Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google search: three more result than normal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google search: three more result than normal

Unread postby megatonante » June 2nd, 2016, 5:19 pm

This is my topic that has been previously closed, where I stated the issue: viewtopic.php?f=11&t=64539&p=651205#p651205
I should have cleared anything now.
I will redo and reattach the scans.
You do not have the required permissions to view the files attached to this post.
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am
Advertisement
Register to Remove

Re: Google search: three more result than normal

Unread postby mAL_rEm018 » June 3rd, 2016, 12:55 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.


Hello megatonante,

Welcome to Malware Removal! My name is mAL_rEm018, but feel free to call me mAL. I will be helping you with your malware related problems :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.

To make sure everything goes smoothly, I would like you to observe the following rules:
  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread. Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum. Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

Thank you for removing the cracked software. Now let's get to work.. :)

Backup your registry using TCRB
  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Next..

Adwcleaner
  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open. Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point

I need you to run a search using FRST..
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble performing any of the steps?
  • AdwCleaner Log
  • Search.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google search: three more result than normal

Unread postby megatonante » June 3rd, 2016, 2:11 am

Hello mAL. Thank you.


AdwCleaner log:

# AdwCleaner v5.119 - File di log creato 03/06/2016 a 07:56:24
# Aggiornato 30/05/2016 by Xplode
# Database : 2016-05-30.3 [Server]
# Sistema Operativo : Windows 10 Home (X64)
# Nome utente : cloud - DESKTOP-BSRKKPM
# In esecuzione da : C:\Users\cloud\Downloads\AdwCleaner.exe
# Opzione : Scansione
# Supporto : http://toolslib.net/forum

***** [ Servizi ] *****


***** [ Cartelle ] *****

Cartella Trovato : C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao

***** [ File ] *****

File Trovato : C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage
File Trovato : C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage-journal

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Collegamenti ] *****


***** [ Attività pianificate ] *****


***** [ Registro ] *****

Chiave Trovato : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}

***** [ Browser Web ] *****

[C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Trovato : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Trovato : ehoopddfhgaehhmphfcooacjdpmbjlao
[C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Trovato : flpcjncodpafbgdpnkljologafpionhb

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [1627 bytes] - [03/06/2016 07:56:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1700 bytes] ##########



Search.txt:

Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by cloud (2016-06-03 08:05:02)
Running from C:\Users\cloud\Downloads
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{d6519d77-1cdf-30a5-812e-d88fb4798a29}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "SweetIM" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]

[HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]

[HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]


===================== Search result for "SweetPacks" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]

[HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]

[HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]

===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Trolltech]

====== End of Search ======
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Google search: three more result than normal

Unread postby mAL_rEm018 » June 3rd, 2016, 7:34 am

Hello megatonante,

Your host file is blocking access to the McAfee website. Is your copy of McAfee cracked? If it is I expect you to remove it before we proceed.
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google search: three more result than normal

Unread postby megatonante » June 3rd, 2016, 7:54 am

mAL_rEm018 wrote:Hello megatonante,

Your host file is blocking access to the McAfee website. Is your copy of McAfee cracked? If it is I expect you to remove it before we proceed.


I don't remember it being cracked.

I removed it just in case.
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Google search: three more result than normal

Unread postby mAL_rEm018 » June 4th, 2016, 3:46 am

Hello megatonante,


Please answer the following questions..
  • Did you set your Internet Explorer's main page to about:blank?
  • I see some signs of "Remote Access Programs" on the computer, more specifically TeamSpeak and LogMeIn. However, LogMeIn does not appear in the uninstall list. Did you install them or are you aware that they are/were installed on your computer?

MSConfig should not be used to disable programs from running as a long term solution. Why did you disable the following programs?
==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\Run: => "Steam"



Please do the following..

  • Please open the Start menu.
  • Click on Settings and then System.
  • Select Apps & Features.
  • Locate and click on the following programs:
    • IObit Uninstaller
    • Spybot - Search & Destroy
    • SUPERAntiSpyware
  • Select uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
    Note: you can only remove one program at a time.


Next..


Adwcleaner
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Cleaning.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open. Please copy/paste the contents in your next reply.


I need to see a fresh FRST log..


  • Right-click on FRST64.exe and select Run as administrator.
  • Ensure that Addition.txt is checked.
  • Select Scan.
  • When the scan is over two windows will open, FRST.txt and Addition.txt.
  • Please post the contents of both logs in your next reply.



-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble performing any of the steps?
  • Answer to my questions?
  • AdwCleaner log.
  • FRST.txt
  • Addition.txt

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google search: three more result than normal

Unread postby megatonante » June 4th, 2016, 5:49 am

Hello mAL.

Yes, my Internet Explorer home page is about:blank. However, the issue I stated in the first topic appears only in Google Chrome. I may have completely forgot about adding this to the open post, I'm sorry.

I did some more testing too, and clicking to those links, not only "twenga" appears in the address bar, but "kelkoo" too and another name that I don't remember.

Yes, TeamSpeak and LogMeIn were installed on the computer and I knew about them. LogMeIn should be a subprogram or a sideprogram of something called "Hamachi", a program my brother used months ago on my computer.


I blocked those programs with CCcleaner if I remember correctly. I did this many months ago, because I wanted to have a clean computer start, without having programs I didn't use, that could burden my weak computer.



This the Adwcleaner log:

# AdwCleaner v5.119 - File di log creato 04/06/2016 a 11:37:04
# Aggiornato 30/05/2016 by Xplode
# Database : 2016-06-03.1 [Server]
# Sistema Operativo : Windows 10 Home (X64)
# Nome utente : cloud - DESKTOP-BSRKKPM
# In esecuzione da : C:\Users\cloud\Downloads\AdwCleaner.exe
# Opzione : Pulizia
# Supporto : http://toolslib.net/forum

***** [ Servizi ] *****


***** [ Cartelle ] *****

[-] Cartella Eliminato : C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao

***** [ File ] *****

[-] File Eliminato : C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage
[-] File Eliminato : C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehoopddfhgaehhmphfcooacjdpmbjlao_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Collegamenti ] *****


***** [ Attività pianificate ] *****


***** [ Registro ] *****


***** [ Browser Web ] *****

[-] [C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : delta-search.com
[-] [C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Eliminato : yahoo.com
[-] [C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : ehoopddfhgaehhmphfcooacjdpmbjlao
[-] [C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Eliminato : flpcjncodpafbgdpnkljologafpionhb

*************************

:: Chiavi "Tracing" eliminate
:: Impostazioni Winsock resettate

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1886 bytes] - [04/06/2016 11:37:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [1779 bytes] - [03/06/2016 07:56:24]
C:\AdwCleaner\AdwCleaner[S2].txt - [1967 bytes] - [04/06/2016 11:34:41]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2105 bytes] ##########





FRST scan:


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2016
Ran by cloud (administrator) on DESKTOP-BSRKKPM (04-06-2016 11:42:10)
Running from C:\Users\cloud\Downloads
Loaded Profiles: cloud (Available Profiles: cloud & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-08-13] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3935912 2015-08-13] (Synaptics Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23745808 2016-05-07] (Dropbox, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\RunOnce: [Uninstall C:\Users\cloud\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\cloud\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-05-07] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4c58c791-1465-4cc0-a3ad-7a8659a61c9e}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-347070757-4124586549-2319610994-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =

FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/ncr
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1446137570&z=fecaf3bacc6610fcd9b71aegezfz0qeg3c9m6m6z9t&from=cor&uid=SamsungXSSDX840XSeries_S14ENEACB30221X"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Presentazioni Google) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-13]
CHR Extension: (Documenti Google) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-13]
CHR Extension: (Google Drive) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-02]
CHR Extension: (NoCountryRedirect (NCR)) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciboebddidackjicoeoiigdnbmchkdll [2016-03-11]
CHR Extension: (Google Search) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Search by Image (by Google)) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-08-13]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2016-06-04]
CHR Extension: (Fogli Google) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-13]
CHR Extension: (Falcon Proxy) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\gchhimlnjdafdlkojbffdkogjhhkdepf [2015-12-24]
CHR Extension: (Google Documenti offline) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-08-13]
CHR Extension: (Mibbit webchat) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbadbkkklnhamjjeagmknajgmbgcmnpi [2015-08-13]
CHR Extension: (Imgur Uploader) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmpmjpekinnebjgnakcahjikbomnmlb [2016-05-24]
CHR Extension: (Image Search Options) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\kljmejbpilkadikecejccebmccagifhl [2016-03-03]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2016-05-20]
CHR Extension: (Pagamenti Chrome Web Store) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Simple EPUB Reader) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2015-09-28]
CHR Extension: (Gmail) - C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-13] (Dropbox, Inc.)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-27] (IObit)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-13] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-08-13] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-13] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 11:42 - 2016-06-04 11:42 - 00013922 _____ C:\Users\cloud\Downloads\FRST.txt
2016-06-04 11:42 - 2016-06-04 11:42 - 00000000 ____D C:\Users\cloud\Downloads\FRST-OlderVersion
2016-06-04 11:41 - 2016-06-04 11:41 - 00002187 _____ C:\Users\cloud\Desktop\AdwCleaner[C1].txt
2016-06-04 11:23 - 2016-06-04 11:23 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-06-03 08:05 - 2016-06-03 08:05 - 00005531 _____ C:\Users\cloud\Downloads\Search.txt
2016-06-03 07:56 - 2016-06-04 11:37 - 00000000 ____D C:\AdwCleaner
2016-06-03 07:55 - 2016-06-03 07:55 - 03677248 _____ C:\Users\cloud\Downloads\AdwCleaner.exe
2016-06-03 07:55 - 2016-06-03 07:55 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DESKTOP-BSRKKPM-Windows-10-Home-(64-bit).dat
2016-06-03 07:55 - 2016-06-03 07:55 - 00000000 ____D C:\RegBackup
2016-06-03 07:54 - 2016-06-03 07:54 - 05523840 _____ (Tweaking.com) C:\Users\cloud\Downloads\tweaking.com_registry_backup_setup.exe
2016-06-03 07:54 - 2016-06-03 07:54 - 00018121 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-06-03 07:54 - 2016-06-03 07:54 - 00002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-06-03 07:54 - 2016-06-03 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-06-03 07:54 - 2016-06-03 07:54 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Users\cloud\AppData\Roaming\ProductData
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Users\cloud\AppData\Roaming\IObit
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Users\cloud\AppData\LocalLow\IObit
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\ProgramData\ProductData
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\ProgramData\IObit
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Program Files (x86)\IObit
2016-06-02 23:02 - 2016-06-02 23:02 - 13361952 _____ (IObit) C:\Users\cloud\Downloads\iobituninstaller.exe
2016-06-02 22:57 - 2016-06-02 23:19 - 00001015 _____ C:\Users\cloud\Desktop\windowsscripthost.txt
2016-06-01 23:43 - 2016-06-01 23:43 - 00037717 _____ C:\Users\cloud\Downloads\anomalisa_english-1296091.zip
2016-06-01 23:43 - 2016-03-16 11:45 - 00105937 ____N C:\Users\cloud\Downloads\Anomalisa.2015.720p.WEB-DL.DD5.1.H264-RARBG.srt
2016-06-01 13:55 - 2016-06-01 13:55 - 00468480 _____ () C:\Users\cloud\Desktop\CKScanner.exe
2016-05-31 17:52 - 2016-06-04 11:42 - 00000000 ____D C:\FRST
2016-05-31 17:51 - 2016-06-04 11:42 - 02384384 _____ (Farbar) C:\Users\cloud\Downloads\FRST64.exe
2016-05-30 22:27 - 2016-06-04 11:39 - 00001186 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-30 22:27 - 2016-06-04 11:37 - 00001190 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-30 22:27 - 2016-05-30 22:32 - 00004248 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-30 22:27 - 2016-05-30 22:32 - 00004016 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-30 22:27 - 2016-05-30 22:27 - 00002342 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-30 22:27 - 2016-05-30 22:27 - 00002330 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-30 22:26 - 2016-05-30 22:27 - 00987728 _____ (Google Inc.) C:\Users\cloud\Downloads\ChromeSetup (1).exe
2016-05-30 21:22 - 2016-03-13 11:06 - 00451294 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160530-212245.backup
2016-05-29 21:09 - 2016-05-29 21:10 - 342270377 _____ C:\Users\cloud\Downloads\[HorribleSubs] Kiznaiver - 08 [720p].mkv
2016-05-29 12:10 - 2016-05-29 12:11 - 468821363 _____ C:\Users\cloud\Downloads\[HorribleSubs] Boku no Hero Academia - 09 [720p].mkv
2016-05-28 10:04 - 2016-05-28 10:06 - 368102666 _____ C:\Users\cloud\Downloads\[HorribleSubs] Kabaneri of the Iron Fortress - 07 [720p].mkv
2016-05-28 10:03 - 2016-05-28 10:06 - 338543988 _____ C:\Users\cloud\Downloads\[HorribleSubs] JoJo's Bizarre Adventure - Diamond is Unbreakable - 09 [720p].mkv
2016-05-28 10:03 - 2016-05-28 10:04 - 112910940 _____ C:\Users\cloud\Downloads\[HorribleSubs] Space Patrol Luluco - 09 [720p].mkv
2016-05-26 21:30 - 2016-05-26 21:32 - 00000000 ____D C:\Users\cloud\Downloads\Wayward.Pines.S02E01.HDTV.x264-KILLERS[rarbg]
2016-05-25 15:46 - 2016-05-25 15:46 - 00000000 ____D C:\Users\cloud\Downloads\QtCrawler-master
2016-05-25 15:41 - 2016-05-25 15:41 - 00002929 _____ C:\Users\cloud\Downloads\QtCrawler-master.zip
2016-05-24 22:59 - 2016-05-24 23:04 - 905310268 _____ C:\Users\cloud\Downloads\Anomalisa.2015.720p.WEB-DL.H264-AAC- 850MB - MAX.mkv
2016-05-23 08:17 - 2016-05-23 08:19 - 351856248 _____ C:\Users\cloud\Downloads\[HorribleSubs] Re Zero kara Hajimeru Isekai Seikatsu - 08 [720p].mkv
2016-05-22 19:19 - 2016-05-22 19:21 - 471652829 _____ C:\Users\cloud\Downloads\[HorribleSubs] Boku no Hero Academia - 08 [720p].mkv
2016-05-21 17:58 - 2016-05-21 18:00 - 342198204 _____ C:\Users\cloud\Downloads\[HorribleSubs] Kiznaiver - 07 [720p].mkv
2016-05-20 22:25 - 2016-05-20 23:31 - 00000000 ____D C:\Users\cloud\Downloads\American.Psycho.2000.1080p.BRRip.x264.AAC-m2g
2016-05-20 22:22 - 2016-05-20 22:33 - 338309548 _____ C:\Users\cloud\Downloads\[HorribleSubs] JoJo's Bizarre Adventure - Diamond is Unbreakable - 08 [720p].mkv
2016-05-20 17:10 - 2016-05-20 17:12 - 112276207 _____ C:\Users\cloud\Downloads\[HorribleSubs] Space Patrol Luluco - 08 [720p].mkv
2016-05-20 08:55 - 2016-05-20 17:13 - 438171077 _____ C:\Users\cloud\Downloads\[HorribleSubs] Kabaneri of the Iron Fortress - 06 [720p].mkv
2016-05-20 08:21 - 2016-05-20 08:21 - 00177253 _____ C:\Users\cloud\Documents\_adv_ - Help _adv_, I'm really anxious in this period. I' - Advice - 4chan.html
2016-05-18 22:40 - 2016-05-20 08:21 - 00000000 ____D C:\Users\cloud\Documents\_adv_ - Help _adv_, I'm really anxious in this period. I' - Advice - 4chan_files
2016-05-18 18:40 - 2016-05-18 18:40 - 00001491 _____ C:\Users\cloud\AppData\Local\recently-used.xbel
2016-05-17 15:57 - 2016-05-17 15:57 - 00441900 _____ C:\Users\cloud\Documents\MAV_330B1C740FDC1D76E0538CE1CC897AA3.pdf
2016-05-16 12:41 - 2016-05-16 12:44 - 351659904 _____ C:\Users\cloud\Downloads\[HorribleSubs] Re Zero kara Hajimeru Isekai Seikatsu - 05 [720p].mkv
2016-05-16 12:41 - 2016-05-16 12:43 - 351999448 _____ C:\Users\cloud\Downloads\[HorribleSubs] Re Zero kara Hajimeru Isekai Seikatsu - 06 [720p].mkv
2016-05-16 12:41 - 2016-05-16 12:43 - 351087811 _____ C:\Users\cloud\Downloads\[HorribleSubs] Re Zero kara Hajimeru Isekai Seikatsu - 07 [720p].mkv
2016-05-16 12:41 - 2016-05-16 12:42 - 351732316 _____ C:\Users\cloud\Downloads\[HorribleSubs] Re Zero kara Hajimeru Isekai Seikatsu - 04 [720p].mkv
2016-05-16 08:32 - 2016-05-29 14:24 - 00000000 ____D C:\Users\cloud\Downloads\10 Cloverfield Lane 2016 1080p HDRip x264 AAC-JYK
2016-05-15 16:35 - 2016-05-15 16:35 - 112472037 _____ C:\Users\cloud\Downloads\[HorribleSubs] Space Patrol Luluco - 07 [720p].mkv
2016-05-15 12:56 - 2016-05-15 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-05-11 17:13 - 2016-04-23 06:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 17:13 - 2016-04-23 06:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 17:13 - 2016-04-23 06:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 17:13 - 2016-04-23 06:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 17:13 - 2016-04-23 06:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 17:13 - 2016-04-23 06:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 17:13 - 2016-04-23 06:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 17:13 - 2016-04-23 06:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 17:13 - 2016-04-23 06:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 17:13 - 2016-04-23 06:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 17:13 - 2016-04-23 06:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 17:13 - 2016-04-23 06:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 17:13 - 2016-04-23 06:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 17:13 - 2016-04-23 06:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 17:13 - 2016-04-23 06:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 17:13 - 2016-04-23 06:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 17:13 - 2016-04-23 06:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 17:13 - 2016-04-23 06:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 17:13 - 2016-04-23 06:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 17:13 - 2016-04-23 06:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 17:13 - 2016-04-23 06:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 17:13 - 2016-04-23 06:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 17:13 - 2016-04-23 06:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 17:13 - 2016-04-23 06:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 17:13 - 2016-04-23 06:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 17:12 - 2016-05-06 06:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 17:12 - 2016-05-06 06:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 17:12 - 2016-05-06 05:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 17:12 - 2016-05-06 05:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 17:12 - 2016-05-06 05:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 17:12 - 2016-05-06 05:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 17:12 - 2016-04-30 08:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 17:12 - 2016-04-30 08:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 17:12 - 2016-04-23 08:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 17:12 - 2016-04-23 08:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 17:12 - 2016-04-23 08:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 17:12 - 2016-04-23 08:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 17:12 - 2016-04-23 08:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 17:12 - 2016-04-23 08:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 17:12 - 2016-04-23 08:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 17:12 - 2016-04-23 08:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 17:12 - 2016-04-23 07:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 17:12 - 2016-04-23 07:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 17:12 - 2016-04-23 07:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 17:12 - 2016-04-23 07:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 17:12 - 2016-04-23 07:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 17:12 - 2016-04-23 07:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 17:12 - 2016-04-23 07:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 17:12 - 2016-04-23 07:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 17:12 - 2016-04-23 07:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 17:12 - 2016-04-23 07:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 17:12 - 2016-04-23 07:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 17:12 - 2016-04-23 07:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 17:12 - 2016-04-23 07:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 17:12 - 2016-04-23 07:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 17:12 - 2016-04-23 07:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 17:12 - 2016-04-23 07:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 17:12 - 2016-04-23 07:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 17:12 - 2016-04-23 07:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 17:12 - 2016-04-23 07:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 17:12 - 2016-04-23 07:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 17:12 - 2016-04-23 07:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 17:12 - 2016-04-23 07:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 17:12 - 2016-04-23 07:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 17:12 - 2016-04-23 07:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 17:12 - 2016-04-23 07:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 17:12 - 2016-04-23 07:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 17:12 - 2016-04-23 07:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 17:12 - 2016-04-23 07:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 17:12 - 2016-04-23 07:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 17:12 - 2016-04-23 07:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 17:12 - 2016-04-23 07:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 17:12 - 2016-04-23 07:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 17:12 - 2016-04-23 07:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 17:12 - 2016-04-23 07:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 17:12 - 2016-04-23 07:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 17:12 - 2016-04-23 07:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 17:12 - 2016-04-23 07:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 17:12 - 2016-04-23 07:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 17:12 - 2016-04-23 07:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 17:12 - 2016-04-23 07:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 17:12 - 2016-04-23 07:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 17:12 - 2016-04-23 07:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 17:12 - 2016-04-23 07:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 17:12 - 2016-04-23 07:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 17:12 - 2016-04-23 07:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 17:12 - 2016-04-23 07:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 17:12 - 2016-04-23 07:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 17:12 - 2016-04-23 07:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 17:12 - 2016-04-23 07:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 17:12 - 2016-04-23 07:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 17:12 - 2016-04-23 07:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 17:12 - 2016-04-23 07:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 17:12 - 2016-04-23 07:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 17:12 - 2016-04-23 07:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 17:12 - 2016-04-23 06:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 17:12 - 2016-04-23 06:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 17:12 - 2016-04-23 06:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 17:12 - 2016-04-23 06:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 17:12 - 2016-04-23 06:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 17:12 - 2016-04-23 06:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 17:12 - 2016-04-23 06:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 17:12 - 2016-04-23 06:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 17:12 - 2016-04-23 06:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 17:12 - 2016-04-23 06:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 17:12 - 2016-04-23 06:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 17:12 - 2016-04-23 06:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 17:12 - 2016-04-23 06:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 17:12 - 2016-04-23 06:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 17:12 - 2016-04-23 06:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 17:12 - 2016-04-23 06:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 17:12 - 2016-04-23 06:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 17:12 - 2016-04-23 06:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 17:12 - 2016-04-23 06:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 17:12 - 2016-04-23 06:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 17:12 - 2016-04-23 06:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 17:12 - 2016-04-23 06:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 17:12 - 2016-04-23 06:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 17:12 - 2016-04-23 06:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 17:12 - 2016-04-23 06:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 17:12 - 2016-04-23 06:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 17:12 - 2016-04-23 06:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 17:12 - 2016-04-23 06:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 17:12 - 2016-04-23 06:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 17:12 - 2016-04-23 06:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 17:12 - 2016-04-23 06:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 17:12 - 2016-04-23 06:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 17:12 - 2016-04-23 06:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 17:12 - 2016-04-23 06:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 17:12 - 2016-04-23 06:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 17:12 - 2016-04-23 06:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 17:12 - 2016-04-23 06:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 17:12 - 2016-04-23 06:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 17:12 - 2016-04-23 06:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 17:12 - 2016-04-23 06:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 17:12 - 2016-04-23 06:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 17:12 - 2016-04-23 06:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 17:12 - 2016-04-23 06:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 17:12 - 2016-04-23 06:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 17:12 - 2016-04-23 06:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 17:12 - 2016-04-23 06:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 17:12 - 2016-04-23 06:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 17:12 - 2016-04-23 06:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 17:12 - 2016-04-23 06:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 17:12 - 2016-04-23 06:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 17:12 - 2016-04-23 06:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 17:12 - 2016-04-23 06:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 17:12 - 2016-04-23 06:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 17:12 - 2016-04-23 06:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 17:12 - 2016-04-23 06:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 17:12 - 2016-04-23 06:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 17:12 - 2016-04-23 06:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 17:12 - 2016-04-23 06:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 17:12 - 2016-04-23 06:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 17:12 - 2016-04-23 06:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 17:12 - 2016-04-23 06:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 17:12 - 2016-04-23 06:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 17:12 - 2016-04-23 06:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 17:12 - 2016-04-23 06:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 17:12 - 2016-04-23 06:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 17:12 - 2016-04-23 06:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 17:12 - 2016-04-23 06:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 17:12 - 2016-04-23 06:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 17:12 - 2016-04-23 06:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 17:12 - 2016-04-23 06:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 17:12 - 2016-04-23 06:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 17:12 - 2016-04-23 06:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 17:12 - 2016-04-23 06:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 17:12 - 2016-04-23 06:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 17:12 - 2016-04-23 06:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 17:12 - 2016-04-23 06:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 17:12 - 2016-04-23 06:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 17:12 - 2016-04-23 06:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 17:12 - 2016-04-23 06:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 17:12 - 2016-04-23 06:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 17:12 - 2016-04-23 06:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 17:12 - 2016-04-23 06:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 17:12 - 2016-04-23 06:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 17:12 - 2016-04-23 06:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 17:12 - 2016-04-23 06:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 17:12 - 2016-04-23 06:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 17:12 - 2016-04-23 06:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 17:12 - 2016-04-23 05:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 17:12 - 2016-04-23 04:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 17:11 - 2016-05-06 06:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 17:11 - 2016-05-06 05:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 17:11 - 2016-04-23 07:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 17:11 - 2016-04-23 07:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 17:11 - 2016-04-23 07:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 17:11 - 2016-04-23 07:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 17:11 - 2016-04-23 07:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 17:11 - 2016-04-23 07:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 17:11 - 2016-04-23 07:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 17:11 - 2016-04-23 07:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 17:11 - 2016-04-23 06:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 17:11 - 2016-04-23 06:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 17:11 - 2016-04-23 06:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 17:11 - 2016-04-23 06:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 17:11 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 17:11 - 2016-04-23 06:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 17:11 - 2016-04-23 06:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 17:11 - 2016-04-23 06:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 17:11 - 2016-04-23 06:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 17:11 - 2016-04-23 06:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 17:11 - 2016-04-23 06:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 17:11 - 2016-04-23 06:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 17:11 - 2016-04-23 06:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 17:11 - 2016-04-23 06:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 17:11 - 2016-04-23 06:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 17:11 - 2016-04-23 06:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 17:11 - 2016-04-23 06:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 17:11 - 2016-04-23 06:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 17:11 - 2016-04-23 06:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 17:11 - 2016-04-23 06:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 17:11 - 2016-04-23 06:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 17:11 - 2016-04-23 06:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 17:11 - 2016-04-23 06:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 17:11 - 2016-04-23 06:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 17:11 - 2016-04-23 06:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 17:11 - 2016-04-23 06:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 17:11 - 2016-04-23 06:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 17:11 - 2016-04-23 06:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 17:11 - 2016-04-23 06:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 17:11 - 2016-04-23 06:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 17:11 - 2016-04-23 06:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 17:11 - 2016-04-23 06:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 17:11 - 2016-04-23 06:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 17:11 - 2016-04-23 06:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 17:11 - 2016-04-23 06:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 17:11 - 2016-04-23 06:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 17:11 - 2016-04-23 04:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 17:11 - 2016-04-19 00:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-09 18:54 - 2016-05-09 18:56 - 477102424 _____ C:\Users\cloud\Downloads\[HorribleSubs] Boku no Hero Academia - 06 [720p].mkv
2016-05-09 14:22 - 2016-05-09 14:22 - 25253494 _____ C:\Users\cloud\Downloads\[HorribleScans] Attack on Titan - Chapter 81.zip
2016-05-07 22:58 - 2016-05-07 23:01 - 481123005 _____ C:\Users\cloud\Downloads\[HorribleSubs] Kabaneri of the Iron Fortress - 04 [720p].mkv
2016-05-07 22:58 - 2016-05-07 23:01 - 342372795 _____ C:\Users\cloud\Downloads\[HorribleSubs] Kiznaiver - 05 [720p].mkv
2016-05-07 22:57 - 2016-05-07 22:59 - 338043285 _____ C:\Users\cloud\Downloads\[HorribleSubs] JoJo's Bizarre Adventure - Diamond is Unbreakable - 06 [720p].mkv
2016-05-07 22:57 - 2016-05-07 22:58 - 112310106 _____ C:\Users\cloud\Downloads\[HorribleSubs] Space Patrol Luluco - 06 [720p].mkv
2016-05-06 17:43 - 2016-05-06 17:43 - 00000000 ____D C:\Users\cloud\Documents\OneNote Notebooks

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-04 11:39 - 2015-10-13 19:50 - 00001134 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-04 11:38 - 2015-12-07 05:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-04 11:37 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-06-04 11:32 - 2015-10-30 20:19 - 00813240 _____ C:\WINDOWS\system32\perfh010.dat
2016-06-04 11:32 - 2015-10-30 20:19 - 00152000 _____ C:\WINDOWS\system32\perfc010.dat
2016-06-04 11:32 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-06-04 11:32 - 2015-08-13 12:26 - 01832886 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-04 11:25 - 2016-03-13 10:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-04 11:25 - 2015-12-07 04:55 - 00334248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-04 11:23 - 2016-03-13 10:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-04 11:16 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-04 11:10 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-04 11:10 - 2015-09-29 01:53 - 00004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{89571B90-3820-44F2-BB2B-511DCB778F8F}
2016-06-03 20:55 - 2015-10-13 19:50 - 00001138 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-03 18:34 - 2015-08-14 00:13 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-02 22:45 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-02 22:43 - 2015-10-30 20:22 - 00000000 ____D C:\WINDOWS\ShellNew
2016-06-02 22:43 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-02 22:43 - 2015-08-18 20:11 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-02 22:41 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-06-02 22:41 - 2015-07-10 13:04 - 00000076 _____ C:\WINDOWS\win.ini
2016-06-02 22:21 - 2015-08-13 15:51 - 00000000 ____D C:\Users\cloud\AppData\Roaming\vlc
2016-05-31 21:56 - 2015-08-13 12:50 - 00000000 ____D C:\Users\cloud\AppData\Local\Packages
2016-05-31 17:49 - 2015-08-13 14:07 - 00000000 ____D C:\Users\cloud\AppData\Roaming\uTorrent
2016-05-30 23:07 - 2016-01-05 21:44 - 00000000 ____D C:\Users\cloud\AppData\Roaming\HexChat
2016-05-30 22:27 - 2015-08-13 14:39 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-29 17:21 - 2015-10-27 19:57 - 00000000 ____D C:\Users\cloud\Documents\Biologia Molecolare
2016-05-26 22:20 - 2016-02-26 21:56 - 00000000 ____D C:\Users\cloud\Downloads\Mr. Robot S01 COMPLETE Season 1 720p HDTV x264 [MKV,AC3,5.1] Ehhhh
2016-05-23 16:54 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-18 18:41 - 2015-11-14 00:21 - 00000000 ____D C:\Users\cloud\.gimp-2.8
2016-05-18 18:40 - 2015-11-30 23:04 - 00000000 ____D C:\Users\cloud\AppData\Local\gtk-2.0
2016-05-15 21:11 - 2016-04-24 12:58 - 474646691 _____ C:\Users\cloud\Downloads\[HorribleSubs] Boku no Hero Academia - 04 [720p].mkv
2016-05-15 13:10 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-15 12:57 - 2015-10-13 19:50 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-13 17:39 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-12 23:54 - 2015-12-07 05:03 - 00000000 ____D C:\Users\cloud
2016-05-12 16:53 - 2015-08-13 12:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-12 16:23 - 2015-10-30 20:22 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 16:23 - 2015-10-30 09:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-12 16:23 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 16:23 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 16:23 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 16:23 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 21:57 - 2015-10-30 09:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 21:57 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-11 19:07 - 2015-08-13 15:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 18:55 - 2015-08-13 15:11 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-11 14:37 - 2015-08-14 00:14 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-09 14:34 - 2015-09-29 01:50 - 00000000 ____D C:\Users\cloud\AppData\Roaming\CDisplayEx
2016-05-05 00:17 - 2015-09-03 17:41 - 00000000 ____D C:\Users\cloud\Documents\ASHIT

==================== Files in the root of some directories =======

2016-05-18 18:40 - 2016-05-18 18:40 - 0001491 _____ () C:\Users\cloud\AppData\Local\recently-used.xbel
2015-12-07 05:00 - 2015-12-07 05:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\cloud\AppData\Local\Temp\libeay32.dll
C:\Users\cloud\AppData\Local\Temp\msvcr120.dll
C:\Users\cloud\AppData\Local\Temp\sqlite3.dll
C:\Users\cloud\AppData\Local\Temp\utt97F2.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-28 10:08

==================== End of FRST.txt ============================





ADDITION:



Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2016
Ran by cloud (2016-06-04 11:43:23)
Running from C:\Users\cloud\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-07 03:21:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-347070757-4124586549-2319610994-500 - Administrator - Enabled) => C:\Users\Administrator
cloud (S-1-5-21-347070757-4124586549-2319610994-1001 - Administrator - Enabled) => C:\Users\cloud
DefaultAccount (S-1-5-21-347070757-4124586549-2319610994-503 - Limited - Disabled)
Guest (S-1-5-21-347070757-4124586549-2319610994-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Italiano (HKLM-x32\...\{AC76BA86-7AD7-1040-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (it) - Greyfirst)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Memory Cleaner 2.20 (HKLM-x32\...\MemClean) (Version: 2.20 - KoshyJohn.com)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools per Office Runtime (x64) - Language Pack - ITA (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ITA) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.13.0 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-347070757-4124586549-2319610994-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\cloud\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3F1B3010-BF37-41A1-92DA-D228B103FA9B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-13] (Dropbox, Inc.)
Task: {5104961B-699D-4DF7-A1A9-6714C442EC89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {7BBEE612-FFF0-47CE-BDE8-7600D9CFB43D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {7C26C938-A047-41C6-8D6F-6E0361574F45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-30] (Google Inc.)
Task: {B2D00253-F075-434E-BC31-F6B88469A928} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {CF3CA228-3D88-40FE-9063-0F1CCA853E63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-30] (Google Inc.)
Task: {F3A5C219-F85C-416E-AD63-FD40B0D4CBA2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-13] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\cloud\AppData\Local\Google\Chrome\User Data\Avvio applicazioni di Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 18:23 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 18:23 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-19 12:10 - 2016-04-19 12:10 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 10:28 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 17:11 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 17:12 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 17:12 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 17:12 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 17:12 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-30 22:27 - 2016-05-25 01:24 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libglesv2.dll
2016-05-30 22:27 - 2016-05-25 01:24 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libegl.dll
2016-06-02 23:03 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-04-19 12:10 - 2016-04-19 12:10 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 12:10 - 2016-04-19 12:10 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> http://www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> http://www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> http://www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> http://www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> http://www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> http://www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> http://www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> http://www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> http://www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> http://www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> http://www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> http://www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> http://www.123simsen.com

There are 7873 more sites.

IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\008k.com -> http://www.008k.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\00hq.com -> http://www.00hq.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\0scan.com -> http://www.0scan.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\1-2005-search.com -> http://www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\1-domains-registrations.com -> http://www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\1000gratisproben.com -> http://www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\1001namen.com -> http://www.1001namen.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\100sexlinks.com -> http://www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\10sek.com -> http://www.10sek.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\123fporn.info -> http://www.123fporn.info
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\123haustiereundmehr.com -> http://www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\123moviedownload.com -> http://www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\123simsen.com -> http://www.123simsen.com

There are 7874 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2016-06-03 13:53 - 00451266 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 http://www.fakku.net
127.0.0.1 http://www.exhentai.org
127.0.0.1 e-hentai.org
127.0.0.1 http://www.youporn.com
127.0.0.1 http://www.xvideos.com
127.0.0.1 http://g.e-hentai.org/
127.0.0.1 http://forums.e-hentai.org/
127.0.0.1 http://nhentai.net/127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com
127.0.0.1 http://www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 http://www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 http://www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100888290cs.com
127.0.0.1 http://www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 http://www.10sek.com
127.0.0.1 http://www.1-2005-search.com

There are 15480 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-347070757-4124586549-2319610994-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cloud\Pictures\xenobladewallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\Run: => "WTFast Tray"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{8E02FE9F-B768-4868-9F2B-61CE3F1610A3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A4365DFC-9E7A-4741-89A1-D23DFDE08184}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7C7F8C9F-7F44-4A0A-8573-4C520E2E7FE1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E787B24C-86D7-4EEC-A579-6C5F6BEF8AD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ACD07CED-1EDF-43CD-AA86-733E2A35AB66}] => (Allow) LPort=1689
FirewallRules: [{DFB96A8E-7B82-4DE1-AD84-BC2B0DC6ADB6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E6E271CB-528C-4E08-AE69-2533B6655BD6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B359C1FA-D269-4E7B-8E82-D20220581FBC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{AC6DC16A-4B12-4F3A-A16E-E5616FB62451}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F05C21D8-9428-4335-AC5A-194582C690F7}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0C619AD8-24DD-45A8-AA03-9ADE561A9075}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A6D26ECC-CAF2-4F17-89A5-EC822D91593A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E1B14F0A-D092-454F-9DE1-2D6386B94CC3}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{5D1B7651-E74A-4DA8-AEBA-A758DD5D17FA}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{12562C29-6374-4EA6-A6E8-1180B9901561}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D7E1E49B-71E3-4E4B-AFFD-CEBA092A26A5}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6BA1BC8D-E7A1-457E-A96F-0EAB8B9C08C4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{75199C2D-A06C-4952-8C5B-30568FABFD74}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{7979DC3F-DAE4-414B-9A4C-5EF9258338F7}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{A3482201-D154-490C-81B0-A734E977D893}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [{E4CA35B1-B8CC-4A8A-83BC-B2FF4E39C625}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FDFEA7D0-D935-448E-AFB9-2728A2D933EC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CDF40FFB-BF4E-4D37-B2B3-64B9C6E68250}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{93BE1148-629E-487C-BF26-F5E3AC7A80FD}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{26AA9162-EF7E-46FF-B077-8AA799E0E6C5}C:\program files\hexchat\hexchat.exe] => (Allow) C:\program files\hexchat\hexchat.exe
FirewallRules: [{2086911C-7183-4BA8-ACE4-1F4786D87088}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

23-05-2016 07:58:48 Punto di controllo pianificato
01-06-2016 08:44:00 Punto di controllo pianificato
02-06-2016 22:31:48 Removed Microsoft Office Professional Plus 2013

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2016 11:24:47 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (06/04/2016 11:06:57 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (06/03/2016 08:57:15 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (06/03/2016 08:57:15 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (06/03/2016 08:57:14 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (06/03/2016 08:57:13 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (06/03/2016 08:57:10 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (06/03/2016 07:51:25 AM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (06/02/2016 11:30:02 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (06/02/2016 11:30:02 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed


System errors:
=============
Error: (06/04/2016 11:37:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Accesso dati utente_29bd1 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.

Error: (06/04/2016 11:37:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Archiviazione dati utente_29bd1 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.

Error: (06/04/2016 11:37:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Dati contatti_29bd1 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.

Error: (06/04/2016 11:37:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Sincronizza host_29bd1 è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 10000 millisecondi: Riavvia il servizio.

Error: (06/04/2016 11:37:39 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: impostazioni specifiche dell'applicazioneLocaleAttivazione{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (tramite LRPC)Non disponibileNon disponibile

Error: (06/04/2016 11:37:34 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Tentativo di eseguire un'azione di correzione (Riavvia il servizio) dopo l'arresto imprevista del servizio Windows Search. Tentativo non riuscito per l'errore:
%%1056

Error: (06/04/2016 11:37:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Il servizio Windows Search è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio.

Error: (06/04/2016 11:37:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio LiveUpdate. Questo evento si è già verificato 1 volta(e).

Error: (06/04/2016 11:37:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio SynTPEnh Caller Service. Questo evento si è già verificato 1 volta(e).

Error: (06/04/2016 11:37:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Arresto imprevista del servizio Adobe Acrobat Update Service. Questo evento si è già verificato 1 volta(e).


CodeIntegrity:
===================================
Date: 2016-05-15 14:23:01.194
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-13 11:59:26.023
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-12 16:52:56.287
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-05-11 22:59:39.494
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-15 11:57:23.450
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-14 18:42:46.484
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-13 22:59:36.764
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-24 10:12:05.971
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-13 11:59:22.648
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-12 22:59:28.664
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 53%
Total physical RAM: 3958.71 MB
Available physical RAM: 1826.32 MB
Total Virtual: 4662.71 MB
Available Virtual: 2144.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.75 GB) (Free:269.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C20ADB7D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=480 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================





I did not have any trouble performing these steps.
I hope I didn't forget to answer to a question of yours.
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Google search: three more result than normal

Unread postby megatonante » June 4th, 2016, 6:16 am

Sorry for the double post but I noticed something really strange: the same exact problem occurs even on another desktop computer! I'm using a desktop computer right now to study, and google search pops up those additional links just like on the first laptop computer.
On the desktop, the problem still occurs only for google chrome, where mozilla firefox is inaffected.
On google chrome, I didn't use the same chrome account, that means i didn't synchronyze anything.

The only thing in common between the first laptop computer (the one of the first post) and the desktop computer has been an USB drive I used to access some word files.
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Google search: three more result than normal

Unread postby mAL_rEm018 » June 5th, 2016, 4:52 am

Hello megatonante,

megatonante wrote:Sorry for the double post

Don't apologize..you did the right thing. :) If you forget to add anything and/or there is any new development please re-post instead of editing your existing post, as this can make my work a lot harder.

megatonante wrote:the same exact problem occurs even on another desktop computer!

Please wait until we finish cleaning this computer and then open a new topic for your other computer.

megatonante wrote:The only thing in common between the first laptop computer (the one of the first post) and the desktop computer has been an USB drive I used to access some word files.

Your computer issues seem to be related with Adware. It is very unlikely that your other computer was infected because of the USB. However, I would be more than happy to check if there is any malware on it later.

Please run the following fix..

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad.
Code: Select all
CreateRestorePoint:

HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\RunOnce: [Uninstall C:\Users\cloud\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\cloud\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
SearchScopes: HKU\S-1-5-21-347070757-4124586549-2319610994-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1446137570&z=fecaf3bacc6610fcd9b71aegezfz0qeg3c9m6m6z9t&from=cor&uid=SamsungXSSDX840XSeries_S14ENEACB30221X"
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-27] (IObit)
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
2016-06-04 11:23 - 2016-06-04 11:23 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Users\cloud\AppData\Roaming\ProductData
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Users\cloud\AppData\Roaming\IObit
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Users\cloud\AppData\LocalLow\IObit
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\ProgramData\ProductData
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\ProgramData\IObit
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Program Files (x86)\IObit
2016-06-02 23:02 - 2016-06-02 23:02 - 13361952 _____ (IObit) C:\Users\cloud\Downloads\iobituninstaller.exe
2016-06-04 11:25 - 2016-03-13 10:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-04 11:23 - 2016-03-13 10:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-31 17:49 - 2015-08-13 14:07 - 00000000 ____D C:\Users\cloud\AppData\Roaming\uTorrent
2015-12-07 05:00 - 2015-12-07 05:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\cloud\AppData\Local\Temp\libeay32.dll
C:\Users\cloud\AppData\Local\Temp\msvcr120.dll
C:\Users\cloud\AppData\Local\Temp\sqlite3.dll
C:\Users\cloud\AppData\Local\Temp\utt97F2.tmp.exe
2016-06-02 23:03 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
FirewallRules: [{DFB96A8E-7B82-4DE1-AD84-BC2B0DC6ADB6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E6E271CB-528C-4E08-AE69-2533B6655BD6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B359C1FA-D269-4E7B-8E82-D20220581FBC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{AC6DC16A-4B12-4F3A-A16E-E5616FB62451}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F05C21D8-9428-4335-AC5A-194582C690F7}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0C619AD8-24DD-45A8-AA03-9ADE561A9075}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A6D26ECC-CAF2-4F17-89A5-EC822D91593A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E1B14F0A-D092-454F-9DE1-2D6386B94CC3}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E4CA35B1-B8CC-4A8A-83BC-B2FF4E39C625}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FDFEA7D0-D935-448E-AFB9-2728A2D933EC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe


[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[-HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[-HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[-HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[-HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[-HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Trolltech]

CMD: sc config WinDefend start= auto
CMD: sc config WdNisSvc start= auto
CMD: ipconfig/ flushdns

Hosts:
EmptyTemp:
CreateRestorePoint:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

I need you to run another search with FRST..

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    twenga;kelkoo;istartsurf

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Please give me an update on how your computer is behaving.

-----------------------------------------
In your next reply, I would like to see..
  • Did you have trouble performing any of the steps?
  • fixlog.txt
  • search.txt
  • Update on your computer behaviour.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google search: three more result than normal

Unread postby megatonante » June 5th, 2016, 2:06 pm

Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by cloud (2016-06-05 19:20:34) Run:1
Running from C:\Users\cloud\Downloads
Loaded Profiles: cloud (Available Profiles: cloud & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\...\RunOnce: [Uninstall C:\Users\cloud\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\cloud\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64"
SearchScopes: HKU\S-1-5-21-347070757-4124586549-2319610994-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hp&ts=1446137570&z=fecaf3bacc6610fcd9b71aegezfz0qeg3c9m6m6z9t&from=cor&uid=SamsungXSSDX840XSeries_S14ENEACB30221X"
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-27] (IObit)
S3 WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [X]
2016-06-04 11:23 - 2016-06-04 11:23 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Users\cloud\AppData\Roaming\ProductData
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Users\cloud\AppData\Roaming\IObit
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Users\cloud\AppData\LocalLow\IObit
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\ProgramData\ProductData
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\ProgramData\IObit
2016-06-02 23:03 - 2016-06-02 23:03 - 00000000 ____D C:\Program Files (x86)\IObit
2016-06-02 23:02 - 2016-06-02 23:02 - 13361952 _____ (IObit) C:\Users\cloud\Downloads\iobituninstaller.exe
2016-06-04 11:25 - 2016-03-13 10:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-04 11:23 - 2016-03-13 10:12 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-05-31 17:49 - 2015-08-13 14:07 - 00000000 ____D C:\Users\cloud\AppData\Roaming\uTorrent
2015-12-07 05:00 - 2015-12-07 05:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\cloud\AppData\Local\Temp\libeay32.dll
C:\Users\cloud\AppData\Local\Temp\msvcr120.dll
C:\Users\cloud\AppData\Local\Temp\sqlite3.dll
C:\Users\cloud\AppData\Local\Temp\utt97F2.tmp.exe
2016-06-02 23:03 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
FirewallRules: [{DFB96A8E-7B82-4DE1-AD84-BC2B0DC6ADB6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{E6E271CB-528C-4E08-AE69-2533B6655BD6}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B359C1FA-D269-4E7B-8E82-D20220581FBC}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{AC6DC16A-4B12-4F3A-A16E-E5616FB62451}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F05C21D8-9428-4335-AC5A-194582C690F7}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0C619AD8-24DD-45A8-AA03-9ADE561A9075}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A6D26ECC-CAF2-4F17-89A5-EC822D91593A}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E1B14F0A-D092-454F-9DE1-2D6386B94CC3}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{E4CA35B1-B8CC-4A8A-83BC-B2FF4E39C625}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{FDFEA7D0-D935-448E-AFB9-2728A2D933EC}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe


[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[-HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com]
[-HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com]
[-HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com]
[-HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com]
[-HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Trolltech]

CMD: sc config WinDefend start= auto
CMD: sc config WdNisSvc start= auto
CMD: ipconfig/ flushdns

Hosts:
EmptyTemp:
CreateRestorePoint:
*****************

Restore point was successfully created.
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value not found.
HKU\S-1-5-21-347070757-4124586549-2319610994-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\cloud\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64 => value removed successfully
"HKU\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found.
Chrome StartupUrls => removed successfully
LiveUpdateSvc => Unable to stop service.
LiveUpdateSvc => service removed successfully
WinDivert1.1 => service removed successfully
C:\WINDOWS\wininit.ini => moved successfully
C:\Users\cloud\AppData\Roaming\ProductData => moved successfully
C:\Users\cloud\AppData\Roaming\IObit => moved successfully
C:\Users\cloud\AppData\LocalLow\IObit => moved successfully
C:\ProgramData\ProductData => moved successfully
C:\ProgramData\IObit => moved successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Users\cloud\Downloads\iobituninstaller.exe => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Users\cloud\AppData\Roaming\uTorrent => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\cloud\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\cloud\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\cloud\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\cloud\AppData\Local\Temp\utt97F2.tmp.exe => moved successfully
"C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll" => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DFB96A8E-7B82-4DE1-AD84-BC2B0DC6ADB6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6E271CB-528C-4E08-AE69-2533B6655BD6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B359C1FA-D269-4E7B-8E82-D20220581FBC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AC6DC16A-4B12-4F3A-A16E-E5616FB62451} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F05C21D8-9428-4335-AC5A-194582C690F7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0C619AD8-24DD-45A8-AA03-9ADE561A9075} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6D26ECC-CAF2-4F17-89A5-EC822D91593A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1B14F0A-D092-454F-9DE1-2D6386B94CC3} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E4CA35B1-B8CC-4A8A-83BC-B2FF4E39C625} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FDFEA7D0-D935-448E-AFB9-2728A2D933EC} => value removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com => key removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com => key removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com => key removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com => key removed successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com => key removed successfully
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com => key not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com => key not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com => key not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com => key not found.
HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetim.com => key removed successfully
HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sweetpacks.com => key removed successfully
HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetim.com => key removed successfully
HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\sweetpacks.com => key removed successfully
HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Trolltech => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-347070757-4124586549-2319610994-1001\SOFTWARE\Trolltech => key removed successfully

========= sc config WinDefend start= auto =========

[SC] OpenService OPERAZIONI NON RIUSCITE 5:

Accesso negato.


========= End of CMD: =========


========= sc config WdNisSvc start= auto =========

[SC] OpenService OPERAZIONI NON RIUSCITE 5:

Accesso negato.


========= End of CMD: =========


========= ipconfig/ flushdns =========


Errore: riga di comando non riconosciuta o incompleta.

SINTASSI:
ipconfig [/allcompartments] [/? | /all |
/renew [scheda] | /release [scheda] |
/renew6 [scheda] | /release6 [scheda] |
/flushdns | /displaydns | /registerdns |
/showclassid scheda |
/setclassid scheda [idclasse] ]
/showclassid6 scheda |
/setclassid6 scheda [idclasse] ]

Dove
scheda Nome della connessione
(sono consentiti i caratteri jolly * e ?,
vedere gli esempi)

Opzioni:
/? Visualizza questo messaggio della Guida
/all Visualizza informazioni di configurazione complete.
/release Rilascia l'indirizzo IPv4 per la scheda specificata.
/release6 Rilascia l'indirizzo IPv6 per la scheda specificata.
/renew Rinnova l'indirizzo IPv4 per la scheda specificata.
/renew6 Rinnova l'indirizzo IPv6 per la scheda specificata.
/flushdns Ripulisce la cache del resolver DNS.
/registerdns Aggiorna tutti i lease DHCP e registra di nuovo
i nomi DNS.
/displaydns Visualizza il contenuto della cache del resolver DNS.
/showclassid Visualizza tutti gli ID di classe DHCP consentiti per
la scheda.
/setclassid Modifica l'ID di classe DHCP.
/showclassid6 Visualizza tutti gli ID di classe DHCP IPv6
consentiti per la scheda.
/setclassid6 Modifica l'ID di classe DHCP IPv6.


Per impostazione predefinita, vengono visualizzati solo l'indirizzo IP,
la subnet mask e il gateway predefinito per ogni scheda associata
al protocollo TCP/IP.

Se per i parametri Release e Renew non � specificato il nome di alcuna
scheda, verranno rilasciati o rinnovati i lease degli indirizzi IP per tutte
le schede associate al protocollo TCP/IP.

Se per Setclassid e Setclassid6 non viene specificato alcun ID di classe,
l'ID di classe verr� rimosso.

Esempi:
> ipconfig ...Visualizza informazioni
> ipconfig /all ...Visualizza informazioni dettagliate
> ipconfig /renew ...Rinnova tutte le schede
> ipconfig /renew EL* ...Rinnova tutte le connessioni i cui
nomi iniziano con EL
> ipconfig /release *Con* ...Rilascia tutte le connessioni
corrispondenti, ad esempio
"Connessione Ethernet cablata 1" o
"Connessione Ethernet cablata 2"
> ipconfig /allcompartments ...Visualizza informazioni su tutti
i raggruppamenti
> ipconfig /allcompartments /all ...Visualizza informazioni dettagliate
su tutti i raggruppamenti

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
Restore point was successfully created.
EmptyTemp: => 2.3 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:23:55 ====



Search.txt

Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by cloud (2016-06-05 20:02:03)
Running from C:\Users\cloud\Downloads
Boot Mode: Normal

================== Search Registry: "twenga;kelkoo;istartsurf" ===========

====== End of Search ======



Update on my computer: sadly, the issue is still present. whenever I search something in google with chrome, those 3 (usually) more results appear.
My computer did restart after the patch, so I think the issue is still present even after the fix has been installed.

I did not have any problem in performing those actions.
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Google search: three more result than normal

Unread postby mAL_rEm018 » June 6th, 2016, 1:53 am

Hello megatonante,

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Please re-enable Windows Defender by following the steps in the following article: How to Turn On or Off Windows Defender in Windows 10.


megatonante wrote:Update on my computer: sadly, the issue is still present. whenever I search something in google with chrome, those 3 (usually) more results appear.

Since the problem only occurs in Chrome, let's see if we can fix the issue by removing/re-installing Google Chrome. Before proceeding it is necessary that you save all your bookmarks. The instructions for doing so can be found here.


Once your bookmarks have been saved, please do the following..

  • Please open the Start menu.
  • Click on Settings and then System.
  • Select Apps & Features.
  • Locate and click on the following programs:
      Google Chrome
  • Select uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
    Note: you can only remove one program at a time.

To re-install Google Chrome, please do the following..
  • Click on the following link: Google Chrome.
  • Read the Terms of Service and select Accept and Install.
  • Save ChromeSetup.exe to your desktop.
  • Go to your desktop and right-click on ChromeSetup.exe and select Run as administrator.
  • Google Chrome will then install itself.
  • When the process is over, Chrome will open.

Are you still having issues with Google Chrome?
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google search: three more result than normal

Unread postby megatonante » June 6th, 2016, 6:47 am

mAL_rEm018 wrote:Hello megatonante,

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Please re-enable Windows Defender by following the steps in the following article: How to Turn On or Off Windows Defender in Windows 10.


megatonante wrote:Update on my computer: sadly, the issue is still present. whenever I search something in google with chrome, those 3 (usually) more results appear.

Since the problem only occurs in Chrome, let's see if we can fix the issue by removing/re-installing Google Chrome. Before proceeding it is necessary that you save all your bookmarks. The instructions for doing so can be found here.


Once your bookmarks have been saved, please do the following..

  • Please open the Start menu.
  • Click on Settings and then System.
  • Select Apps & Features.
  • Locate and click on the following programs:
      Google Chrome
  • Select uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.
    Note: you can only remove one program at a time.

To re-install Google Chrome, please do the following..
  • Click on the following link: Google Chrome.
  • Read the Terms of Service and select Accept and Install.
  • Save ChromeSetup.exe to your desktop.
  • Go to your desktop and right-click on ChromeSetup.exe and select Run as administrator.
  • Google Chrome will then install itself.
  • When the process is over, Chrome will open.

Are you still having issues with Google Chrome?


Windows Defender re enabled

Still having the same issue :(
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Google search: three more result than normal

Unread postby megatonante » June 6th, 2016, 6:57 am

Forgot to say that yes, I unistalled and reinstalled Chrome. I also did that before coming here to seek help. With this, I have done it two times.

(can't edit post)
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am

Re: Google search: three more result than normal

Unread postby mAL_rEm018 » June 6th, 2016, 2:02 pm

Hello megatonante,

megatonante wrote:(can't edit post)

Don't try to edit your posts. As I already mentioned before, if you forget to add some important information or if there is any new development please re-post.

Still having the same issue :(

Don't get discouraged. We still have more tools we can use. :)

Could you upload a screenshot of what is happening in Chrome?
User avatar
mAL_rEm018
Admin/Teacher
Admin/Teacher
 
Posts: 2689
Joined: November 11th, 2013, 6:26 pm
Location: Saint-Petersburg, Russia

Re: Google search: three more result than normal

Unread postby megatonante » June 6th, 2016, 2:41 pm

mAL_rEm018 wrote:Hello megatonante,

megatonante wrote:(can't edit post)

Don't try to edit your posts. As I already mentioned before, if you forget to add some important information or if there is any new development please re-post.

Still having the same issue :(

Don't get discouraged. We still have more tools we can use. :)

Could you upload a screenshot of what is happening in Chrome?


Yeah I was trying to edit because it was no new development, just a thing I forgot to add in the first post : )


Sure about screenshot, I will do a coverage:

Image

The "alien" results are highlighted. I searched "calcium" and in a normal search, the first link should be the wikipedia one. Moreover, those three alien results showed up half a second later than the pthers. Sometimes they take 3 second or more.

In this example those links are somewhat related to "calcium", but sometimes whatever program is at work here doesn't understand well the key I searched for, and thing quite unrelated to the search can show up. Google doesn't act like that so it's not him.
Image

In this screenshot I highlighted the link that shows up when I hover with the cursor. In any other normal link, it should show the adress I am about to go to if I click.

Image
Image

I underlined some of the adresses that shows up for less than a second when I click on those alien links. They are somewhat variable, I can't extrapolate a pattern. Sometimes there is the "adventure" one, then immediately the "twenga" one, and then the final adress that is a product the link is providing advertisement to.
Sometimes there is just one, and then the product advertised.
There is "kelkoo" too, as I said in a previous post.
megatonante
Regular Member
 
Posts: 28
Joined: June 29th, 2015, 6:55 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware