 2015-05-24 17:05 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe

2015-05-24 17:05 - 2015-05-24 17:05 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\bvplsdcp

2015-05-24 11:10 - 2015-05-24 19:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-05-24 11:10 - 2015-05-24 18:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-05-24 11:10 - 2015-05-24 11:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-05-24 11:10 - 2015-05-24 11:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-05-24 11:10 - 2015-05-24 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-05-24 11:09 - 2015-05-24 11:09 - 00880208 _____ (Google Inc.) C:\Users\Magdalena\Downloads\ChromeSetup.exe

2015-05-24 10:56 - 2015-05-24 18:43 - 00047382 ____N () C:\Windows\WindowsUpdate.log

2015-05-23 22:42 - 2015-05-24 17:05 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\igvszcwr

2015-05-23 22:42 - 2015-05-23 22:42 - 00019768 _____ () C:\Windows\system32\.crusader

2015-05-23 22:39 - 2015-05-24 18:53 - 00000000 ____D () C:\Program Files\HitmanPro

2015-05-23 22:39 - 2015-05-24 17:05 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-05-23 22:27 - 2015-05-23 22:27 - 11024496 _____ (SurfRight B.V.) C:\Users\Magdalena\Downloads\HitmanPro_x64.exe

2015-05-23 22:26 - 2015-05-23 22:29 - 00000000 ____D () C:\AdwCleaner

2015-05-23 22:24 - 2015-05-23 22:24 - 02223104 _____ () C:\Users\Magdalena\Downloads\adwcleaner_4.205.exe

2015-05-23 22:17 - 2015-05-23 22:17 - 00000000 ____D () C:\Windows\pss

2015-05-23 22:06 - 2015-05-23 22:06 - 00111840 _____ () C:\Users\Magdalena\AppData\Local\GDIPFONTCACHEV1.DAT

2015-05-23 22:00 - 2015-05-23 22:01 - 00546456 _____ (www.privacyroot.com) C:\Users\Magdalena\Downloads\setup_wipe.exe

2015-05-23 21:28 - 2015-05-23 21:28 - 00123932 _____ () C:\Users\Magdalena\Documents\cc_20150523_212839.reg

2015-05-23 16:49 - 2015-05-23 16:49 - 00000000 __SHD () C:\Jumpshot

2015-05-23 16:48 - 2015-05-24 16:39 - 00000000 ____D () C:\Windows\jumpshot.com

2015-05-23 16:37 - 2015-05-23 22:44 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\pcjxphjl

2015-05-23 16:28 - 2015-05-23 16:28 - 21546400 _____ (Malwarebytes Corporation ) C:\Users\Magdalena\Downloads\mbam_premium.exe

2015-05-23 15:52 - 2015-05-23 15:52 - 00000000 ____D () C:\temp

2015-05-23 15:51 - 2015-05-24 19:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-05-23 15:51 - 2015-05-23 16:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-05-23 15:51 - 2015-05-23 16:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-05-23 15:51 - 2015-04-14 10:30 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-05-23 15:51 - 2015-04-14 10:30 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-05-23 15:51 - 2015-04-14 10:30 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-05-23 15:50 - 2015-05-23 15:50 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Magdalena\Downloads\mbam-setup-2.1.6.1022.exe

2015-05-23 15:50 - 2015-05-23 15:50 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

2015-05-23 15:49 - 2015-05-23 15:49 - 01188440 _____ (Malwarebytes Corporation ) C:\Users\Magdalena\Downloads\Unconfirmed 148385.crdownload

2015-05-23 15:21 - 2015-05-23 15:25 - 00000000 ____D () C:\Windows\SysWOW64\vbox

2015-05-23 15:21 - 2015-05-23 15:25 - 00000000 ____D () C:\Windows\system32\vbox

2015-05-23 15:02 - 2015-05-23 15:02 - 00449896 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdisFlt.sys

2015-05-23 15:02 - 2015-05-23 15:02 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe

2015-05-23 15:02 - 2015-05-23 15:02 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr

2015-05-23 15:02 - 2015-05-23 15:02 - 00028144 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys

2015-05-23 15:02 - 2015-05-23 15:02 - 00001922 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk

2015-05-23 15:02 - 2015-05-23 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2015-05-23 15:01 - 2015-05-23 15:01 - 00000112 _____ () C:\ProgramData\e17Rxb.dat

2015-05-23 15:00 - 2015-05-23 15:00 - 00003850 _____ () C:\Windows\System32\Tasks\Winfix Helper

2015-05-23 15:00 - 2015-05-23 15:00 - 00003520 _____ () C:\Windows\System32\Tasks\Winfix 10 Auto Start Logon

2015-05-23 15:00 - 2015-05-23 15:00 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\SenseIUpdater

2015-05-23 15:00 - 2015-05-23 15:00 - 00000000 ____D () C:\Users\Magdalena\AppData\Local\System_Care_Pro

2015-05-23 14:59 - 2015-05-23 14:59 - 00003668 _____ () C:\Windows\System32\Tasks\IE_ERR4WDR

2015-05-23 14:59 - 2015-05-23 14:59 - 00003644 _____ () C:\Windows\System32\Tasks\HDNINSTSCHD

2015-05-23 14:59 - 2015-05-23 14:59 - 00003510 _____ () C:\Windows\System32\Tasks\UPDTEXE4_WDR

2015-05-23 14:59 - 2015-05-23 14:59 - 00000912 _____ () C:\Windows\SysWOW64\${LOGFILE}

2015-05-23 14:58 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hp.bak

2015-05-23 14:42 - 2015-05-23 14:42 - 00000000 ____D () C:\Users\Magdalena\Documents\Dolphin Emulator

2015-05-23 14:41 - 2015-05-23 14:41 - 05020582 _____ () C:\Users\Magdalena\Downloads\dolphin-master-4.0-6318-x64.7z

2015-05-23 14:12 - 2015-05-23 14:12 - 00547531 _____ () C:\Users\Magdalena\Downloads\Old.Classic.Pc.Games-SCC.torrent

2015-05-17 19:31 - 2015-05-17 19:31 - 00000222 _____ () C:\Users\Magdalena\Desktop\Wild Season.url

2015-05-16 16:53 - 2015-05-16 16:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-05-15 16:03 - 2015-05-15 16:03 - 00005748 _____ () C:\Users\Magdalena\Downloads\flatten.pkm

2015-05-14 20:02 - 2015-05-14 20:02 - 00000000 ____D () C:\Users\Magdalena\Documents\Banished

2015-05-14 19:24 - 2015-05-14 19:24 - 00000222 _____ () C:\Users\Magdalena\Desktop\Banished.url

2015-05-13 20:04 - 2015-05-13 20:04 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\TeamViewer

2015-05-13 19:45 - 2015-05-14 19:08 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin

2015-05-13 19:45 - 2015-05-13 19:45 - 00000000 ____D () C:\Users\Magdalena\AppData\Local\CrashRpt

2015-05-13 19:22 - 2015-05-13 19:22 - 00028455 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E22.720p.HDTV.X264-DIMENSION.torrent

2015-05-13 03:01 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2015-05-13 03:01 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-05-12 11:20 - 2015-05-04 18:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-05-12 11:20 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-05-12 11:20 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2015-05-12 11:20 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2015-05-12 11:18 - 2015-04-27 12:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-05-12 11:18 - 2015-04-27 12:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-05-12 11:18 - 2015-04-27 12:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-05-12 11:18 - 2015-04-27 12:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-05-12 11:18 - 2015-04-27 12:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-05-12 11:18 - 2015-04-27 12:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2015-05-12 11:18 - 2015-04-27 12:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-05-12 11:18 - 2015-04-27 12:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-05-12 11:18 - 2015-04-27 12:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-05-12 11:18 - 2015-04-27 12:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe

2015-05-12 11:18 - 2015-04-27 12:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe

2015-05-12 11:18 - 2015-04-27 12:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe

2015-05-12 11:18 - 2015-04-27 12:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-05-12 11:18 - 2015-04-27 12:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe

2015-05-12 11:18 - 2015-04-27 12:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-05-12 11:18 - 2015-04-27 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-05-12 11:18 - 2015-04-27 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-05-12 11:18 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-05-12 11:18 - 2015-04-27 12:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-05-12 11:18 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-05-12 11:18 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-05-12 11:18 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-05-12 11:18 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-05-12 11:18 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2015-05-12 11:18 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-05-12 11:18 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-05-12 11:18 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-05-12 11:18 - 2015-04-27 12:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-05-12 11:18 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

2015-05-12 11:18 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-05-12 11:18 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

2015-05-12 11:18 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe

2015-05-12 11:18 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe

2015-05-12 11:18 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe

2015-05-12 11:18 - 2015-04-27 12:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-05-12 11:18 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-05-12 11:18 - 2015-04-27 12:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-05-12 11:18 - 2015-04-27 12:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-05-12 11:18 - 2015-04-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-05-12 11:18 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-05-12 11:18 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe

2015-05-12 11:18 - 2015-04-27 12:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-05-12 11:18 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-05-12 11:18 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 11:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll

2015-05-12 11:18 - 2015-04-27 10:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-05-12 11:18 - 2015-04-27 10:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-05-12 11:18 - 2015-04-27 10:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-05-12 11:18 - 2015-04-27 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-05-12 11:18 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-05-12 11:18 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-05-12 11:18 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2015-05-12 11:18 - 2015-04-19 19:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-05-12 11:18 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe

2015-05-12 11:18 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll

2015-05-12 11:18 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll

2015-05-12 11:18 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll

2015-05-12 11:18 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll

2015-05-12 11:18 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll

2015-05-12 11:18 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe

2015-05-12 11:18 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll

2015-05-12 11:18 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll

2015-05-12 11:18 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll

2015-05-12 11:18 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe

2015-05-12 11:18 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe

2015-05-12 11:18 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe

2015-05-12 11:18 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll

2015-05-12 11:18 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll

2015-05-06 18:19 - 2015-05-06 18:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf

2015-05-05 10:30 - 2015-05-05 10:30 - 00034320 _____ () C:\Users\Magdalena\Downloads\Supernatural.S09E05.720p.HDTV.X264-DIMENSION.torrent

2015-04-26 10:10 - 2015-04-08 13:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2015-04-26 10:09 - 2015-04-08 17:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2015-04-26 10:09 - 2015-04-08 17:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2015-04-26 10:09 - 2015-04-08 17:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2015-04-25 22:05 - 2015-04-25 22:05 - 00028841 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E12.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 22:04 - 2015-04-25 22:04 - 00031936 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E08.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 22:04 - 2015-04-25 22:04 - 00029942 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E11.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 22:04 - 2015-04-25 22:04 - 00029702 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E10.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 22:04 - 2015-04-25 22:04 - 00027538 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E09.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 22:03 - 2015-04-25 22:03 - 00031040 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E06.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 22:03 - 2015-04-25 22:03 - 00017074 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E07.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 21:58 - 2015-04-25 21:58 - 00029961 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E04.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 21:58 - 2015-04-25 21:58 - 00029224 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E05.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 21:57 - 2015-04-25 21:57 - 00030654 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E03.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 21:56 - 2015-04-25 21:56 - 00063868 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E02.720p.HDTV.X264-DIMENSION.torrent

2015-04-25 14:50 - 2015-04-25 14:50 - 00031887 _____ () C:\Users\Magdalena\Downloads\Supernatural.S10E01.720p.HDTV.X264-DIMENSION.torrent

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-05-24 19:22 - 2015-01-28 20:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-05-24 18:51 - 2014-09-14 09:02 - 00000000 ____D () C:\Windows\Panther

2015-05-24 18:48 - 2009-07-13 21:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-05-24 18:48 - 2009-07-13 21:45 - 00032096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-05-24 18:47 - 2009-07-13 22:13 - 00802182 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-05-24 18:40 - 2014-09-14 08:17 - 00000000 ____D () C:\ProgramData\NVIDIA

2015-05-24 18:40 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-05-24 18:06 - 2014-09-14 08:07 - 00001443 _____ () C:\Users\Magdalena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-05-24 18:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-05-24 13:50 - 2014-09-14 08:38 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\Skype

2015-05-24 11:10 - 2014-09-14 08:32 - 00000000 ____D () C:\Users\Magdalena\AppData\Local\Google

2015-05-24 11:10 - 2014-09-14 08:32 - 00000000 ____D () C:\Program Files (x86)\Google

2015-05-23 22:44 - 2014-11-10 15:57 - 00000000 ____D () C:\Windows\Minidump

2015-05-23 22:08 - 2015-02-21 10:22 - 00000000 ____D () C:\Users\Magdalena\AppData\OICE_15_974FA576_32C1D314_2D6A

2015-05-23 22:05 - 2014-09-14 11:18 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\BitTorrent

2015-05-23 21:28 - 2014-09-14 11:12 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-05-23 16:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-05-23 15:59 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\DigitalLocker

2015-05-23 15:57 - 2014-09-14 10:01 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2015-05-23 15:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System

2015-05-23 15:23 - 2014-09-14 10:37 - 00000000 ____D () C:\Windows\system32\appmgmt

2015-05-23 15:22 - 2014-10-25 15:33 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-05-23 15:22 - 2014-10-25 15:33 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-05-23 15:19 - 2014-09-20 16:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-05-23 15:19 - 2014-09-14 08:38 - 00000000 ____D () C:\ProgramData\Skype

2015-05-23 15:19 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-05-23 15:19 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-05-23 15:18 - 2014-10-25 15:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-05-23 15:18 - 2009-07-13 21:45 - 05052656 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-05-23 15:02 - 2014-09-20 16:47 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys

2015-05-23 15:02 - 2014-09-20 16:47 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys

2015-05-23 15:02 - 2014-09-20 16:47 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys

2015-05-23 15:02 - 2014-09-20 16:47 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys

2015-05-23 15:02 - 2014-09-20 16:47 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys

2015-05-23 15:02 - 2014-09-20 16:47 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys

2015-05-23 15:02 - 2014-09-20 16:47 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys

2015-05-23 15:02 - 2014-09-20 16:47 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys

2015-05-23 14:57 - 2014-09-18 20:25 - 00000000 ____D () C:\Fraps

2015-05-20 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-05-20 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX

2015-05-19 04:33 - 2014-10-30 18:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2015-05-13 21:23 - 2015-03-22 19:04 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\vlc

2015-05-13 03:46 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

2015-05-13 03:21 - 2014-10-25 15:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2015-05-13 03:21 - 2014-10-25 15:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2015-05-13 03:20 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal

2015-05-13 03:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers

2015-05-13 03:04 - 2014-09-17 19:27 - 00000000 ____D () C:\Windows\system32\MRT

2015-05-13 03:02 - 2014-09-17 19:27 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-05-13 03:01 - 2014-10-25 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-05-04 20:28 - 2014-09-20 17:23 - 00000000 ____D () C:\Users\Magdalena\AppData\Roaming\Audacity

2015-05-01 09:51 - 2014-09-14 08:17 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2015-05-01 09:51 - 2014-09-14 08:17 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2015-05-01 09:50 - 2014-09-14 08:17 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2015-05-01 09:50 - 2014-09-14 08:17 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2015-04-26 10:11 - 2014-09-14 08:17 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2015-04-26 10:10 - 2014-09-14 08:17 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2015-04-26 10:10 - 2014-09-14 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

 

==================== Files in the root of some directories =======

 

2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Magdalena\AppData\Roaming\5zrHPxscw05fH3oGiy2PXP

2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Magdalena\AppData\Roaming\iU01t8z7HcnhJzJ

2014-09-23 19:48 - 2015-04-21 22:27 - 0001456 _____ () C:\Users\Magdalena\AppData\Local\Adobe Save for Web 13.0 Prefs

2014-09-15 10:10 - 2014-09-22 14:27 - 1745176 _____ () C:\Users\Magdalena\AppData\Local\WinRarSetup.exe

2015-05-23 15:01 - 2015-05-23 15:01 - 0000112 _____ () C:\ProgramData\e17Rxb.dat

 

Files to move or delete:

====================

C:\ProgramData\e17Rxb.dat

 

 

Some files in TEMP:

====================

C:\Users\Magdalena\AppData\Local\Temp\HitmanPro.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-05-24 14:31

 

==================== End of log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01

Ran by Magdalena at 2015-05-24 19:28:01

Running from C:\Users\Magdalena\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-363754102-1980314354-4055774757-500 - Administrator - Disabled)

Guest (S-1-5-21-363754102-1980314354-4055774757-501 - Limited - Enabled)

Magdalena (S-1-5-21-363754102-1980314354-4055774757-1000 - Administrator - Enabled) => C:\Users\Magdalena

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)

Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX (HKLM-x32\...\{E94EFAB6-653F-4837-9E8A-F6377CA1EC0D}) (Version: 11.8.800.175 - Adobe Systems Incorporated)

Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)

Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)

Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)

Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)

Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)

BitTorrent (HKU\S-1-5-21-363754102-1980314354-4055774757-1000\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)

Darkest Dungeon (HKLM-x32\...\Steam App 262060) (Version:  - Red Hook Studios)

Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)

Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)

Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts)

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)

iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)

LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)

NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.4.3.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.3.22 - NVIDIA Corporation)

NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden

Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)

Wild Season (HKLM-x32\...\Steam App 328220) (Version:  - Quickfire Games)

WinRAR 5.11 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

XSplit Broadcaster (HKLM-x32\...\{31D17C3E-3D43-4C0E-B816-6730706AC390}) (Version: 2.1.1501.0626 - SplitmediaLabs)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

17-05-2015 19:00:20 Windows Backup

19-05-2015 02:40:39 Windows Update

20-05-2015 03:00:10 Windows Update

23-05-2015 15:01:48 avast! antivirus system restore point

23-05-2015 15:02:45 Device Driver Package Install: Avast Network Service

23-05-2015 15:22:28 Removed WeatherApp

23-05-2015 22:14:22 Removed Itibiti RTC

23-05-2015 22:41:15 Checkpoint by HitmanPro

23-05-2015 22:42:46 Checkpoint by HitmanPro

24-05-2015 17:05:11 Checkpoint by HitmanPro

24-05-2015 17:59:22 Windows Modules Installer

24-05-2015 19:00:06 Windows Backup

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {07CBF4EE-9408-4617-8493-FCE3DE86FEB5} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe

Task: {1820C8D8-208A-41A4-BD2B-052415B38AED} - System32\Tasks\Winfix 10 Auto Start Logon => C:\Program Files (x86)\Winfix 10 Pro\Winfix 10.exe

Task: {2171B9CD-EB60-4E6E-BD00-D5D0ADEBFF2B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {302A5CEC-936D-4AA4-BE5A-AC1AE9AB9E3C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)

Task: {4647FE9A-AAE5-4223-8CD2-B37CF4B5B8BE} - \SMW_UpdateTask_Time_3535303538353239322d2337785a326c5b3234342d41 No Task File <==== ATTENTION

Task: {5A3C3908-4C1D-47B7-B4A8-FF564CCFA1AB} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe

Task: {62135CF2-8610-4B32-94F7-B6C06CFEE1DB} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe

Task: {6404CB3A-C63F-41A2-A826-A5B759DD21AD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)

Task: {65923B4B-EA54-45EB-809C-D2325308386F} - \{032B8763-8B28-43CA-8A6E-8B42DC3AC218} No Task File <==== ATTENTION

Task: {6C611720-8F50-4C6B-B449-4D471C182689} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)

Task: {948A0571-B8B5-416B-9F2B-BB4FCDFD3B6F} - \avabvbxvh No Task File <==== ATTENTION

Task: {9600BB83-6757-4FC0-86A4-63D80B784FD7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)

Task: {98CE2C5B-2C24-46CA-8C52-69DBF8FD299A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)

Task: {A7B5414A-6241-4469-8624-4BA34E25B672} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)

Task: {B5390A13-E2F0-47B8-8EC3-68E564D8D64D} - System32\Tasks\Winfix Helper => C:\Program Files (x86)\Winfix 10 Pro\\WinfixHelper.exe

Task: {C40A8675-02D9-4844-B368-90F108485D2E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)

Task: {D01231FD-D60E-4313-B231-7EE62924956A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-23] (Avast Software s.r.o.)

Task: {E0D8BBA4-CF5A-4B8A-BD57-AC70A3918828} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-24] (Google Inc.)

Task: {E12F0800-66F9-4399-9BB2-276425A50CA4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-28] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2014-09-14 08:17 - 2015-04-08 14:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-03-20 06:34 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2014-10-30 18:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-05-23 15:02 - 2015-05-23 15:02 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-05-23 15:02 - 2015-05-23 15:02 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-05-24 14:12 - 2015-05-24 14:12 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052401\algo.dll

2015-05-23 15:02 - 2015-05-23 15:02 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2015-03-31 09:39 - 2015-05-01 09:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-05-24 18:51 - 2015-05-24 18:51 - 00140800 _____ () C:\Users\Magdalena\AppData\Roaming\qtplwnuo\encecal.dll

2015-05-24 11:10 - 2015-05-13 09:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll

2015-05-24 11:10 - 2015-05-13 09:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Microsoft:bTMZBLdJ6XABRH73L9XuOo

AlternateDataStreams: C:\ProgramData\Microsoft:qUWuhKSq2pT12qMNb71ACL

AlternateDataStreams: C:\Users\Magdalena\Cookies:mpAFpXNDVtWEc1XVj

 

==================== Safe Mode (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Magdalena\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 68.105.28.11 - 68.105.29.11

 

==================== MSCONFIG/TASK MANAGER Error getting ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^Magdalena^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wipe Tray Agent.lnk => C:\Windows\pss\Wipe Tray Agent.lnk.Startup

MSCONFIG\startupreg:  Maintance => "C:\Program Files\\net1.exe" windowsStartup

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeBridge => 

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: CCleaner => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

MSCONFIG\startupreg: GoogleChromeAutoLaunch_7BB9E891F64FB399A3F50F83C932C2A1 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

MSCONFIG\startupreg: iTunesHelper => "E:\Music\iTunesHelper.exe"

MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MSCONFIG\startupreg: Wipe Maintance => "C:\Program Files\Wipe\net1.exe" windowsStartup

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{C82A79DA-481C-40EB-A69B-E7EDEBEB966A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{EC2B08B8-CC3C-4B60-B7D9-600DDB93C543}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{F53E335F-0636-4800-AAE5-C84744950531}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{C6A1D412-A962-421A-9E95-1BC2B84C386E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{9209A426-9038-4346-9956-B20700EE06D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{644FB8B6-E689-4A8E-AA54-0244E46AD873}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{519E49C9-172A-45D9-8A5A-19D2ABD8C1EA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{3089DDD3-2E46-496E-9A39-99D8A55B0B30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{98A8726E-78CF-4267-A081-52D207000B8C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{1B8E9076-9A17-47F7-B268-1198810C2C0E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{C3E29F12-9C34-4B93-9DA0-1462343C9C4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{88C7BFAF-6722-4045-9FDC-D43CFF48A855}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{D917912A-B03F-494B-A002-4BDB1A489F7B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{5B04F8B4-2ED8-48F1-BFB1-F70341A706BD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{E9A003AC-A1F9-4150-AA0D-99F60AE4C8D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{79B4302A-7886-4377-A487-F1858CF323D8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{B3115297-94D8-4B16-9E3B-05A7D8A6EBF0}] => (Allow) E:\GameLibrary\Dragon Age II\bin_ship\DragonAge2.exe

FirewallRules: [{0C0DF26E-B7B5-45EC-AB8B-26622553005C}] => (Allow) E:\GameLibrary\Dragon Age II\bin_ship\DragonAge2.exe

FirewallRules: [{868B003C-E65F-4135-83A7-21F7893AB3E3}] => (Allow) C:\Users\Magdalena\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{2296422B-41E0-4CFE-9404-CF1DC3D88A31}] => (Allow) C:\Users\Magdalena\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{20DE4AFD-3AC2-4814-9C02-51A36B785846}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{70D1C7BC-C0F7-4CCA-89E2-36975421349D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{83F18641-4B6F-415A-B2B9-62708055BBAE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [uDP Query User{40065989-1B35-425B-B5CE-A32DF4E30305}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [{D8BF83AE-4CAC-47C1-98C4-076B9A676883}] => (Allow) E:\Music\iTunes.exe

FirewallRules: [{C832B0B8-3F75-42CC-A9F9-715132883D4E}] => (Allow) E:\GameLibrary\SteamApps\common\DarkestDungeon\_windows\Darkest.exe

FirewallRules: [{7DD1B3BF-4878-4AA2-9C99-D1C87A6531CE}] => (Allow) E:\GameLibrary\SteamApps\common\DarkestDungeon\_windows\Darkest.exe

FirewallRules: [{73C96D13-356A-4CFA-B285-AB9F2364530D}] => (Allow) E:\GameLibrary\SteamApps\common\dont_starve\bin\dontstarve_steam.exe

FirewallRules: [{222C424B-8A2B-4FCE-83DB-BB7B5FF4B117}] => (Allow) E:\GameLibrary\SteamApps\common\dont_starve\bin\dontstarve_steam.exe

FirewallRules: [{1DE7B7BD-8CCA-42B1-A237-422AB347D0DC}] => (Allow) E:\GameLibrary\SteamApps\common\Banished\Application-steam-x64.exe

FirewallRules: [{146A2A0A-C699-4B00-97E1-E1B92F3544F5}] => (Allow) E:\GameLibrary\SteamApps\common\Banished\Application-steam-x64.exe

FirewallRules: [{B831D1D4-892F-4FF6-B83C-E7E9DD0B90EB}] => (Allow) E:\GameLibrary\SteamApps\common\Wild Season\Wild Season.exe

FirewallRules: [{BA786E17-26CB-4D92-B0E5-69BB26A8469C}] => (Allow) E:\GameLibrary\SteamApps\common\Wild Season\Wild Season.exe

FirewallRules: [{C429D127-1F32-4915-A513-DBC8DFDEF68F}] => (Allow) E:\GameLibrary\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe

FirewallRules: [{1DAA8192-CF35-4949-94E1-5073257F2D87}] => (Allow) E:\GameLibrary\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe

FirewallRules: [{961B0D6A-B523-4FB9-A1A9-065F89153FF0}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{B197F46F-F66F-4AC9-A1A6-4D7665DA37C2}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{6B1A657D-B2EF-475F-B096-549280F9BB39}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: System Interrupt Controller

Description: System Interrupt Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Performance Counters

Description: Performance Counters

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: 

Description: 

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Performance Counters

Description: Performance Counters

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: SM Bus Controller

Description: SM Bus Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Network Controller

Description: Network Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Performance Counters

Description: Performance Counters

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: BCM20702A0

Description: BCM20702A0

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: PCI Simple Communications Controller

Description: PCI Simple Communications Controller

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Base System Device

Description: Base System Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/24/2015 07:14:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

.

 

Error: (05/24/2015 07:04:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

.

 

Error: (05/24/2015 07:04:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

.

 

Error: (05/24/2015 07:03:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

.

 

Error: (05/24/2015 07:00:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

.

 

Error: (05/24/2015 07:00:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

.

 

Error: (05/24/2015 06:40:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/24/2015 06:37:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/24/2015 06:32:21 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/24/2015 06:30:15 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (05/24/2015 06:37:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (05/24/2015 06:37:35 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

 

Error: (05/24/2015 06:37:35 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

 

Error: (05/24/2015 06:35:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (05/24/2015 06:35:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (05/24/2015 06:35:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (05/24/2015 06:35:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (05/24/2015 06:35:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (05/24/2015 06:35:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

Error: (05/24/2015 06:35:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 

%%1068

 

 

Microsoft Office:

=========================

Error: (05/24/2015 07:14:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

 

Error: (05/24/2015 07:04:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

 

Error: (05/24/2015 07:04:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

 

Error: (05/24/2015 07:03:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

 

Error: (05/24/2015 07:00:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

 

Error: (05/24/2015 07:00:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

 

System Error:

The system cannot find the file specified.

 

Error: (05/24/2015 06:40:32 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/24/2015 06:37:23 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/24/2015 06:32:21 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/24/2015 06:30:15 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-4820K CPU @ 3.70GHz

Percentage of memory in use: 18%

Total physical RAM: 16322.91 MB

Available physical RAM: 13236.48 MB

Total Pagefile: 32644.02 MB

Available Pagefile: 29324.3 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:111.57 GB) (Free:31.14 GB) NTFS

Drive e: (PUT stuff HERE) (Fixed) (Total:931.29 GB) (Free:598.09 GB) NTFS

Drive f: (Garrus) (Fixed) (Total:1863.01 GB) (Free:513.05 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (Size: 1863 GB) (Disk ID: 48A91415)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

 

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End of log ============================

Link to post
Share on other sites

Helllo,

My name is Argus and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not be able to help you if you do not follow my instructions.




warning.gif Rules and policies

We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

 

 

****************************************************************************************************************************************************

 

 

 

FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
 

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

 

 

 

************************************************************************************************************************************************

 

 

 

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
 

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;bitsadmin /reset /allusers;bipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01

Ran by Magdalena at 2015-05-24 21:11:49 Run:1

Running from C:\Users\Magdalena\Downloads

Loaded Profiles: Magdalena (Available Profiles: Magdalena)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Closeprocesses:

Emptytemp:

Task: {4647FE9A-AAE5-4223-8CD2-B37CF4B5B8BE} - \SMW_UpdateTask_Time_3535303538353239322d2337785a326c5b3234342d41 No Task File <==== ATTENTION

Task: {65923B4B-EA54-45EB-809C-D2325308386F} - \{032B8763-8B28-43CA-8A6E-8B42DC3AC218} No Task File <==== ATTENTION

Task: {948A0571-B8B5-416B-9F2B-BB4FCDFD3B6F} - \avabvbxvh No Task File <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Microsoft:bTMZBLdJ6XABRH73L9XuOo

AlternateDataStreams: C:\ProgramData\Microsoft:qUWuhKSq2pT12qMNb71ACL

AlternateDataStreams: C:\Users\Magdalena\Cookies:mpAFpXNDVtWEc1XVj

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\...\MountPoints2: {eff86758-e655-11e4-89cd-10c37b9b9922} - H:\VZW_Software_upgrade_assistant.exe

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-363754102-1980314354-4055774757-1000 -> {3FCDBC62-9296-4003-992A-B62AA03D224B} URL = https://www.google.c...q={searchTerms}

C:\ProgramData\e17Rxb.dat

Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

CMD: ipconfig /flushdns

CMD: bitsadmin /reset /allusers

 

*****************

 

Processes closed successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4647FE9A-AAE5-4223-8CD2-B37CF4B5B8BE}" => key Removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4647FE9A-AAE5-4223-8CD2-B37CF4B5B8BE}" => key Removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3535303538353239322d2337785a326c5b3234342d41" => key Removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65923B4B-EA54-45EB-809C-D2325308386F}" => key Removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65923B4B-EA54-45EB-809C-D2325308386F}" => key Removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{032B8763-8B28-43CA-8A6E-8B42DC3AC218}" => key Removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{948A0571-B8B5-416B-9F2B-BB4FCDFD3B6F}" => key Removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{948A0571-B8B5-416B-9F2B-BB4FCDFD3B6F}" => key Removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbxvh" => key Removed successfully

C:\ProgramData\Microsoft => ":bTMZBLdJ6XABRH73L9XuOo" ADS Removed successfully.

C:\ProgramData\Microsoft => ":qUWuhKSq2pT12qMNb71ACL" ADS Removed successfully.

"C:\Users\Magdalena\Cookies" => ":mpAFpXNDVtWEc1XVj" ADS not found.

"HKU\S-1-5-21-363754102-1980314354-4055774757-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eff86758-e655-11e4-89cd-10c37b9b9922}" => key Removed successfully

HKCR\CLSID\{eff86758-e655-11e4-89cd-10c37b9b9922} => key not found. 

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully

"HKU\S-1-5-21-363754102-1980314354-4055774757-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully

HKU\S-1-5-21-363754102-1980314354-4055774757-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully

"HKU\S-1-5-21-363754102-1980314354-4055774757-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3FCDBC62-9296-4003-992A-B62AA03D224B}" => key Removed successfully

HKCR\CLSID\{3FCDBC62-9296-4003-992A-B62AA03D224B} => key not found. 

C:\ProgramData\e17Rxb.dat => Moved successfully.

 

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

 

The operation completed successfully.

 

 

 

========= End of Reg: =========

 

 

=========  ipconfig /flushdns =========

 

 

Windows IP Configuration

 

Successfully flushed the DNS Resolver Cache.

 

========= End of CMD: =========

 

 

=========  bitsadmin /reset /allusers =========

 

 

BITSADMIN version 3.0 [ 7.5.7601 ]

BITS administration utility.

© Copyright 2000-2006 Microsoft Corp.

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

 

{C0A1DB99-25D9-47B4-9550-16792C998F8B} canceled.

{0D7878C2-C322-4380-AB21-24F4599140FA} canceled.

2 out of 2 jobs canceled.

 

========= End of CMD: =========

 

EmptyTemp: => Removed 295.7 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 21:12:01 ====

Link to post
Share on other sites

Sorry that took took, like, forever to finish running. Here's the log. I think I disabled everything correctly. 

 

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Magdalena on Sun 05/24/2015 at 21:20:25.31.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Magdalena\Downloads\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
5/24/2015 9:20:55 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Program Files\HitmanPro deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\Users\Magdalena\AppData\Roaming\SenseIUpdater deleted successfully
C:\Users\Magdalena\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\Magdalena\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\Users\Magdalena\AppData\Roaming\bvplsdcp deleted
C:\Users\Magdalena\AppData\Roaming\igvszcwr deleted
C:\Users\Magdalena\AppData\Roaming\pcjxphjl deleted
C:\Users\Magdalena\AppData\Roaming\shyyzuuj deleted
C:\Users\Magdalena\AppData\Roaming\zzhdambt deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Magdalena\AppData\Local\Installer deleted
C:\Users\Magdalena\AppData\Local\CrashRpt deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Magdalena\AppData\Local\WinRarSetup.exe deleted
"C:\Windows\Installer\27d540.msi" deleted
"C:\Users\Magdalena\AppData\Roaming\5zrHPxscw05fH3oGiy2PXP" deleted
"C:\Users\Magdalena\AppData\Roaming\iU01t8z7HcnhJzJ" deleted
"C:\Users\Magdalena\AppData\Roaming\qtplwnuo\encecal.dll" deleted
"C:\Users\Magdalena\AppData\Roaming\qtplwnuo" not deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\MAGDAL~1\AppData\Roaming\Mozilla\Firefox\Profiles\oc2ttgjj.default
user_pref("browser.startup.homepage", "https://www.google.com");
user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006");
user_pref("browser.search.defaultengine", "Google (avast)");
user_pref("browser.search.defaultenginename", "Google (avast)");
user_pref("browser.search.defaultenginename.US", "Google (avast)");
user_pref("browser.search.selectedEngine", "Google (avast)");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [05/23/2015 03:02 PM]
 
==== Firefox Extensions ======================
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Magdalena\AppData\Roaming\Mozilla\Firefox\Profiles\oc2ttgjj.default
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
 
 
==== Chromium Look ======================
 
Google Chrome Version: 43.0.2357.65
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[05/23/2015 03:02 PM]
 
Bookmark Manager - Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Chrome Hotword Shared Module - Magdalena\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{5FF872D5-4429-402A-A01E-F8EEC0B0B1B1} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Maintance deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RESTART_STICKY_NOTES deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wipe Maintance deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7R7LW30W will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0VMAZRG will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVXQL6ND will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M55NF5LP will be deleted at reboot
C:\Users\Magdalena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Magdalena\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=35 folders=63 24799439 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Magdalena\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\MAGDAL~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Magdalena\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Magdalena\AppData\Roaming\qtplwnuo"  not found
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7R7LW30W" not deleted
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J0VMAZRG" not deleted
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KVXQL6ND" not deleted
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M55NF5LP" not deleted
 
==== EOF on Sun 05/24/2015 at 21:36:00.21 ======================
Link to post
Share on other sites

Hmmm, hard to say. It hasn't popped up yet, though. But it'll usually like.... go away for an hour and then be back. As of right now though it's not running that stupid fricking process anymore. Should I just assume it's fixed for now and then post here again if it comes back?

Link to post
Share on other sites

C:\Users\Magdalena\AppData\Roaming\bvplsdcp deleted
C:\Users\Magdalena\AppData\Roaming\igvszcwr deleted
C:\Users\Magdalena\AppData\Roaming\pcjxphjl deleted
C:\Users\Magdalena\AppData\Roaming\shyyzuuj deleted
C:\Users\Magdalena\AppData\Roaming\zzhdambt deleted
C:\Users\Magdalena\AppData\Local\Installer deleted
C:\Users\Magdalena\AppData\Local\CrashRpt deleted
C:\Users\Magdalena\AppData\Local\WinRarSetup.exe deleted
"C:\Users\Magdalena\AppData\Roaming\5zrHPxscw05fH3oGiy2PXP" deleted
"C:\Users\Magdalena\AppData\Roaming\iU01t8z7HcnhJzJ" deleted
"C:\Users\Magdalena\AppData\Roaming\qtplwnuo\encecal.dll" deleted

 

 

 

 

I think it is ok.

 

Download and install Adblock Plus

https://adblockplus.org/

 

Internet Exlplorer is ok now.

 

 

 

The following will implement some post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

 

 

 

 

 

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme  

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide  Best security practicesKeep safe

 

 

 

 

If the problem comes back, I will be at your service again.

But I think the problem is now solved.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.