Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ESET found in memory: a variant of MSIL/Injector.YT trojan. MBAM didn't.


  • This topic is locked This topic is locked
3 replies to this topic

#1 Asgaro

Asgaro

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 22 June 2015 - 10:35 AM

Major edit: I just found this post on the official ESET forum, created today: https://forum.eset.com/topic/5216-a-variation-of-msilinjectoryt-trojan-cant-be-deleted-in-operative-memory/

 

An ESET moderator states:

It's Windows crack / activator that is detected. It's been already reclassified to potentially unsafe application which are not detected by default.

 

That could indeed be it...

 

edit: See also the Russian ESET forum, the last page of this thread: http://forum.esetnod32.ru/forum6/topic12104/?PAGEN_1=5

When you translate the last page, it says it's due to autokms.exe and hence, it's a false positive.

 

And yes, I do use autokms.exe...

Check for yourself by checking through e.g. CCleaner:

 

ce553y6.png

 

 

 

edit on the next day: When I turned my PC on today, I got greeted by the following pop-up:

 

gW23qCF.png

 

So my assumptions stated in the above edits are indeed correct: ESET was detecting autokms.exe as a straight up trojan.

But a few hours later, they adjusted their definitions file to remove this false positive.

And now, the day after, they have made it so that autokms.exe still gets detected, but now it's under the Potentially Unsafe Application category. Instead of the Trojan category.

I think this is a good solution.

 

I personally clicked on "Show advanced options" at the bottom of this pop-up and made ESET ignore this file, since I deliberately installed AutoKMS myself. :)

Of course, if you aren't comfortable with having autokms.exe running - or even worse, you don't remember installing it yourself - you should question the distributor of your Windows operating system and/or Office software suite: this probably means you have a pirated Windows operating system and/or Office software suite.

 

 

 

 

 

 

=================================================================================

 

 

 

Hi,

 

My original post: http://www.bleepingcomputer.com/forums/t/580248/eset-found-in-memory-a-variant-of-msilinjectoryt-trojan-and-its-trending/

(edit: My original post states I will try tutorials from the internet. I will NOT be doing this however, as is recommended in the latest posts in the original thread. I will wait for professional help in this thread.)

Here a copy-paste of the most important information:

 

I started up my desktop today, to be notified by ESET NOD32 Antivirus 8 (legitimate paid version) that I have a trojan.

 

l1IE6rf.png

 

NOU2NBj.png

 

Doing a smart scan did not remove it.
 
I also found this topic on the matter on this very forum: http://www.bleepingcomputer.com/forums/t/579945/infected-with-a-variant-of-msilinjectoryt-trojan/
It seems that particular user also only recently have gotten this malware.

The start post's date is June 19th 2015.

 

Also ran the latest updated Malwarebytes Anti-Malware Home.

It did not detect anything.

Detection of rootkits was enabled in the settings.

 

For the time being I removed the ethernet cable of said desktop.

 

I also now enabled the free trail for the Premium version of Malwarebytes Anti-Malware. (Had to connect very shortly to the internet to enable it.)

Since the Premium version provides real-time protection, I hope the software will show some popups eventually about this malware.

Update: no popups from Malwarebytes Anti-Malware Premium so far. :-/

 

 

Kind regards,

Asgaro

 

 

 

 

=======================================================================================

 

 

FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Yen (administrator) on COMPUTER-YEN on 22-06-2015 17:19:16
Running from C:\Users\Yen\Downloads
Loaded Profiles: Yen & MSSQL$SQLEXPRESS (Available Profiles: Yen & MSSQL$SQLEXPRESS)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Flux Software LLC) C:\Users\Yen\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\WhatPulse\whatpulse.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Spotify Ltd) C:\Users\Yen\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Yen\AppData\Roaming\uTorrent\uTorrent.exe
(RaMMicHaeL) C:\Users\Yen\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(Dropbox, Inc.) C:\Users\Yen\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Oracle Corporation) C:\app\Yen\product\11.2.0\dbhome_1\BIN\TNSLSNR.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\WhatPulse\whatpulse-watchdog.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [6548176 2014-05-07] (SoftPerfect Research)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-09-19] (Intel Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\Run: [F.lux] => C:\Users\Yen\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse\whatpulse.exe [3681792 2015-05-16] ()
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\Run: [Spotify Web Helper] => C:\Users\Yen\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2023480 2015-06-21] (Spotify Ltd)
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\Run: [GoogleChromeAutoLaunch_A8622FE30CF3C3A4D2CDDB3481D9404A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863560 2015-06-16] (Google Inc.)
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\Run: [uTorrent] => C:\Users\Yen\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-11] (BitTorrent Inc.)
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\Yen\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [382976 2015-04-07] (RaMMicHaeL)
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\Run: [Dropbox Update] => C:\Users\Yen\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-12] (Dropbox, Inc.)
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\Policies\Explorer: [NoInternetOpenWith] 0
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\MountPoints2: {2b7c5df2-ed1f-11e2-ad16-8c89a5c6e04a} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\MountPoints2: {2b7c5e0d-ed1f-11e2-ad16-8c89a5c6e04a} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\MountPoints2: {2b7c5e39-ed1f-11e2-ad16-001e101f63cf} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\...\MountPoints2: {a7427aa5-eded-11e2-ac94-8c89a5c6e04a} - F:\setup_vmb_lite.exe /checkApplicationPresence
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
Startup: C:\Users\Yen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-09-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Yen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Yen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2014-10-18]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yen\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yen\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yen\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Yen\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2264739400-1295426871-2886371116-1000] => 206.17.82.114:80
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/
HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://be.msn.com/default.aspx?ocid=iehp
SearchScopes: HKU\S-1-5-21-2264739400-1295426871-2886371116-1000 -> DefaultScope {3E31F214-C8AC-44F4-B85A-65A6E9082FCA} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2264739400-1295426871-2886371116-1000 -> {3E31F214-C8AC-44F4-B85A-65A6E9082FCA} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} -> C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-30] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{06FE881A-2C69-4919-9C1C-B09462006205}: [NameServer] 208.67.222.222,8.8.4.4
Tcpip\..\Interfaces\{28AEE064-234A-4856-96F2-B45194D191E8}: [NameServer] 81.169.60.107 81.169.60.107
Tcpip\..\Interfaces\{DBA1D4D3-6BCE-4154-9B62-902E9CAB82F5}: [NameServer] 81.169.62.171 81.169.62.171
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-09] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-09] ()
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin HKU\S-1-5-21-2264739400-1295426871-2886371116-1000: @coreonline.com/run3d,version=1.0 -> C:\Users\Yen\AppData\LocalLow\Square Enix\nprun3d.dll [2012-09-14] (Square Enix)
FF Plugin HKU\S-1-5-21-2264739400-1295426871-2886371116-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll [2015-04-21] (Sony Network Entertainment International LLC)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR Profile: C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (NeoGAF Thread Summarizer) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclblmjeibhbaniomgigpbchbmbdhlk [2015-06-03]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2014-04-16]
CHR Extension: (Google Docs) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-27]
CHR Extension: (NeoGAF Live Thread) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbfgndoggabppkoehpipfadjelcofmp [2015-05-27]
CHR Extension: (Honey) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-06-03]
CHR Extension: (NeoGAF: Quick Quote, Reply, and Edit) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cepaobafibbkpibaddehcnldhcnjjgal [2015-06-03]
CHR Extension: (Pushbullet) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-06-21]
CHR Extension: (uBlock Origin) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2014-07-25]
CHR Extension: (NeoHover) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmpenhenbmepklafmfllojkjcppnjoie [2015-06-03]
CHR Extension: (Tampermonkey) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-08-11]
CHR Extension: (Empty New Tab Page) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2015-03-24]
CHR Extension: (Feedly Notifier) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\egikgfbhipinieabdmcpigejkaomgjgb [2015-06-09]
CHR Extension: (imgur Extension by Metronomik) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehoopddfhgaehhmphfcooacjdpmbjlao [2015-06-03]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2015-06-03]
CHR Extension: (Faviconize Google) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijobgpmmkilncagclaejpjlccfhopdo [2014-01-25]
CHR Extension: (Stylish) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2014-11-14]
CHR Extension: (HTTPS Everywhere) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2014-01-25]
CHR Extension: (WebM for NeoGAF) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjkaaggachnbhepejjhfacpldjflffl [2014-04-07]
CHR Extension: (SuperSorter) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2015-05-31]
CHR Extension: (Bookmarks) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihaibgdemjcpnllmndlpdkfiggadlcgi [2014-01-25]
CHR Extension: (Deathamns) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2015-06-03]
CHR Extension: (ReChat for Twitch™) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2015-04-14]
CHR Extension: (Streamus) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2015-06-17]
CHR Extension: (Disconnect) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2014-02-08]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-01-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-02-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-05]
CHR Extension: (HTTP/2 and SPDY indicator) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbpobfflnpcgagjijhmgnchggcjblin [2014-01-25]
CHR Extension: (NeoGAF++) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\njfegfiockhnbnphjgjbdfjbpdikdiil [2015-05-27]
CHR Extension: (Google Wallet) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-07-16]
CHR Extension: (AutoScroll) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\occjjkgifpmdgodlplnacmkejpdionan [2015-05-27]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-06-10]
CHR Extension: (Neater Bookmarks) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgjggbjanlhbgaemjbkiegeebmccifi [2015-05-11]
CHR Extension: (Enhanced Steam) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-01-25]
CHR Extension: (Google Quick Scroll) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2014-01-25]
CHR Extension: (Skarv Aero Skin) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\opilcmfbjbkdhlhegdmihngmaapoeaab [2014-10-06]
CHR HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Yen\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
S3 MySQL56; C:\ProgramData\MySQL\MySQL Server 5.6\my.ini [14258 2013-11-15] () [File not signed]
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
S2 OracleDBConsoleDatabaseYen; C:\app\Yen\product\11.2.0\dbhome_1\bin\nmesrvc.exe [35328 2010-03-02] (Oracle Corporation) [File not signed]
S4 OracleJobSchedulerDATABASEYEN; c:\app\yen\product\11.2.0\dbhome_1\Bin\extjob.exe [45568 2010-03-30] () [File not signed]
S3 OracleServiceDATABASEYEN; c:\app\yen\product\11.2.0\dbhome_1\bin\ORACLE.EXE [134018048 2010-03-30] (Oracle Corporation) [File not signed]
S3 OracleVssWriterDATABASEYEN; c:\app\yen\product\11.2.0\dbhome_1\bin\OraVSSW.exe [192000 2010-03-30] () [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-13] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-05] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 OracleOraDb11g_home1TNSListener; C:\app\Yen\product\11.2.0\dbhome_1\BIN\TNSLSNR  [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 2310_00; C:\Windows\system32\drivers\2310_00.sys [170528 2009-06-12] (HighPoint Technologies, Inc.)
S3 272x_1x; C:\Windows\system32\drivers\272x_1x.sys [612672 2012-04-25] (HighPoint Technologies, Inc.)
S3 274x_3x; C:\Windows\system32\drivers\274x_3x.sys [240960 2012-04-25] (HighPoint Technologies, Inc.)
S3 arcm_a64; C:\Windows\system32\drivers\arcm_a64.sys [52768 2009-11-09] (ARECA Technology Corporation)
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S3 DC133; C:\Windows\system32\drivers\DC133.sys [39320 2011-05-02] (Dawicontrol GmbH)
S3 DC150; C:\Windows\system32\drivers\DC150.sys [39832 2011-05-02] (Dawicontrol GmbH)
S3 DC154; C:\Windows\system32\drivers\DC154.sys [48136 2011-05-02] (Dawicontrol GmbH)
S3 DC300e; C:\Windows\system32\drivers\DC300e.sys [40344 2011-05-02] (Dawicontrol GmbH)
R0 DC324e; C:\Windows\System32\drivers\DC324e.sys [49752 2011-05-02] (Dawicontrol GmbH)
S3 DC3410; C:\Windows\system32\drivers\DC3410.sys [48328 2011-05-02] (Dawicontrol GmbH)
R0 DC4300; C:\Windows\System32\drivers\DC4300.sys [48360 2011-05-02] (Dawicontrol GmbH)
S3 DC600e; C:\Windows\system32\drivers\DC600e.sys [40744 2011-05-02] (Dawicontrol GmbH)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [159480 2015-01-30] (ESET)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [415232 2011-06-10] (Huawei Technologies Co., Ltd.)
S3 hptiop; C:\Windows\system32\drivers\hptiop.sys [17440 2009-05-26] (HighPoint Technologies, Inc.)
S3 hptmv; C:\Windows\system32\drivers\hptmv.sys [93472 2006-09-19] (HighPoint Technologies, Inc.)
S3 hptmv6; C:\Windows\system32\drivers\hptmv6.sys [152096 2007-11-02] (HighPoint Technologies, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27456 2012-07-10] (Intel Corporation)
S3 iaStorS; C:\Windows\system32\drivers\iaStorS.sys [651224 2012-06-30] (Intel Corporation)
S3 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [38680 2008-05-14] (ITE Tech. Inc.)
S3 iteraid; C:\Windows\system32\drivers\iteraid.sys [32768 2007-05-02] (ITE Tech. Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 megasas2; C:\Windows\system32\drivers\megasas2.sys [51496 2012-02-29] (LSI Corporation)
S3 MegaSR1; C:\Windows\system32\drivers\megasr1.sys [809808 2012-05-29] (LSI Corporation, Inc.)
S3 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [182576 2011-05-06] (Marvell Semiconductor, Inc.)
S3 NPF; No ImagePath
S3 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [175648 2009-08-05] (NVIDIA Corporation)
S3 Pnp680; C:\Windows\system32\drivers\pnp680.sys [80424 2007-11-14] (Silicon Image, Inc)
S3 rr172x; C:\Windows\system32\drivers\rr172x.sys [124448 2007-11-02] (HighPoint Technologies, Inc.)
S3 rr174x; C:\Windows\system32\drivers\rr174x.sys [159264 2007-11-02] (HighPoint Technologies, Inc.)
S3 rr2210; C:\Windows\system32\drivers\rr2210.sys [153632 2007-11-02] (HighPoint Technologies, Inc.)
S3 rr232x; C:\Windows\system32\drivers\rr232x.sys [152096 2008-05-06] (HighPoint Technologies, Inc.)
S3 rr2340; C:\Windows\system32\drivers\rr2340.sys [162400 2010-01-01] (HighPoint Technologies, Inc.)
S3 rr2522; C:\Windows\system32\drivers\rr2522.sys [168032 2010-01-01] (HighPoint Technologies, Inc.)
S3 rr276x; C:\Windows\system32\drivers\rr276x.sys [241472 2012-04-25] (HighPoint Technologies, Inc.)
S3 rr278x; C:\Windows\system32\drivers\rr278x.sys [240960 2012-04-25] (HighPoint Technologies, Inc.)
S3 rr62x; C:\Windows\system32\drivers\rr62x.sys [156256 2010-06-17] (HighPoint Technologies, Inc.)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
S3 SI3112r; C:\Windows\system32\drivers\SI3112r.sys [164656 2007-02-02] (Silicon Image, Inc)
S3 SI3114; C:\Windows\system32\drivers\SI3114.sys [99120 2006-11-10] (Silicon Image, Inc.)
S3 SI3114r; C:\Windows\system32\drivers\SI3114R.sys [163632 2007-04-12] (Silicon Image, Inc)
S3 SI3124; C:\Windows\system32\drivers\SI3124.sys [113456 2006-11-03] (Silicon Image, Inc.)
S3 Si3124r5; C:\Windows\system32\drivers\Si3124r5.sys [334640 2006-09-20] (Silicon Image, Inc)
S3 SI3132; C:\Windows\system32\drivers\SI3132.sys [90664 2007-10-04] (Silicon Image, Inc)
S3 Si3531; C:\Windows\system32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22056 2007-10-04] (Silicon Image, Inc)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [17448 2007-10-04] (Silicon Image, Inc)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-03-26] (TuneUp Software)
S3 VGPU; No ImagePath
S3 viamrx64; C:\Windows\system32\drivers\viamrx64.sys [161904 2010-12-03] (VIA Technologies Inc.,Ltd)
S3 videX64; C:\Windows\system32\drivers\videX64.sys [15000 2010-02-12] (VIA Technologies, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-08-15] (Cisco Systems, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
R0 xfiltx64; C:\Windows\System32\drivers\xfiltx64.sys [26776 2010-02-12] (VIA Technologies, Inc.)
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 pmem; \??\C:\Users\Yen\AppData\Local\Temp\_MEI45402\drivers\winpmem64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-22 17:19 - 2015-06-22 17:19 - 00033508 _____ C:\Users\Yen\Downloads\FRST.txt
2015-06-22 17:18 - 2015-06-22 17:19 - 00000000 ____D C:\FRST
2015-06-22 17:18 - 2015-06-22 17:18 - 02109952 _____ (Farbar) C:\Users\Yen\Downloads\FRST64.exe
2015-06-21 22:39 - 2015-06-21 22:39 - 01822832 _____ (Pushbullet Inc ) C:\Users\Yen\Downloads\pushbullet_installer.exe
2015-06-21 12:45 - 2015-06-21 12:45 - 00087456 _____ C:\Users\Yen\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-21 12:44 - 2015-06-22 14:47 - 00008984 _____ C:\Windows\PFRO.log
2015-06-21 12:44 - 2015-06-21 12:44 - 00350576 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-21 01:00 - 2015-06-22 16:27 - 00000672 _____ C:\Windows\setupact.log
2015-06-21 01:00 - 2015-06-21 01:00 - 00000000 _____ C:\Windows\setuperr.log
2015-06-20 20:31 - 2015-06-20 20:31 - 09659178 _____ C:\Users\Yen\Documents\CHROME bookmarks_6_20_15.html
2015-06-19 19:52 - 2015-06-19 19:52 - 00513243 _____ C:\Users\Yen\Downloads\pokemon_-_yellow_version.zip
2015-06-19 19:51 - 2015-06-19 19:51 - 00513688 _____ C:\Users\Yen\Downloads\Pokemon Yellow (U) [C][!].gbc.zip
2015-06-19 16:07 - 2015-05-09 20:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-06-19 16:07 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-19 16:07 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-19 16:07 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-19 16:07 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-19 16:07 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-19 16:07 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-19 16:07 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-19 16:07 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-15 16:35 - 2015-06-15 16:35 - 00002638 _____ C:\Users\Yen\Downloads\3e2b962e-91a9-444e-893b-f861f4e56c5f.ics
2015-06-15 16:35 - 2015-06-15 16:35 - 00002638 _____ C:\Users\Yen\Downloads\3e2b962e-91a9-444e-893b-f861f4e56c5f (1).ics
2015-06-12 23:27 - 2015-06-22 16:32 - 00001016 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2264739400-1295426871-2886371116-1000UA.job
2015-06-12 23:27 - 2015-06-21 23:32 - 00000964 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2264739400-1295426871-2886371116-1000Core.job
2015-06-12 23:27 - 2015-06-12 23:27 - 00003982 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2264739400-1295426871-2886371116-1000UA
2015-06-12 23:27 - 2015-06-12 23:27 - 00003586 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2264739400-1295426871-2886371116-1000Core
2015-06-12 23:27 - 2015-06-12 23:27 - 00000000 ____D C:\Users\Yen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-06-12 23:27 - 2015-06-12 23:27 - 00000000 ____D C:\Users\Yen\AppData\Local\Dropbox
2015-06-12 23:27 - 2015-06-12 23:27 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-12 03:56 - 2015-06-12 03:56 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2015-06-12 03:28 - 2015-06-12 03:29 - 00000000 ____D C:\Users\Yen\Documents\BACK-UP SAMSUNG WAVE 12-06-15
2015-06-12 02:31 - 2015-06-22 13:56 - 00000000 ____D C:\Users\Yen\AppData\Roaming\Samsung
2015-06-12 02:31 - 2015-06-22 13:56 - 00000000 ____D C:\Users\Yen\AppData\Local\Samsung
2015-06-12 02:31 - 2015-06-12 02:31 - 00000000 ____D C:\Users\Yen\Documents\samsung
2015-06-12 02:31 - 2015-06-12 02:31 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-06-12 02:31 - 2014-10-13 07:57 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2015-06-12 02:31 - 2014-10-13 07:57 - 00110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2015-06-12 02:30 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll
2015-06-12 02:30 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll
2015-06-12 02:27 - 2015-06-12 02:29 - 77663392 _____ (Samsung Electronics Co., Ltd.) C:\Users\Yen\Downloads\KiesSetup.exe
2015-06-09 21:34 - 2015-06-01 21:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 21:34 - 2015-06-01 20:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 21:34 - 2015-05-27 16:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 21:34 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 21:34 - 2015-05-25 19:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 21:34 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 21:34 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 21:34 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-09 21:34 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-09 21:34 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 21:34 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-09 21:34 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 21:34 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 21:34 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-09 21:34 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-09 21:34 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 21:34 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-09 21:34 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 21:34 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 21:34 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-09 21:34 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-09 21:34 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 21:34 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 21:34 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 21:34 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 21:34 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 21:34 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-09 21:34 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 21:34 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 21:34 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 21:34 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 21:34 - 2015-05-22 21:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 21:34 - 2015-05-22 21:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-09 21:34 - 2015-05-22 21:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-09 21:34 - 2015-05-22 21:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 21:34 - 2015-05-22 21:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 21:34 - 2015-05-22 21:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 21:34 - 2015-05-22 21:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-09 21:34 - 2015-05-22 20:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-09 21:34 - 2015-05-22 20:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 21:34 - 2015-05-22 20:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 21:34 - 2015-05-22 20:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-09 21:34 - 2015-05-22 20:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 21:34 - 2015-05-22 20:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 21:34 - 2015-05-22 20:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 21:34 - 2015-05-22 20:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 21:34 - 2015-05-22 20:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-09 21:34 - 2015-05-22 20:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-09 21:34 - 2015-05-22 20:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 21:34 - 2015-05-22 20:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-09 21:34 - 2015-05-22 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-09 21:34 - 2015-05-22 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 21:34 - 2015-05-22 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 21:34 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 21:34 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 21:34 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 21:34 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 21:34 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 21:34 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 21:34 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 21:34 - 2015-05-22 20:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-09 21:34 - 2015-05-22 20:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 21:34 - 2015-05-22 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 21:34 - 2015-05-22 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-09 21:34 - 2015-05-22 19:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 21:34 - 2015-05-22 19:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 21:34 - 2015-05-22 19:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 21:34 - 2015-05-22 19:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 21:34 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 21:34 - 2015-04-29 20:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 21:34 - 2015-04-29 20:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 21:34 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 21:34 - 2015-04-29 20:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 21:34 - 2015-04-29 20:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 21:34 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-09 21:34 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-09 21:34 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 21:34 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 21:34 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 21:34 - 2015-04-24 20:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 21:34 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 01:10 - 2015-06-09 01:11 - 00000000 ____D C:\Users\Yen\AppData\Local\Sony
2015-06-09 01:10 - 2015-06-09 01:10 - 00001845 _____ C:\Users\Public\Desktop\Media Go.lnk
2015-06-09 01:10 - 2015-06-09 01:10 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-06-09 01:09 - 2015-06-09 01:10 - 00000000 ____D C:\Users\Yen\AppData\Roaming\Sony
2015-06-09 01:09 - 2015-06-09 01:09 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2015-06-09 00:59 - 2015-06-09 00:59 - 00000000 ____D C:\ProgramData\Sony Mobile
2015-06-09 00:59 - 2015-06-09 00:59 - 00000000 ____D C:\Program Files (x86)\Sony Mobile
2015-06-09 00:52 - 2015-06-09 01:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-06-09 00:52 - 2015-06-09 01:10 - 00000000 ____D C:\Program Files (x86)\Sony
2015-06-09 00:52 - 2015-06-09 00:52 - 00002072 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-06-09 00:52 - 2015-06-09 00:52 - 00000000 ____D C:\ProgramData\Sony
2015-06-09 00:50 - 2015-06-09 00:51 - 28684424 _____ (Sony Mobile Communications ) C:\Users\Yen\Downloads\Sony PC Companion_Web.exe
2015-06-08 17:26 - 2015-06-08 17:26 - 00001259 _____ C:\Users\Yen\Downloads\event.ics
2015-06-08 03:08 - 2015-06-08 03:08 - 00049402 _____ C:\Users\Yen\Downloads\abbreviations.xlsx
2015-06-06 00:08 - 2015-05-25 20:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-06 00:08 - 2015-05-25 20:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-06 00:08 - 2015-05-25 20:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-06 00:08 - 2015-05-25 20:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-06 00:08 - 2015-05-25 20:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-06 00:08 - 2015-05-25 20:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-06 00:08 - 2015-05-25 20:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-06 00:08 - 2015-05-25 20:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-06 00:08 - 2015-05-25 20:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-06 00:08 - 2015-05-25 20:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-06 00:08 - 2015-05-25 20:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-06 00:08 - 2015-05-25 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-06 00:08 - 2015-05-25 20:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-06 00:08 - 2015-05-25 20:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-06 00:08 - 2015-05-25 20:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-06 00:08 - 2015-05-25 20:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-06 00:08 - 2015-05-25 20:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-06 00:08 - 2015-05-25 20:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-06 00:08 - 2015-05-25 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-06 00:08 - 2015-05-25 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-06 00:08 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-06 00:08 - 2015-05-25 20:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-06 00:08 - 2015-05-25 20:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-06 00:08 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-06 00:08 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-06 00:08 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-06 00:08 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-06 00:08 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-06 00:08 - 2015-05-25 20:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-06 00:08 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-06 00:08 - 2015-05-25 19:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-06 00:08 - 2015-05-25 19:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-06 00:08 - 2015-05-25 19:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-06 00:08 - 2015-05-25 19:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-06 00:08 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-06 00:08 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-06 00:08 - 2015-05-25 18:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-06 00:08 - 2015-05-25 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-06 00:08 - 2015-05-25 18:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-06 00:08 - 2015-05-25 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-06 00:07 - 2015-05-09 05:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-06 00:07 - 2015-05-09 05:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-06 00:07 - 2015-05-09 05:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-06 00:07 - 2015-05-09 05:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-06 00:07 - 2015-05-09 05:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-06 00:07 - 2015-05-09 05:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-06 00:07 - 2015-05-09 05:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-06 00:07 - 2015-05-09 05:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-06 00:07 - 2015-05-09 05:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-06 00:07 - 2015-05-09 05:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-06 00:07 - 2015-05-09 05:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-06 00:07 - 2015-05-09 05:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-06 00:07 - 2015-05-09 05:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-06 00:07 - 2015-05-09 05:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-06 00:07 - 2015-05-09 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-06 00:07 - 2015-05-09 05:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-05 21:17 - 2015-06-05 21:17 - 00555651 _____ C:\Users\Yen\Downloads\facebooklite.zip
2015-06-05 12:40 - 2015-06-05 12:40 - 00000000 ____D C:\Users\Yen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7+ Taskbar Tweaker
2015-06-05 12:40 - 2015-06-05 12:40 - 00000000 ____D C:\Users\Yen\AppData\Roaming\7+ Taskbar Tweaker
2015-06-05 12:39 - 2015-06-05 12:39 - 01245215 _____ (RaMMicHaeL) C:\Users\Yen\Downloads\7tt_setup.exe
2015-06-04 21:57 - 2015-06-04 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2015-06-04 21:57 - 2015-06-04 21:57 - 00000000 ____D C:\Program Files\HWiNFO64
2015-06-04 21:56 - 2015-06-04 21:56 - 02723008 _____ (Martin Malík - REALiX ) C:\Users\Yen\Downloads\hw64_464.exe
2015-06-02 13:37 - 2015-06-02 13:38 - 01640200 _____ C:\Users\Yen\Downloads\battlelog-web-plugins_2.7.0_160_R2.exe
2015-06-02 12:37 - 2015-06-02 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KC Softwares
2015-06-02 12:37 - 2015-06-02 12:53 - 00000000 ____D C:\Program Files (x86)\KC Softwares
2015-06-02 12:36 - 2015-06-02 12:36 - 01542816 _____ (KC Softwares ) C:\Users\Yen\Downloads\sumo_lite.exe
2015-06-02 12:36 - 2015-06-02 12:36 - 01339704 _____ (KC Softwares ) C:\Users\Yen\Downloads\dumo_lite.exe
2015-06-01 14:10 - 2015-06-01 14:10 - 00000000 ____D C:\Users\Yen\AppData\Local\GWX
2015-06-01 13:51 - 2015-06-01 13:51 - 06431728 _____ (Microsoft Corporation) C:\Users\Yen\Downloads\OSGS14-WindowsUpgradeAssistant-32bitand64bit-ClientSKU-4141411.exe
2015-06-01 02:55 - 2015-06-01 02:55 - 08110077 _____ C:\Users\Yen\Documents\CHROME bookmarks_6_1_15.html
2015-05-31 22:01 - 2015-05-31 22:01 - 00043574 _____ C:\Users\Yen\Downloads\MCS25_pow-16 (2).xlsx
2015-05-31 22:01 - 2015-05-31 22:01 - 00043114 _____ C:\Users\Yen\Downloads\MCS25_pow-26.xlsx
2015-05-31 22:01 - 2015-05-31 22:01 - 00040160 _____ C:\Users\Yen\Downloads\MCS25_pow-20.xlsx
2015-05-31 14:14 - 2015-05-31 14:14 - 11535798 _____ C:\Users\Yen\Documents\CHROME bookmarks_5_31_15.html
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-22 17:18 - 2012-12-22 20:37 - 00000000 ____D C:\Users\Yen\AppData\Local\WhatPulse
2015-06-22 17:18 - 2012-09-19 23:34 - 00000000 ____D C:\Users\Yen\AppData\Roaming\uTorrent
2015-06-22 17:09 - 2015-02-19 01:58 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04bd6ccf74c31.job
2015-06-22 17:04 - 2014-08-04 16:32 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-22 16:35 - 2014-04-25 14:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 16:35 - 2014-04-08 15:36 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2FD01670-4D29-43AD-ACFC-2E2DD03014C7}
2015-06-22 16:35 - 2012-09-19 13:58 - 01338729 _____ C:\Windows\WindowsUpdate.log
2015-06-22 16:35 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-22 16:35 - 2009-07-14 06:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-22 16:34 - 2012-09-19 23:49 - 00000000 ___RD C:\Users\Yen\Dropbox
2015-06-22 16:34 - 2012-09-19 23:47 - 00000000 ____D C:\Users\Yen\AppData\Roaming\Dropbox
2015-06-22 16:31 - 2009-07-14 07:13 - 00928304 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-22 16:28 - 2012-09-23 13:16 - 00003486 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-22 16:28 - 2012-09-19 23:01 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-22 16:27 - 2015-02-19 01:58 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04bd6ccd5f8ed.job
2015-06-22 16:27 - 2014-08-04 16:32 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-22 16:27 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-22 16:22 - 2014-03-01 15:51 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-22 16:13 - 2014-12-06 19:44 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-22 13:56 - 2014-06-25 20:14 - 00000000 ____D C:\ProgramData\Samsung
2015-06-22 13:56 - 2014-06-25 20:14 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-06-22 13:56 - 2012-09-19 14:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-22 12:57 - 2009-07-14 07:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-21 15:49 - 2012-09-20 00:59 - 00000000 ____D C:\Users\Yen\AppData\Local\Spotify
2015-06-21 15:49 - 2012-09-20 00:58 - 00000000 ____D C:\Users\Yen\AppData\Roaming\Spotify
2015-06-20 18:07 - 2014-07-11 20:25 - 00000000 ____D C:\Windows\rescache
2015-06-18 16:22 - 2012-09-19 23:22 - 00000000 ____D C:\ProgramData\Origin
2015-06-13 15:00 - 2014-10-19 16:57 - 00000000 ____D C:\Users\Yen\AppData\Local\Downloaded Installations
2015-06-13 13:57 - 2014-11-15 18:39 - 00000000 __SHD C:\Users\Yen\AppData\Local\EmieBrowserModeList
2015-06-13 13:57 - 2014-04-23 01:58 - 00000000 __SHD C:\Users\Yen\AppData\Local\EmieUserList
2015-06-13 13:57 - 2014-04-23 01:58 - 00000000 __SHD C:\Users\Yen\AppData\Local\EmieSiteList
2015-06-13 11:47 - 2012-09-19 23:24 - 00000000 ____D C:\Users\Yen\AppData\Roaming\Origin
2015-06-13 11:47 - 2012-09-19 23:22 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-11 12:49 - 2014-10-04 13:06 - 00002221 _____ C:\Users\Yen\Desktop\Google Chrome.lnk
2015-06-10 12:03 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 03:11 - 2014-12-11 05:16 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 03:11 - 2014-04-28 21:14 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 03:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 03:05 - 2012-09-23 13:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 03:04 - 2013-07-15 16:56 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 03:00 - 2012-09-19 14:48 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 20:22 - 2014-03-01 15:51 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-09 20:22 - 2012-09-20 00:55 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 20:22 - 2012-09-20 00:55 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 19:33 - 2012-09-19 21:26 - 00000000 ____D C:\Users\Yen\Documents\Visual Studio 2012
2015-06-09 01:10 - 2012-09-19 14:04 - 00000000 ____D C:\Users\Yen
2015-06-05 19:19 - 2014-04-25 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-05 19:19 - 2014-04-25 14:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-05 12:46 - 2012-09-19 23:41 - 00000000 ____D C:\Users\Yen\AppData\Roaming\Nitro PDF
2015-06-03 20:13 - 2014-02-13 02:06 - 00000000 ____D C:\Users\Yen\AppData\Local\GitHub
2015-06-03 20:11 - 2014-02-13 02:06 - 00000000 ____D C:\Users\Yen\AppData\Roaming\GitHub
2015-06-03 20:11 - 2012-09-19 14:47 - 00000000 ____D C:\Users\Yen\AppData\Local\Deployment
2015-06-02 13:38 - 2012-09-19 18:49 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2015-05-31 21:28 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
 
==================== Files in the root of some directories =======
 
2012-10-17 20:20 - 2011-04-10 16:26 - 0002600 _____ () C:\Users\Yen\AppData\Roaming\.emacs
2013-02-09 18:13 - 2014-02-16 00:40 - 0001178 _____ () C:\Users\Yen\AppData\Roaming\burnaware.ini
2013-02-09 18:25 - 2013-02-10 14:05 - 0099384 _____ () C:\Users\Yen\AppData\Roaming\inst.exe
2013-02-09 18:25 - 2013-02-10 14:05 - 0007859 _____ () C:\Users\Yen\AppData\Roaming\pcouffin.cat
2013-02-09 18:25 - 2013-02-10 14:05 - 0001167 _____ () C:\Users\Yen\AppData\Roaming\pcouffin.inf
2013-02-09 18:25 - 2013-02-10 14:05 - 0000055 _____ () C:\Users\Yen\AppData\Roaming\pcouffin.log
2013-02-09 18:25 - 2013-02-10 14:05 - 0082816 _____ (VSO Software) C:\Users\Yen\AppData\Roaming\pcouffin.sys
2015-06-19 17:58 - 2015-06-19 17:58 - 0019366 _____ () C:\Users\Yen\AppData\Roaming\UserTile.png
2012-09-19 22:31 - 2012-09-20 19:37 - 0000079 _____ () C:\Users\Yen\AppData\Local\CrystalDiskMark30.ini
2012-12-12 21:06 - 2012-12-12 21:06 - 0000091 _____ () C:\Users\Yen\AppData\Local\fusioncache.dat
2014-10-17 00:54 - 2014-10-17 00:54 - 0004096 ____H () C:\Users\Yen\AppData\Local\keyfile3.drm
2015-05-03 23:34 - 2015-05-03 23:34 - 5522316 _____ () C:\Users\Yen\AppData\Local\package.nw.new
2015-05-11 21:58 - 2015-05-11 21:58 - 0000706 _____ () C:\Users\Yen\AppData\Local\recently-used.xbel
2012-10-05 18:35 - 2014-11-18 21:40 - 0007647 _____ () C:\Users\Yen\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\Yen\AppData\Local\setup.txt
2015-04-16 20:10 - 2015-04-16 20:10 - 0740775 _____ () C:\ProgramData\AndyDrivers.zip
 
Some files in TEMP:
====================
C:\Users\Yen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbsxwpc.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-21 13:04
 
==================== End of log ============================
 
 
 
 
===========================================================================================================
 
Addition.txt file:
 
Attached File  Addition.txt   68.31KB   2 downloads

Edited by Asgaro, 23 June 2015 - 09:03 AM.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 AM

Posted 25 June 2015 - 08:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled

Turn System Restore on - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Honey) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-06-03]
CHR HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Yen\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
R2 OracleOraDb11g_home1TNSListener; C:\app\Yen\product\11.2.0\dbhome_1\BIN\TNSLSNR  [X]
S3 NPF; No ImagePath
S3 VGPU; No ImagePath
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 pmem; \??\C:\Users\Yen\AppData\Local\Temp\_MEI45402\drivers\winpmem64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:548232DE
C:\Users\Yen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbsxwpc.dll
Task: {9B5A9820-98CC-4349-A9BB-A993F34FA7DD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-09-23] ()
C:\Windows\System32\Tasks\AutoKMS

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 Asgaro

Asgaro
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:21 PM

Posted 25 June 2015 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled

Turn System Restore on - Windows Help
http://windows.microsoft.com/en-ca/windows/turn-system-restore-on-off#1TC=windows-7
===



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Honey) - C:\Users\Yen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2015-06-03]
CHR HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Yen\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-2264739400-1295426871-2886371116-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files (x86)\Sony\Media Go\MediaGoDetector.crx" [Not Found]
R2 OracleOraDb11g_home1TNSListener; C:\app\Yen\product\11.2.0\dbhome_1\BIN\TNSLSNR  [X]
S3 NPF; No ImagePath
S3 VGPU; No ImagePath
S3 MSI_MSIBIOS_010507; \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [X]
S3 pmem; \??\C:\Users\Yen\AppData\Local\Temp\_MEI45402\drivers\winpmem64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57
AlternateDataStreams: C:\ProgramData\TEMP:548232DE
C:\Users\Yen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbsxwpc.dll
Task: {9B5A9820-98CC-4349-A9BB-A993F34FA7DD} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-09-23] ()
C:\Windows\System32\Tasks\AutoKMS

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

 

 

Hi nasdaq,

 

 

Thank you for taking your time, but the issue eventually has been fixed already... :)

 

Feel free to edit my start post if you feel there is incorrect information. Since I don't really have the authority to provide solutions to users on this forum, as is to be expected.

 

But I did take a look at what you recommended:

- System Restore is indeed disabled, but it's on purpose: to save space on my SSD. Though yes, I should probably enable it and allow a bit of disk space to be used.

- I uninstalled some Chrome extensions, like for example the mentioned Honey.

- The AutoKMS task however, I will keep running.

 

Again, thank you for your time. And when I have any problems in the future, I will definitely come back here for professional advice!

 

 

Kind regards,

Asgaro



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 AM

Posted 26 June 2015 - 06:23 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users