start
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 MWAC; \??\C:\Windows\system32\drivers\ [X]
2013-08-09 05:59 - 2013-08-09 05:59 - 0494108 _____ () C:\ProgramData\1376045637.bdinstall.bin
2014-01-13 06:53 - 2014-01-13 06:53 - 0091872 _____ () C:\ProgramData\1389613987.bdinstall.bin
2014-01-13 19:33 - 2014-01-13 19:33 - 0236213 _____ () C:\ProgramData\1389659456.bdinstall.bin
2014-01-13 19:55 - 2014-01-13 19:55 - 0850488 _____ () C:\ProgramData\1389659713.bdinstall.bin
2014-01-13 21:32 - 2014-01-13 21:32 - 0421276 _____ () C:\ProgramData\1389665944.bdinstall.bin
2016-01-16 19:55 - 2016-01-16 19:55 - 0252085 _____ () C:\ProgramData\1452991892.bdinstall.bin
2014-07-03 20:48 - 2014-07-03 20:48 - 19168944 _____ (Adobe Systems Incorporated) C:\Users\BB4xl\AppData\Local\Temp\install_flash_player.exe
2013-10-08 13:27 - 2013-10-08 13:27 - 0915368 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2016-08-31 21:26 - 2016-08-31 21:26 - 0741440 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-04-01 22:16 - 2016-04-01 22:16 - 0736320 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-05-07 15:13 - 2016-05-07 15:13 - 0739904 _____ (Oracle Corporation) C:\Users\BB4xl\AppData\Local\Temp\jre-8u91-windows-au.exe
2013-01-18 07:16 - 2013-01-18 07:16 - 0559480 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nv3DVStreaming.dll
2013-01-18 07:16 - 2013-01-18 07:16 - 1028648 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvSCPAPI.dll
2013-01-18 07:16 - 2013-01-18 07:16 - 0354528 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvStereoApiI.dll
2013-01-18 07:15 - 2013-01-18 07:15 - 0709920 _____ (NVIDIA Corporation) C:\Users\Bob\AppData\Local\Temp\nvStInst.exe
2006-10-30 05:35 - 2006-10-30 05:35 - 0145184 ____R (Microsoft Corporation) C:\Users\Bob\AppData\Local\Temp\ose00000.exe
2015-12-02 10:05 - 2015-12-02 10:05 - 0120336 _____ (McAfee, Inc.) C:\Users\Boss\AppData\Local\Temp\McCSPInstall.dll
Task: {AADD9596-942C-45F2-8C05-45A6136DCBDE} - System32\Tasks\4456 => Wscript.exe C:\Users\Bob\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {BA3B219A-C755-4ADA-ABBD-E6B64345E517} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender\bdproductdata.exe
C:\Users\Bob\AppData\Local\Temp\launchie.vbs //B
C:\Program Files\Bitdefender
AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\BB4xl\Desktop\Eye prescription 11-2016.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\BDSysLog_i.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\bitdefender_isecurity.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\MicrosoftFixit.IEPerformance.RNP.1337279163107748.1.1.Run.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(1).exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7(2).exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\SetHomePageIEforVista7.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Downloads\The_New_Bitdefender_UninstallTool.exe:BDU [0]
AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\BB4xl\Documents\Dr. Coseriu.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Desktop\check dental 3-17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bob\Desktop\check dental 3-17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Desktop\Dental Mar 17.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bob\Desktop\Dental Mar 17.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bob\Downloads\CitrixOnlinePluginWeb (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Bob\Downloads\CitrixOnlinePluginWeb.exe:BDU [0]
AlternateDataStreams: C:\Users\Boss\Downloads\mbam-setup-2.0.2.1012(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Boss\Downloads\mbam-setup-2.0.2.1012.exe:BDU [0]
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
C:\Program Files\Common Files\Bitdefender
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
HKU\S-1-5-21-3990082703-2204388882-176178493-1000\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state Off
CMD: bitsadmin /reset /allusers
Emptytemp: