Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

InstalleRex repeatedly found by antivirus


  • This topic is locked This topic is locked
11 replies to this topic

#1 2lean4

2lean4

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 18 August 2015 - 02:34 PM

hello, upon startup or wake from hybrid sleep microsoft security essentials detects win32/InstalleRex at C:\Users\Light\AppData\Local\Temp\is-HMQ8I.tmp\chrome.exe (the name of the folder inside temp varies with an apparently random string of numbers and letters), MSE reports it as quarantined but detects it again after reboot
 
thanks in advance for the help
 
edit: it actually appears that it is attempting to run hourly, though it is still being blocked by MSE every time

Edited by 2lean4, 18 August 2015 - 06:42 PM.


BC AdBot (Login to Remove)

 


m

#2 2lean4

2lean4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 18 August 2015 - 02:35 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-08-2015
Ran by Light (administrator) on LIGHT_PC (18-08-2015 11:53:13)
Running from C:\Users\Light\Downloads
Loaded Profiles: Light (Available Profiles: Light)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(MakerBot) C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Update\GoogleUpdate.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Users\Light\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe
(Dropbox, Inc.) C:\Users\Light\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6470760 2012-05-07] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [ControlCenterCount] => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-26] (MSI CO.,LTD.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\...\Run: [Google Update] => C:\Users\Light\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-30] (Google Inc.)
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-12] (Valve Corporation)
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\...\Run: [MusicManager] => C:\Users\Light\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIKAE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-7620 Series"
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\...\Run: [Dropbox Update] => C:\Users\Light\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
Startup: C:\Users\Light\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Light\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Light\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (http://tortoisesvn.net)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = 
SearchScopes: HKU\S-1-5-21-2254185690-3351779975-16188528-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-2254185690-3351779975-16188528-1000 -> {0627D6C3-A615-4a14-9AFF-E90E93876062} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7256076927&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7256076927&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2254185690-3351779975-16188528-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKU\S-1-5-21-2254185690-3351779975-16188528-1000 -> {9F0DDD5E-DEE2-4210-9593-35BE93DEBA54} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=MMBROWSV
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-23] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-21] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{92717C10-0678-412C-A18E-4509B9CC0B43}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{92717C10-0678-412C-A18E-4509B9CC0B43}: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-25] (ESN Social Software AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\9.0.1.4092550\npmathplugin.dll [2013-02-07] (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin-x32: BYOND -> C:\Program Files (x86)\BYOND\bin\npbyond.dll [2008-07-08] (BYOND)
FF Plugin HKU\S-1-5-21-2254185690-3351779975-16188528-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Light\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2254185690-3351779975-16188528-1000: @talk.google.com/O1DPlugin -> C:\Users\Light\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2254185690-3351779975-16188528-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Light\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2254185690-3351779975-16188528-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Light\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2254185690-3351779975-16188528-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Light\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2254185690-3351779975-16188528-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-05] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Light\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Light\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-27]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
 
Chrome: 
=======
CHR Profile: C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-18]
CHR Extension: (YouTube) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-30]
CHR Extension: (Pushbullet) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2015-05-16]
CHR Extension: (Google Search) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-30]
CHR Extension: (Morpheon Dark - Aero) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpnbbonpgadmkipdlclghcekaklebdpi [2012-10-11]
CHR Extension: (No Name) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp [2015-08-18]
CHR Extension: (AdBlock) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-09-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-02-03]
CHR Extension: (Gmail) - C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-30]
StartMenuInternet: Google Chrome.G5GEENH6YOKLISAQDWCI6ORSBU - C:\Users\Light\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1125888 2015-07-22] ()
R3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2014-12-06] (EasyAntiCheat Ltd)
S3 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1718840 2015-07-26] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6871608 2015-07-26] (GOG.com)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-02-28] (Hi-Rez Studios) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 MakerBot Conveyor Service; C:\Program Files\MakerBot\MakerWare\conveyor-svc.exe [85504 2015-03-04] (MakerBot) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2012-02-01] ()
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [142904 2012-05-22] (MSI)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2007048 2015-07-30] (Electronic Arts)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [99616 2014-03-05] (Overwolf LTD)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-05-30] ()
R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2013-01-01] (Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-07-17] (Popcorn Time) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-06-27] (Disc Soft Ltd)
R2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [84992 2015-01-30] (Intel  Corporation)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-06-01] (Riverbed Technology, Inc.)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
S2 TICalc; C:\Windows\SysWow64\Drivers\TICalc.sys [9152 1999-08-30] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 11:53 - 2015-08-18 11:55 - 00034938 _____ C:\Users\Light\Downloads\FRST.txt
2015-08-18 11:52 - 2015-08-18 11:53 - 00000000 ____D C:\FRST
2015-08-18 11:52 - 2015-08-18 11:52 - 02173440 _____ (Farbar) C:\Users\Light\Downloads\FRST64.exe
2015-08-18 11:47 - 2015-08-18 11:47 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Light\Downloads\tdsskiller.exe
2015-08-18 11:42 - 2015-08-18 11:48 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-18 11:41 - 2015-08-18 11:42 - 11032736 _____ (SurfRight B.V.) C:\Users\Light\Downloads\HitmanPro_x64.exe
2015-08-18 11:40 - 2015-08-18 11:40 - 00050477 _____ C:\Users\Light\Downloads\Defogger.exe
2015-08-18 11:40 - 2015-08-18 11:40 - 00000472 _____ C:\Users\Light\Downloads\defogger_disable.log
2015-08-18 11:40 - 2015-08-18 11:40 - 00000000 _____ C:\Users\Light\defogger_reenable
2015-08-18 00:32 - 2015-08-18 00:32 - 01798040 _____ (Malwarebytes Corporation) C:\Users\Light\Downloads\JRT.exe
2015-08-17 10:53 - 2015-08-17 10:53 - 00000000 ____D C:\Program Files (x86)\ESET
2015-08-17 10:47 - 2015-08-17 10:47 - 00001089 _____ C:\AdwCleaner[C3].txt
2015-08-17 10:46 - 2015-08-17 10:47 - 00000935 _____ C:\AdwCleaner[S3].txt
2015-08-17 10:35 - 2015-08-17 10:35 - 00448512 _____ (OldTimer Tools) C:\Users\Light\Downloads\TFC.exe
2015-08-17 10:15 - 2015-08-17 23:34 - 00000128 _____ C:\Users\Light\Desktop\cleaning.txt
2015-08-17 09:28 - 2015-08-17 09:29 - 00001566 _____ C:\AdwCleaner[C2].txt
2015-08-17 09:24 - 2015-08-17 09:27 - 00001382 _____ C:\AdwCleaner[S2].txt
2015-08-17 01:15 - 2015-08-17 01:16 - 00004567 _____ C:\AdwCleaner[C1].txt
2015-08-17 01:14 - 2015-08-17 01:16 - 00000000 ____D C:\AdwCleaner
2015-08-17 01:14 - 2015-08-17 01:15 - 00004121 _____ C:\AdwCleaner[S1].txt
2015-08-17 01:13 - 2015-08-17 01:13 - 01563648 _____ C:\Users\Light\Downloads\adwcleaner_5.000.exe
2015-08-16 22:44 - 2015-08-16 22:44 - 00001601 _____ C:\Users\Public\Desktop\TIS-100.lnk
2015-08-16 22:44 - 2015-08-16 22:44 - 00000218 _____ C:\Users\Light\AppData\Local\recently-used.xbel
2015-08-16 22:43 - 2015-08-16 22:43 - 00000000 ____D C:\Users\Light\Downloads\TIS-100 (GOG) (Windows)
2015-08-16 17:39 - 2015-08-16 17:59 - 00000000 ____D C:\Users\Light\AppData\Local\Arma 3 Launcher
2015-08-16 17:39 - 2015-08-16 17:39 - 00000000 ____D C:\Users\Light\AppData\Local\Bohemia_Interactive
2015-08-16 17:11 - 2015-08-18 11:34 - 00003574 _____ C:\Windows\System32\Tasks\GoogleUpdateClient
2015-08-16 17:11 - 2015-08-16 17:11 - 00003318 _____ C:\Windows\System32\Tasks\GoogleUpdate
2015-08-14 14:59 - 2015-08-14 14:59 - 05097780 _____ C:\Users\Light\Downloads\pcsx2-v1.3.1-952-g84744d4-windows-x86.7z
2015-08-13 10:33 - 2015-08-13 10:33 - 00000000 ____D C:\ProgramData\ATI
2015-08-13 10:32 - 2015-08-13 10:32 - 00053615 _____ C:\Windows\SysWOW64\CCCInstall_201508131032587758.log
2015-08-13 10:32 - 2015-08-13 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-08-13 00:21 - 2010-09-16 00:13 - 02601752 _____ C:\Windows\SysWOW64\pbsvc_moh.exe
2015-08-12 21:52 - 2015-08-12 21:56 - 00000000 ____D C:\Users\Light\Desktop\flahsdrive backup
2015-08-12 16:42 - 2015-08-12 16:42 - 00002039 _____ C:\Users\Public\Desktop\VCarve Pro Trial Edition 8.0.lnk
2015-08-12 16:42 - 2015-08-12 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCarve Pro Trial Edition 8.0
2015-08-12 16:41 - 2015-08-12 16:41 - 00000000 ____D C:\ProgramData\Vectric
2015-08-12 16:40 - 2015-08-12 16:42 - 00000000 ____D C:\Program Files\VCarve Pro Trial Edition 8.0
2015-08-12 16:40 - 2015-08-12 16:40 - 00217742 _____ C:\Users\Light\Downloads\AR15_blueprint.zip
2015-08-12 16:39 - 2015-08-12 16:39 - 02402997 _____ C:\Users\Light\Downloads\AR15_Lower_Receiver.exe
2015-08-12 16:36 - 2015-08-12 16:38 - 166296704 _____ (Vectric Ltd.) C:\Users\Light\Downloads\VCarveProTrialEditionV8020_SetupENU.exe
2015-08-12 16:36 - 2015-08-12 16:36 - 01086431 _____ C:\Users\Light\ar-prototype-cad.ai
2015-08-12 05:03 - 2015-08-13 03:31 - 00002758 _____ C:\Windows\PFRO.log
2015-08-12 04:34 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 04:34 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 23:50 - 2015-08-11 23:50 - 00000000 ____D C:\Users\Light\AppData\Local\Activision
2015-08-11 12:58 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 12:58 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 12:58 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 12:58 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 12:58 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 12:58 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 12:58 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 12:58 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 12:58 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 12:58 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 12:58 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 12:58 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 12:58 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 12:58 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 12:58 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 12:58 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 12:58 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 12:58 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 12:58 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 12:58 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 12:58 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 12:58 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 12:58 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 12:58 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 12:58 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 12:58 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-11 12:58 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 12:58 - 2015-07-16 12:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 12:58 - 2015-07-16 12:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-11 12:58 - 2015-07-16 12:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 12:58 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 12:58 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 12:58 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 12:58 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 12:58 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 12:58 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 12:58 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 12:58 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 12:58 - 2015-07-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-11 12:58 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 12:58 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 12:58 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 12:57 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 12:57 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 12:57 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 12:57 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 12:57 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 12:57 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 12:57 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 12:57 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 12:57 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 12:57 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 12:57 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 12:57 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 12:57 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 12:57 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 12:57 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 12:57 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 12:57 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 12:57 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 12:57 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 12:57 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 12:57 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 12:57 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 12:57 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 12:57 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 12:57 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 12:57 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 12:57 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 12:57 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 12:57 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 12:57 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 12:57 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 12:57 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 12:57 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 12:57 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 12:57 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 12:57 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 12:57 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 12:57 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 12:57 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 12:57 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 12:57 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 12:57 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 12:57 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 12:57 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 12:57 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 12:57 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 12:56 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 12:55 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 12:55 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 12:55 - 2015-07-16 13:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-11 12:55 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 12:55 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 12:55 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 12:55 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 12:55 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 12:55 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 12:55 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 12:55 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 12:55 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 12:55 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 12:55 - 2015-07-16 13:20 - 19870208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-11 12:55 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 12:55 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 12:55 - 2015-07-16 13:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-11 12:55 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 12:55 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 12:55 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 12:55 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 12:55 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 12:55 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 12:55 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 12:55 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 12:55 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 12:55 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 12:55 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 12:55 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 12:55 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 12:55 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 12:55 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 12:55 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 12:55 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 12:55 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 12:55 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 12:55 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 12:55 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 12:55 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 12:55 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 12:55 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 12:55 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 12:55 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 12:55 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 12:55 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 12:55 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 12:55 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 12:55 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 12:55 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 12:54 - 2015-07-16 14:14 - 25192448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-11 12:54 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 12:54 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 12:54 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 12:54 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 12:54 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 12:54 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 12:54 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 12:54 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 12:54 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 12:54 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 12:54 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 12:54 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 12:54 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 12:54 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 12:52 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 12:52 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 12:52 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 12:52 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 12:52 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 12:52 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 12:52 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 12:52 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 12:52 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 12:52 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 12:52 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 12:52 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 12:52 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 12:52 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 12:52 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 12:52 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 12:52 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 12:52 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 10:09 - 2015-08-11 10:09 - 00000000 ____D C:\Users\Light\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-11 03:00 - 2015-08-11 03:01 - 00000000 ___HD C:\$Windows.~BT
2015-08-11 01:33 - 2015-08-11 01:38 - 00000000 ____D C:\Users\Light\AppData\Roaming\SyncTERM
2015-08-11 01:33 - 2015-08-11 01:33 - 00000000 ____D C:\ProgramData\SyncTERM
2015-08-11 01:32 - 2015-08-11 01:32 - 02262354 _____ C:\Users\Light\Downloads\syncterm.zip
2015-08-10 11:25 - 2015-08-10 16:07 - 00000000 ____D C:\Users\Light\Documents\ppsspp
2015-08-10 11:25 - 2015-08-10 11:31 - 1454478430 _____ C:\Users\Light\Downloads\Metal_Gear_Solid_Peace_Walker_USA_PSP-pSyPSP.rar
2015-08-10 11:23 - 2015-08-10 11:24 - 14466492 _____ C:\Users\Light\Downloads\ppsspp_win.zip
2015-08-09 21:16 - 2015-08-09 21:16 - 00026905 _____ C:\Users\Light\Downloads\loag.lha
2015-08-08 16:49 - 2015-08-17 09:32 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-08 16:49 - 2015-08-08 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-08 16:49 - 2015-08-08 16:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-08 16:49 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-08 16:49 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-07 17:49 - 2015-08-07 17:55 - 00000000 ____D C:\Program Files\Cloud Imperium Games
2015-08-07 17:49 - 2015-08-07 17:49 - 00104048 _____ (Cloud Imperium Games) C:\Users\Light\Downloads\Star_Citizen_Launcher_Setup_2.3.4.exe
2015-08-07 17:49 - 2015-08-07 17:49 - 00000911 _____ C:\Users\Light\Desktop\Star Citizen Launcher.lnk
2015-08-07 17:49 - 2015-08-07 17:49 - 00000000 ____D C:\Users\Light\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher
2015-08-07 17:49 - 2015-08-07 17:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher
2015-08-05 18:41 - 2015-08-05 18:42 - 61357138 _____ C:\Users\Light\Downloads\SpaceEngineers-master.zip
2015-08-05 14:45 - 2015-08-05 14:50 - 141430097 _____ C:\Users\Light\Downloads\Mafia I Unlimited Draw Distance Mod.zip
2015-08-05 12:15 - 1998-11-18 16:33 - 00144384 _____ (Intel Corporation) C:\Windows\SysWOW64\Iacenc.dll
2015-08-05 12:00 - 2015-08-05 12:00 - 01887279 _____ C:\Users\Light\Downloads\iv5setup.zip
2015-08-05 12:00 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-08-05 11:53 - 2015-08-05 12:03 - 18245115 _____ C:\Users\Light\Downloads\mafia_patch_1.2_eng.exe
2015-08-05 11:52 - 2015-08-05 11:52 - 01491494 _____ C:\Users\Light\Downloads\unlimiteddrawdistance.rar
2015-08-05 11:49 - 2015-08-05 11:49 - 00752769 _____ C:\Users\Light\Downloads\frm24.zip
2015-08-05 11:49 - 2015-08-05 11:49 - 00026984 _____ C:\Users\Light\Downloads\mafia_data_xtractor_11-1.zip
2015-08-05 11:48 - 2015-08-05 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia
2015-08-05 11:08 - 2015-08-12 23:41 - 00000000 ____D C:\Users\Light\Downloads\[PC] Mafia  [ENG]-[RIP] [dopeman]
2015-08-04 21:49 - 2015-08-09 00:32 - 00000000 ____D C:\Users\Light\Downloads\Mad Max Fury Road 2015 1080p WEB-DL x264 AC3-JYK
2015-08-04 15:51 - 2015-08-04 15:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-08-03 23:29 - 2015-08-03 23:29 - 00107784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-08-03 23:29 - 2015-08-03 23:29 - 00100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-08-03 23:28 - 2015-08-03 23:28 - 07929616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-08-03 23:28 - 2015-08-03 23:28 - 07408936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-08-03 23:28 - 2015-08-03 23:28 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-08-03 23:28 - 2015-08-03 23:28 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-08-03 23:28 - 2015-08-03 23:28 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-08-03 23:28 - 2015-08-03 23:28 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-08-03 23:28 - 2015-08-03 23:28 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-08-03 23:28 - 2015-08-03 23:28 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-08-03 23:28 - 2015-08-03 23:28 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-08-03 23:25 - 2015-08-03 23:25 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-08-03 23:23 - 2015-08-03 23:23 - 21622784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-08-03 23:19 - 2015-08-03 23:19 - 00235008 _____ C:\Windows\system32\clinfo.exe
2015-08-03 23:18 - 2015-08-03 23:18 - 47785472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-08-03 23:14 - 2015-08-03 23:14 - 39714304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-08-03 23:09 - 2015-08-03 23:09 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-03 23:09 - 2015-08-03 23:09 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-03 22:58 - 2015-08-03 22:58 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-08-03 22:57 - 2015-08-03 22:57 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-08-03 21:12 - 2015-08-03 21:12 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-08-03 21:12 - 2015-08-03 21:12 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-08-03 21:11 - 2015-08-03 21:11 - 06477312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-08-03 20:43 - 2015-08-03 20:43 - 05068288 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-08-03 20:21 - 2015-08-03 20:21 - 00093696 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-08-03 20:21 - 2015-08-03 20:21 - 00086528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-08-03 19:32 - 2015-08-03 19:32 - 25299968 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-08-03 19:25 - 2015-08-03 19:25 - 00660928 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-08-03 19:25 - 2015-08-03 19:25 - 00660928 _____ C:\Windows\system32\atiapfxx.blb
2015-08-03 19:25 - 2015-08-03 19:25 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-08-03 19:25 - 2015-08-03 19:25 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-08-03 19:25 - 2015-08-03 19:25 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-08-03 19:24 - 2015-08-03 19:24 - 15716864 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-08-03 19:24 - 2015-08-03 19:24 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-08-03 19:24 - 2015-08-03 19:24 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-08-03 19:21 - 2015-08-03 19:21 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-08-03 19:21 - 2015-08-03 19:21 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-08-03 19:21 - 2015-08-03 19:21 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-08-03 19:16 - 2015-08-03 19:16 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-08-03 19:07 - 2015-08-03 19:07 - 00672768 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-08-03 19:07 - 2015-08-03 19:07 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-08-03 19:07 - 2015-08-03 19:07 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-08-03 19:07 - 2015-08-03 19:07 - 00160256 _____ C:\Windows\system32\atieah64.exe
2015-08-03 19:07 - 2015-08-03 19:07 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe
2015-08-03 19:07 - 2015-08-03 19:07 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-08-03 19:06 - 2015-08-03 19:06 - 00246784 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-08-03 19:05 - 2015-08-03 19:05 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-08-03 19:00 - 2015-08-03 19:00 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-08-03 18:48 - 2015-08-03 18:48 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll
2015-08-03 18:48 - 2015-08-03 18:48 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-08-03 18:47 - 2015-08-03 18:47 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-08-03 18:43 - 2015-08-03 18:43 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-08-03 18:43 - 2015-08-03 18:43 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-08-03 18:43 - 2015-08-03 18:43 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-08-03 18:43 - 2015-08-03 18:43 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-08-03 18:42 - 2015-08-03 18:42 - 00665088 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-08-03 18:42 - 2015-08-03 18:42 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-08-03 18:37 - 2015-08-03 18:37 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll
2015-08-03 18:37 - 2015-08-03 18:37 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-08-03 18:35 - 2015-08-03 18:35 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-08-03 01:12 - 2015-08-13 00:19 - 00055419 _____ C:\Windows\DirectX.log
2015-08-02 21:53 - 2015-08-18 00:53 - 00005455 _____ C:\Windows\setupact.log
2015-08-02 21:53 - 2015-08-02 21:53 - 00000000 _____ C:\Windows\setuperr.log
2015-08-01 15:54 - 2015-08-01 15:56 - 423905778 _____ C:\Users\Light\Downloads\freedomplanet_ost_mp3_1437004554.zip
2015-07-31 19:52 - 2015-07-31 19:52 - 09030542 _____ C:\Users\Light\Downloads\MAFIA.2.V1.2.ALL.SKIDROW.NODVD.ZIP
2015-07-31 00:21 - 2015-07-31 00:43 - 00000000 ____D C:\Users\Light\Documents\Endless Space
2015-07-29 22:16 - 2015-07-29 22:16 - 00000000 ___HD C:\$Windows.~WS
2015-07-29 22:14 - 2015-07-29 22:14 - 19646888 _____ (Microsoft Corporation) C:\Users\Light\Downloads\MediaCreationToolx64.exe
2015-07-29 01:36 - 2015-07-29 01:41 - 00000000 ____D C:\Program Files (x86)\Popcorn Time
2015-07-29 01:35 - 2015-07-29 01:35 - 51551760 _____ (Popcorn Time ) C:\Users\Light\Downloads\PopcornTime-latest.exe
2015-07-29 01:08 - 2015-07-29 01:08 - 00764840 _____ C:\Users\Light\Downloads\AR15_Lower_Receiver.zip
2015-07-29 01:07 - 2015-07-29 01:07 - 00400413 _____ C:\Users\Light\Downloads\AR15_Lower_Receiver.eprt
2015-07-29 01:02 - 2015-07-29 01:06 - 00257536 _____ C:\Users\Light\test vcarve file.crv
2015-07-29 00:45 - 2015-07-29 00:45 - 00015207 _____ C:\Users\Light\Downloads\fff-forward.zip
2015-07-29 00:14 - 2015-07-29 00:15 - 00056724 _____ C:\Users\Light\Downloads\magneto-boldextended.ttf
2015-07-29 00:01 - 2015-07-29 00:02 - 00000000 ____D C:\Users\Public\Documents\Vectric Files
2015-07-29 00:01 - 2015-07-29 00:01 - 00000000 ____D C:\Program Files\Common Files\Vectric
2015-07-28 11:11 - 2015-07-28 11:11 - 00000000 ____D C:\Users\Light\AppData\Local\ExploringWinds
2015-07-28 10:48 - 2015-07-28 10:53 - 678317495 _____ C:\Users\Light\Downloads\Clouds_Below_1_1.rar
2015-07-27 20:54 - 2015-07-27 20:54 - 00524288 _____ C:\Users\Light\Downloads\lsdj1_3_5b_demo.gb
2015-07-27 20:53 - 2015-07-27 20:54 - 00000000 ____D C:\Users\Light\Documents\gba
2015-07-27 20:52 - 2015-07-27 20:52 - 00659797 _____ C:\Users\Light\Downloads\VisualBoyAdvance-1.8.0-beta3.zip
2015-07-26 15:10 - 2015-07-26 15:14 - 113856192 _____ (Frontier Developments ) C:\Users\Light\Downloads\EliteDangerous-Client-Installer.exe
2015-07-26 14:11 - 2015-07-26 14:57 - 00000000 __RHD C:\ESD
2015-07-26 14:02 - 2015-07-26 14:02 - 03070082 _____ C:\Users\Light\Downloads\The.Ultimate.PID.Checker.v1.2.0.606.rar
2015-07-26 13:56 - 2015-07-26 13:56 - 01483336 _____ (Microsoft Corporation) C:\Users\Light\Downloads\mediacreationtool.exe
2015-07-26 12:47 - 2015-07-26 12:49 - 509827480 _____ (GOG.com ) C:\Users\Light\Downloads\Unconfirmed 800796.crdownload
2015-07-26 12:37 - 2015-07-26 12:40 - 509827480 _____ (GOG.com ) C:\Users\Light\Downloads\Unconfirmed 712870.crdownload
2015-07-25 15:36 - 2015-07-25 15:36 - 18955146 _____ C:\Users\Light\Downloads\Fallout.wav
2015-07-25 10:31 - 2015-07-25 10:32 - 00000245 _____ C:\Users\Light\Downloads\radio-sidewinder.m3u
2015-07-24 16:51 - 2015-07-24 16:51 - 00254674 _____ C:\Users\Light\Downloads\ED_Skin.vlt
2015-07-21 20:29 - 2015-08-16 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hacknet
2015-07-21 20:24 - 2015-07-21 20:24 - 24743936 _____ C:\Users\Light\Downloads\Hacknet_v1.23.msi
2015-07-21 19:58 - 2015-07-21 20:06 - 00000000 ____D C:\Users\Light\.zenmap
2015-07-21 19:57 - 2015-07-21 19:57 - 00000000 ____D C:\Users\Light\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
2015-07-21 19:56 - 2015-07-21 19:56 - 00000000 ____D C:\Program Files\WinPcap
2015-07-21 19:56 - 2015-07-21 19:56 - 00000000 ____D C:\Program Files (x86)\Nmap
2015-07-21 19:55 - 2015-07-21 19:55 - 25303598 _____ (Insecure.org) C:\Users\Light\Downloads\nmap-6.49BETA4-setup.exe
2015-07-20 01:07 - 2015-07-20 01:07 - 00053311 _____ C:\Cut3D.dmp
2015-07-20 01:03 - 2015-07-20 01:07 - 00000000 ____D C:\Users\Light\AppData\Roaming\FreeCAD
2015-07-20 00:38 - 2015-07-20 00:38 - 02430562 _____ C:\Users\Light\Downloads\ar15cadfiles.zip
2015-07-20 00:36 - 2015-07-20 00:39 - 202240919 _____ C:\Users\Light\Downloads\FreeCAD-0.15.4671_x64_setup.exe
2015-07-20 00:31 - 2015-07-20 01:08 - 00000000 ____D C:\Program Files (x86)\Cut3D Trial
2015-07-20 00:31 - 2015-07-20 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cut3D Trial
2015-07-20 00:30 - 2015-07-20 00:30 - 10565168 _____ C:\Users\Light\Downloads\Cut3DTrialSetup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-18 11:43 - 2013-04-24 19:13 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-18 11:42 - 2009-07-13 21:45 - 00017472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-18 11:42 - 2009-07-13 21:45 - 00017472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-18 11:41 - 2015-06-24 15:31 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2254185690-3351779975-16188528-1000UA.job
2015-08-18 11:40 - 2012-09-30 04:10 - 00000000 ____D C:\Users\Light
2015-08-18 11:35 - 2012-09-30 05:03 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2254185690-3351779975-16188528-1000UA.job
2015-08-18 11:34 - 2014-12-06 23:48 - 01913010 _____ C:\Windows\WindowsUpdate.log
2015-08-18 11:34 - 2012-12-20 21:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-18 01:02 - 2012-09-30 10:38 - 00000000 ___RD C:\Users\Light\Dropbox
2015-08-18 01:00 - 2012-09-30 09:53 - 00000000 ____D C:\Users\Light\AppData\Roaming\Dropbox
2015-08-18 00:55 - 2012-09-29 14:15 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-18 00:54 - 2015-02-18 19:33 - 00000479 _____ C:\Windows\system32\conveyor-svc.log
2015-08-18 00:54 - 2013-04-24 19:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-18 00:54 - 2012-10-18 22:46 - 00000000 ____D C:\temp
2015-08-18 00:53 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-17 01:08 - 2012-09-29 14:22 - 00000000 ____D C:\Users\Light\AppData\Roaming\Skype
2015-08-17 00:50 - 2012-09-29 19:19 - 00000000 ____D C:\Users\Light\AppData\Roaming\vlc
2015-08-16 22:45 - 2012-09-30 10:52 - 00000000 ____D C:\Users\Light\Documents\My Games
2015-08-16 22:45 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-16 22:44 - 2013-02-05 20:17 - 00000000 ____D C:\GOG Games
2015-08-16 22:44 - 2013-01-29 21:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-08-16 21:46 - 2012-10-01 18:03 - 00759898 _____ C:\Windows\system32\perfh00A.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00669732 _____ C:\Windows\system32\perfh01F.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00522732 _____ C:\Windows\system32\perfh006.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00437582 _____ C:\Windows\system32\perfh012.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00409156 _____ C:\Windows\system32\prfh0404.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00404316 _____ C:\Windows\system32\perfh00D.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00165640 _____ C:\Windows\system32\perfc00A.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00146568 _____ C:\Windows\system32\perfc01F.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00126002 _____ C:\Windows\system32\perfc012.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00120708 _____ C:\Windows\system32\prfc0404.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00105222 _____ C:\Windows\system32\perfc006.dat
2015-08-16 21:46 - 2012-10-01 18:03 - 00090376 _____ C:\Windows\system32\perfc00D.dat
2015-08-16 21:46 - 2012-09-30 15:34 - 00742918 _____ C:\Windows\system32\prfh0816.dat
2015-08-16 21:46 - 2012-09-30 15:34 - 00159328 _____ C:\Windows\system32\prfc0816.dat
2015-08-16 21:46 - 2012-09-30 15:15 - 00391884 _____ C:\Windows\system32\prfh0804.dat
2015-08-16 21:46 - 2012-09-30 15:15 - 00125210 _____ C:\Windows\system32\prfc0804.dat
2015-08-16 21:46 - 2012-09-30 15:07 - 00758202 _____ C:\Windows\system32\perfh013.dat
2015-08-16 21:46 - 2012-09-30 15:07 - 00159614 _____ C:\Windows\system32\perfc013.dat
2015-08-16 21:46 - 2012-09-30 14:59 - 00676748 _____ C:\Windows\system32\perfh01D.dat
2015-08-16 21:46 - 2012-09-30 14:59 - 00148590 _____ C:\Windows\system32\perfc01D.dat
2015-08-16 21:46 - 2012-09-30 14:51 - 00712278 _____ C:\Windows\system32\perfh007.dat
2015-08-16 21:46 - 2012-09-30 14:51 - 00155472 _____ C:\Windows\system32\perfc007.dat
2015-08-16 21:46 - 2012-09-30 14:43 - 00682136 _____ C:\Windows\system32\perfh005.dat
2015-08-16 21:46 - 2012-09-30 14:43 - 00147970 _____ C:\Windows\system32\perfc005.dat
2015-08-16 21:46 - 2012-09-30 14:18 - 00738366 _____ C:\Windows\system32\perfh019.dat
2015-08-16 21:46 - 2012-09-30 14:18 - 00157214 _____ C:\Windows\system32\perfc019.dat
2015-08-16 21:46 - 2012-09-30 13:57 - 00754872 _____ C:\Windows\system32\perfh010.dat
2015-08-16 21:46 - 2012-09-30 13:57 - 00153486 _____ C:\Windows\system32\perfc010.dat
2015-08-16 21:46 - 2012-09-30 13:49 - 00425846 _____ C:\Windows\system32\perfh011.dat
2015-08-16 21:46 - 2012-09-30 13:49 - 00127718 _____ C:\Windows\system32\perfc011.dat
2015-08-16 21:46 - 2012-09-30 13:37 - 00507408 _____ C:\Windows\system32\perfh014.dat
2015-08-16 21:46 - 2012-09-30 13:37 - 00101316 _____ C:\Windows\system32\perfc014.dat
2015-08-16 21:46 - 2012-09-30 12:58 - 00622898 _____ C:\Windows\system32\perfh008.dat
2015-08-16 21:46 - 2012-09-30 12:58 - 00118436 _____ C:\Windows\system32\perfc008.dat
2015-08-16 21:46 - 2012-09-30 12:50 - 00727976 _____ C:\Windows\system32\prfh0416.dat
2015-08-16 21:46 - 2012-09-30 12:50 - 00154288 _____ C:\Windows\system32\prfc0416.dat
2015-08-16 21:46 - 2012-09-30 12:37 - 00754570 _____ C:\Windows\system32\perfh015.dat
2015-08-16 21:46 - 2012-09-30 12:37 - 00162978 _____ C:\Windows\system32\perfc015.dat
2015-08-16 21:46 - 2012-09-30 12:25 - 00760170 _____ C:\Windows\system32\perfh00C.dat
2015-08-16 21:46 - 2012-09-30 12:25 - 00492128 _____ C:\Windows\system32\perfh001.dat
2015-08-16 21:46 - 2012-09-30 12:25 - 00156034 _____ C:\Windows\system32\perfc00C.dat
2015-08-16 21:46 - 2012-09-30 12:25 - 00100390 _____ C:\Windows\system32\perfc001.dat
2015-08-16 21:46 - 2012-09-30 12:18 - 00698670 _____ C:\Windows\system32\perfh00E.dat
2015-08-16 21:46 - 2012-09-30 12:18 - 00178924 _____ C:\Windows\system32\perfc00E.dat
2015-08-16 21:46 - 2012-09-30 11:56 - 00494986 _____ C:\Windows\system32\perfh00B.dat
2015-08-16 21:46 - 2012-09-30 11:56 - 00108220 _____ C:\Windows\system32\perfc00B.dat
2015-08-16 21:46 - 2009-07-13 22:13 - 17867178 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-16 20:42 - 2013-02-21 22:53 - 00000600 _____ C:\Users\Light\AppData\Local\PUTTY.RND
2015-08-16 19:27 - 2012-09-30 05:03 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2254185690-3351779975-16188528-1000Core.job
2015-08-16 17:40 - 2014-02-24 01:13 - 00000000 ____D C:\Users\Light\AppData\Local\Arma 3
2015-08-16 17:11 - 2012-11-30 13:58 - 00000000 ____D C:\Users\Light\AppData\Roaming\Google
2015-08-16 15:41 - 2015-06-24 15:31 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2254185690-3351779975-16188528-1000Core.job
2015-08-15 21:19 - 2012-11-18 10:23 - 00000000 ____D C:\Users\Light\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-08-14 22:07 - 2015-01-10 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2015-08-14 22:07 - 2015-01-10 18:34 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2015-08-14 10:58 - 2014-01-13 11:22 - 00000000 ____D C:\Users\Light\Documents\BYOND
2015-08-14 01:02 - 2012-12-17 17:50 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-08-13 10:31 - 2013-11-05 22:24 - 00000000 ____D C:\Program Files (x86)\AMD
2015-08-13 10:26 - 2012-12-17 17:49 - 00000000 ____D C:\ProgramData\Origin
2015-08-13 10:25 - 2015-06-04 16:56 - 00000000 ____D C:\Program Files\AMD
2015-08-13 10:17 - 2012-09-30 05:04 - 00000000 ____D C:\AMD
2015-08-13 05:53 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 03:32 - 2009-07-13 21:45 - 05115424 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 03:26 - 2012-10-01 17:44 - 00000000 ____D C:\Windows\system32\Drivers\he-IL
2015-08-13 03:26 - 2012-10-01 17:42 - 00000000 ____D C:\Windows\system32\Drivers\tr-TR
2015-08-13 03:26 - 2012-09-30 12:24 - 00000000 ____D C:\Windows\system32\Drivers\ar-SA
2015-08-13 03:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-08-13 03:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2015-08-13 03:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2015-08-13 03:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-08-13 03:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\he-IL
2015-08-13 03:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ar-SA
2015-08-13 03:24 - 2015-02-07 20:10 - 00000000 ____D C:\Users\Light\AppData\Local\TSVNCache
2015-08-13 00:22 - 2013-05-14 06:32 - 00000000 ____D C:\Users\Light\Documents\EA Games
2015-08-13 00:21 - 2012-09-30 14:03 - 00189248 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-08-13 00:20 - 2012-09-30 13:58 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2015-08-13 00:07 - 2015-07-05 15:45 - 00000000 ____D C:\Users\Light\Documents\testproject
2015-08-13 00:07 - 2015-06-02 19:38 - 00000000 ____D C:\Users\Light\AppData\Roaming\QtProject
2015-08-12 23:50 - 2013-05-15 21:57 - 00000000 ____D C:\Windows\system32\appmgmt
2015-08-12 20:07 - 2014-01-13 11:18 - 00000000 ____D C:\Program Files (x86)\BYOND
2015-08-12 20:07 - 2012-09-30 04:11 - 00000000 ____D C:\Users\Light\AppData\Local\VirtualStore
2015-08-12 15:32 - 2012-09-30 05:03 - 00002364 _____ C:\Users\Light\Desktop\Google Chrome.lnk
2015-08-12 13:44 - 2014-09-04 19:23 - 00000000 ____D C:\Users\Light\Documents\-tg-station-master
2015-08-12 12:59 - 2012-12-20 21:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 12:59 - 2012-09-30 09:51 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 12:59 - 2012-09-30 09:51 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 09:28 - 2015-02-12 09:47 - 00000000 ___RD C:\Users\Light\Virtual Machines
2015-08-12 05:03 - 2013-03-14 03:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 05:03 - 2013-03-14 03:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 04:58 - 2014-12-10 20:01 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 04:58 - 2014-05-07 03:05 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\zh-HK
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\uk-UA
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\th-TH
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sr-Latn-CS
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sl-SI
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\sk-SK
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\ro-RO
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\lv-LV
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\lt-LT
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\hr-HR
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\et-EE
2015-08-12 04:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\bg-BG
2015-08-12 04:33 - 2013-03-14 03:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 04:18 - 2014-11-28 22:34 - 00000039 _____ C:\Windows\vbaddin.ini
2015-08-12 04:18 - 2012-10-22 18:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 03:40 - 2013-08-05 22:16 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:10 - 2012-09-30 13:38 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 03:02 - 2012-09-30 05:04 - 00000000 ____D C:\Windows\Panther
2015-08-08 17:34 - 2013-04-24 18:09 - 00000000 ____D C:\Program Files\KMSpico
2015-08-08 16:49 - 2013-09-13 14:19 - 00000000 ____D C:\Users\Light\AppData\Roaming\Malwarebytes
2015-08-08 16:49 - 2012-09-30 10:00 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-08 16:49 - 2012-09-30 10:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-08 13:38 - 2014-11-20 17:14 - 00000000 __SHD C:\Users\Light\AppData\Local\EmieBrowserModeList
2015-08-08 13:38 - 2014-05-11 18:13 - 00000000 __SHD C:\Users\Light\AppData\Local\EmieUserList
2015-08-08 13:38 - 2014-05-11 18:13 - 00000000 __SHD C:\Users\Light\AppData\Local\EmieSiteList
2015-08-05 20:06 - 2014-09-29 20:08 - 00000000 ____D C:\Users\Light\Documents\Visual Studio 2013
2015-08-05 12:15 - 2012-09-30 04:58 - 00000000 ____D C:\Program Files (x86)\Intel
2015-08-04 15:53 - 2013-01-13 21:25 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-04 15:40 - 2015-05-05 17:37 - 00000000 ____D C:\Users\Light\AppData\Local\Plex Media Server
2015-08-03 23:28 - 2015-05-26 15:41 - 01445224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-08-03 23:28 - 2015-05-26 15:41 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-08-03 23:28 - 2015-05-26 15:41 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-08-03 23:28 - 2015-05-26 15:41 - 00120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-08-03 23:28 - 2015-05-26 15:40 - 11948704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-08-03 23:28 - 2015-05-26 15:40 - 10094152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-08-03 23:28 - 2015-05-26 15:40 - 01193904 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-08-03 23:27 - 2015-05-26 15:40 - 08893160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-08-03 23:27 - 2015-05-26 15:40 - 08779872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-08-03 21:53 - 2013-09-10 09:59 - 00000000 ____D C:\Users\Light\Documents\GTA San Andreas User Files
2015-08-03 19:55 - 2015-05-26 15:20 - 30752256 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-08-03 19:07 - 2015-05-26 15:07 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-08-03 18:43 - 2015-05-26 15:04 - 01247744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-08-03 18:43 - 2015-05-26 15:04 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-08-03 18:42 - 2015-05-26 15:04 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-08-03 13:46 - 2015-04-19 23:13 - 00000000 ____D C:\Users\Light\Documents\My Kindle Content
2015-08-02 14:57 - 2013-05-13 17:19 - 00000000 ____D C:\Users\Light\AppData\Roaming\FileZilla
2015-08-02 14:57 - 2012-09-30 13:37 - 00000000 ____D C:\Users\Light\AppData\Roaming\DAEMON Tools Lite
2015-08-02 11:54 - 2015-04-05 03:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-02 11:54 - 2015-03-06 01:02 - 00000000 ___HD C:\ControlCenterCount
2015-08-02 11:54 - 2012-09-30 05:03 - 00000000 ___HD C:\SuperChargerProfile
2015-08-02 11:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-08-02 11:51 - 2014-04-14 14:59 - 00000000 ____D C:\Windows\Minidump
2015-07-31 19:15 - 2014-10-05 19:20 - 00000000 ____D C:\Users\Light\AppData\Roaming\deluge
2015-07-30 22:08 - 2012-12-05 20:39 - 00001259 _____ C:\Users\Light\Desktop\humble bundle.txt
2015-07-30 11:31 - 2014-07-24 12:55 - 00000000 ____D C:\Users\Public\Documents\EA Games
2015-07-30 11:17 - 2012-12-17 17:50 - 00000000 ____D C:\Users\Light\AppData\Roaming\Origin
2015-07-30 11:15 - 2012-12-17 17:49 - 00000000 ____D C:\Program Files (x86)\Origin
2015-07-29 15:37 - 2012-09-30 05:01 - 00130304 _____ C:\Users\Light\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-26 15:14 - 2014-08-11 21:26 - 00001098 _____ C:\Users\Public\Desktop\Elite Dangerous Launcher.lnk
2015-07-25 09:15 - 2009-07-13 22:08 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-23 20:00 - 2013-05-13 18:49 - 00000000 ____D C:\Program Files (x86)\Uplink
2015-07-22 22:11 - 2015-04-13 17:50 - 00000080 _____ C:\Users\Light\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-07-20 01:21 - 2015-07-16 19:40 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-20 01:14 - 2014-02-09 16:01 - 00007600 _____ C:\Users\Light\AppData\Local\Resmon.ResmonCfg
 
==================== Files in the root of some directories =======
 
2013-02-14 19:02 - 2014-08-13 15:01 - 0000132 _____ () C:\Users\Light\AppData\Roaming\Adobe BMP Format CS6 Prefs
2013-05-04 23:17 - 2015-01-30 11:38 - 0000132 _____ () C:\Users\Light\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-04-05 12:51 - 2014-04-05 12:51 - 0000132 _____ () C:\Users\Light\AppData\Roaming\Adobe Targa Format CS6 Prefs
2013-09-11 19:21 - 2013-09-11 19:08 - 0012005 _____ () C:\Users\Light\AppData\Roaming\alsoft.ini
2014-05-30 16:02 - 2014-05-30 16:02 - 0000099 _____ () C:\Users\Light\AppData\Roaming\LauncherSettings_live.cfg
2013-02-26 19:50 - 2013-02-26 19:50 - 0703117 _____ () C:\Users\Light\AppData\Roaming\technic-launcher.jar
2014-05-30 15:30 - 2014-05-30 15:57 - 0000040 _____ () C:\Users\Light\AppData\Roaming\TheHunterSettings_live.cfg
2012-10-27 22:22 - 2015-03-06 12:02 - 0001456 _____ () C:\Users\Light\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-11-19 21:02 - 2012-11-19 21:02 - 0003584 _____ () C:\Users\Light\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-01 18:07 - 2012-10-01 18:07 - 0000093 _____ () C:\Users\Light\AppData\Local\fusioncache.dat
2013-02-21 22:53 - 2015-08-16 20:42 - 0000600 _____ () C:\Users\Light\AppData\Local\PUTTY.RND
2015-08-16 22:44 - 2015-08-16 22:44 - 0000218 _____ () C:\Users\Light\AppData\Local\recently-used.xbel
2014-02-09 16:01 - 2015-07-20 01:14 - 0007600 _____ () C:\Users\Light\AppData\Local\Resmon.ResmonCfg
2013-02-13 19:22 - 2013-09-21 10:59 - 0000080 _____ () C:\Users\Light\AppData\Local\X-Plane Installer.prf
2013-02-13 19:23 - 2013-09-22 17:29 - 0000015 _____ () C:\Users\Light\AppData\Local\X-Plane_drm.prf
2013-02-13 17:56 - 2013-02-13 17:56 - 0000041 _____ () C:\Users\Light\AppData\Local\x-plane_install_10.txt
2015-05-30 11:37 - 2015-05-30 11:37 - 0000000 ___SH () C:\ProgramData\.rdata
 
Files to move or delete:
====================
C:\Users\Light\hpnt.exe
 
 
Some files in TEMP:
====================
C:\Users\Light\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_se3lc.dll
C:\Users\Light\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2012-10-01 06:29] - [2012-10-03 17:46] - 1008640 ____A (Microsoft Corporation) F78E7BD7ADC829D9DD92C558180E09DB
 
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-12 07:21
 
==================== End of log ============================

Attached Files


Edited by 2lean4, 18 August 2015 - 02:39 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:05 PM

Posted 19 August 2015 - 08:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\...\Run: [GalaxyClient] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKU\S-1-5-21-2254185690-3351779975-16188528-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-07-17] (Popcorn Time) [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Program Files (x86)\Popcorn Time
C:\Users\Light\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_se3lc.dll
C:\Users\Light\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\.rdata:X
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Light\Cookies:yyLX711z30Jbxknf69qICzN6yaZuvc
AlternateDataStreams: C:\Users\Light\AppData\Local\PTGYl1F4Y3:5HQFVfZF6XpbKRDXHV5nchH
Task: {15381D12-2044-43BA-9D7E-317914056000} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-07-16] ()
C:\Program Files (x86)\Gyazo

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

How is the computer running now?

#4 2lean4

2lean4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 19 August 2015 - 01:51 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:17-08-2015
Ran by Light (2015-08-19 11:21:35) Run:1
Running from C:\Users\Light\Downloads
Loaded Profiles: Light (Available Profiles: Light)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\...\Run: [GalaxyClient] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKU\S-1-5-21-2254185690-3351779975-16188528-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2015-07-17] (Popcorn Time) [File not signed]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Program Files (x86)\Popcorn Time
C:\Users\Light\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_se3lc.dll
C:\Users\Light\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\.rdata:X
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
AlternateDataStreams: C:\Users\Light\Cookies:yyLX711z30Jbxknf69qICzN6yaZuvc
AlternateDataStreams: C:\Users\Light\AppData\Local\PTGYl1F4Y3:5HQFVfZF6XpbKRDXHV5nchH
Task: {15381D12-2044-43BA-9D7E-317914056000} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-07-16] ()
C:\Program Files (x86)\Gyazo

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Popcorn Time\Updater.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2254185690-3351779975-16188528-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
"HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => key removed successfully
"HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.2" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Update service => service removed successfully
EagleX64 => service removed successfully
MSICDSetup => service removed successfully
NTIOLib_1_0_C => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VBoxNetFlt => service removed successfully
VGPU => service removed successfully
C:\Program Files (x86)\Popcorn Time => moved successfully.
"C:\Users\Light\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_se3lc.dll" => File/Folder not found.
C:\Users\Light\AppData\Local\Temp\sqlite3.dll => moved successfully.
C:\ProgramData\.rdata => ":X" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
"C:\Users\Light\Cookies" => ":yyLX711z30Jbxknf69qICzN6yaZuvc" ADS not found.
C:\Users\Light\AppData\Local\PTGYl1F4Y3 => ":5HQFVfZF6XpbKRDXHV5nchH" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{15381D12-2044-43BA-9D7E-317914056000}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15381D12-2044-43BA-9D7E-317914056000}" => key removed successfully
C:\Windows\System32\Tasks\GyazoUpdateTaskMachine => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachine" => key removed successfully
C:\Program Files (x86)\Gyazo => moved successfully.
EmptyTemp: => 1.8 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 11:24:21 ====



#5 2lean4

2lean4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 19 August 2015 - 02:04 PM

# AdwCleaner v5.002 - Logfile created 19/08/2015 at 11:53:36
# Updated 18/08/2015 by Xplode
# Database : 2015-08-18.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Light - LIGHT_PC
# Running from : C:\Users\Light\Downloads\adwcleaner_5.002.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehkepjiconegkhpodgoaeamnpckdbblp

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : s-w-a-t-4.en.softonic.com
[-] [C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netflix.com
[-] [C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C4].txt - [1616 bytes]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [1616 bytes] ##########



#6 2lean4

2lean4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 19 August 2015 - 02:18 PM

completed all steps, but after restarting the computer again the file attempts to run again and is quarantined by MSE, doesn't seem like these steps did anything

 

not sure if this will help, but

while the file is called "downloader.tmp" it appears to run with a name of "setup" in task manager, and has a google chrome icon



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:05 PM

Posted 20 August 2015 - 07:21 AM


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CloseProcesses:

Folder: C:\Users\Light\AppData\Local\Temp
Folder: C:\Windows\System32\Tasks

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Run this tool also.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#8 2lean4

2lean4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 20 August 2015 - 02:32 PM

yeah disabling antivirus for zoek allowed bingbar to get installed before i stopped the process, so i ran it in safe mode
still doesn't seem like there has been any change, downloader.tmp is still showing up after i ran zoek
 
edit: hmm, it showed up once after i ran this, but it hasn't showed up hourly like it was before
 
Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Light (2015-08-20 10:52:53) Run:2
Running from C:\Users\Light\Downloads
Loaded Profiles: Light (Available Profiles: Light)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CloseProcesses:
 
Folder: C:\Users\Light\AppData\Local\Temp
Folder: C:\Windows\System32\Tasks
 
End
*****************
 
Processes closed successfully.
 
========================= Folder: C:\Users\Light\AppData\Local\Temp ========================
 
2015-08-19 11:49 - 2015-08-19 11:49 - 0032768 _____ () C:\Users\Light\AppData\Local\Temp\~DFC4636E12D66AD6EE.TMP
2015-07-25 09:47 - 2015-08-19 11:49 - 0878592 _____ () C:\Users\Light\AppData\Local\Temp\adwcleaner.db
2015-07-05 08:50 - 2014-08-06 08:48 - 0019583 _____ () C:\Users\Light\AppData\Local\Temp\AdwCleaner.jpg
2015-07-05 08:50 - 2014-08-06 08:48 - 0004286 _____ () C:\Users\Light\AppData\Local\Temp\Cleaning.ico
2015-08-19 12:14 - 2015-08-19 12:14 - 0071168 _____ () C:\Users\Light\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4lmphr.dll
2015-08-19 12:14 - 2015-08-19 12:14 - 0000000 _____ () C:\Users\Light\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4lmphr.lck
2015-08-19 12:14 - 2015-08-19 12:14 - 0000000 _____ () C:\Users\Light\AppData\Local\Temp\etilqs_karaJlShY3OQbeN
2015-08-19 12:49 - 2015-08-19 12:49 - 0002052 ___HT () C:\Users\Light\AppData\Local\Temp\etilqs_pBNCBrujAacLcKr
2015-08-19 12:49 - 2015-08-19 12:49 - 0000000 _____ () C:\Users\Light\AppData\Local\Temp\etilqs_qPD776NWSpLpDn9
2015-07-05 08:50 - 2015-04-21 23:53 - 0007373 _____ () C:\Users\Light\AppData\Local\Temp\EULA.txt
2015-08-19 11:40 - 2015-08-19 11:40 - 0000000 _____ () C:\Users\Light\AppData\Local\Temp\FXSAPIDebugLogFile.txt
2015-08-19 11:41 - 2015-08-19 11:41 - 0000000 _____ () C:\Users\Light\AppData\Local\Temp\qtsingleapp-Google-875a-1-lockfile
2015-07-05 08:50 - 2014-08-06 08:48 - 0004286 _____ () C:\Users\Light\AppData\Local\Temp\Report.ico
2015-07-05 08:50 - 2014-08-06 08:48 - 0004286 _____ () C:\Users\Light\AppData\Local\Temp\Scan.ico
2015-08-14 05:29 - 2015-07-29 13:08 - 0681097 _____ (SQLite Development Team) C:\Users\Light\AppData\Local\Temp\sqlite3.dll
2015-08-19 12:03 - 2015-08-19 12:03 - 0000810 _____ () C:\Users\Light\AppData\Local\Temp\StructuredQuery.log
2015-07-14 01:44 - 2015-08-14 10:00 - 0000546 _____ () C:\Users\Light\AppData\Local\Temp\Uninstall.bat
2015-07-05 08:50 - 2014-08-06 08:48 - 0004286 _____ () C:\Users\Light\AppData\Local\Temp\Uninstall.ico
2015-08-19 22:34 - 2015-08-19 22:34 - 0001389 _____ () C:\Users\Light\AppData\Local\Temp\wmsetup.log
2015-08-19 11:43 - 2015-08-19 11:43 - 0000000 ____D () C:\Users\Light\AppData\Local\Temp\comtypes_cache
2015-08-19 11:43 - 2015-08-19 11:43 - 0000000 ____D () C:\Users\Light\AppData\Local\Temp\comtypes_cache\Dropbox-27
2015-08-19 11:42 - 2015-08-19 11:43 - 0000000 ____D () C:\Users\Light\AppData\Local\Temp\Low
2015-08-19 11:43 - 2015-08-19 11:45 - 0000034 _____ () C:\Users\Light\AppData\Local\Temp\Low\JavaDeployReg.log
2015-08-19 13:53 - 2015-08-19 13:53 - 0000000 ____D () C:\Users\Light\AppData\Local\Temp\Skype
2015-08-19 13:53 - 2015-08-19 13:53 - 0000000 ____D () C:\Users\Light\AppData\Local\Temp\Skype\DbTemp
2015-08-19 13:53 - 2015-08-19 13:53 - 0008192 _____ () C:\Users\Light\AppData\Local\Temp\Skype\DbTemp\temp-6Fl9LWETI1M1NXcVk31jJeD3
2015-08-19 13:53 - 2015-08-19 13:53 - 0020480 _____ () C:\Users\Light\AppData\Local\Temp\Skype\DbTemp\temp-I8Bl8ZNiYGfP35XnFcpIhMqy
2015-08-19 13:53 - 2015-08-20 10:44 - 0004616 _____ () C:\Users\Light\AppData\Local\Temp\Skype\DbTemp\temp-m1eiRC0BjnoemyO3P6Lg6g5u
2015-08-19 13:53 - 2015-08-19 13:53 - 0004616 _____ () C:\Users\Light\AppData\Local\Temp\Skype\DbTemp\temp-XDdoOJozciMPeV2P4iyKybIg
2015-08-19 22:34 - 2015-08-19 22:34 - 0000000 ____D () C:\Users\Light\AppData\Local\Temp\tmp58632.WMC
2015-08-19 22:34 - 2015-08-19 22:34 - 0000908 _____ () C:\Users\Light\AppData\Local\Temp\tmp58632.WMC\serviceinfo.xml
2015-08-19 12:12 - 2015-08-19 12:12 - 0000000 ____D () C:\Users\Light\AppData\Local\Temp\WPDNSE
 
====== End of Folder: ======
 
 
========================= Folder: C:\Windows\System32\Tasks ========================
 
2014-10-24 13:42 - 2014-10-24 13:42 - 0003318 _____ () C:\Windows\System32\Tasks\{27D53A9A-8BB5-4A13-AA8E-F500824BAC3B}
2014-09-06 22:24 - 2014-09-06 22:24 - 0003036 _____ () C:\Windows\System32\Tasks\{8A66BB36-450F-4B99-BB54-B9F3666E518A}
2012-12-20 21:47 - 2015-08-12 12:59 - 0003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2012-09-29 14:23 - 2012-09-29 14:23 - 0002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-24 15:31 - 2015-07-18 15:36 - 0003496 _____ () C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2254185690-3351779975-16188528-1000Core
2015-06-24 15:31 - 2015-07-18 15:36 - 0003892 _____ () C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2254185690-3351779975-16188528-1000UA
2015-08-16 17:11 - 2015-08-16 17:11 - 0003318 _____ () C:\Windows\System32\Tasks\GoogleUpdate
2015-08-16 17:11 - 2015-08-20 10:44 - 0003574 _____ () C:\Windows\System32\Tasks\GoogleUpdateClient
2013-04-24 19:12 - 2015-07-15 14:38 - 0003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-04-24 19:13 - 2015-07-15 14:38 - 0003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2012-09-30 05:03 - 2015-07-15 19:22 - 0003486 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2254185690-3351779975-16188528-1000Core
2012-09-30 05:03 - 2015-07-15 19:22 - 0003882 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2254185690-3351779975-16188528-1000UA
2015-07-08 10:42 - 2015-07-16 22:17 - 0003408 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2013-02-23 12:37 - 2013-02-23 12:37 - 0003230 _____ () C:\Windows\System32\Tasks\MotoHelper Initial Update
2013-02-23 12:37 - 2013-02-23 12:37 - 0003404 _____ () C:\Windows\System32\Tasks\MotoHelper Routing
2013-02-23 12:37 - 2013-02-23 12:37 - 0003422 _____ () C:\Windows\System32\Tasks\MotoHelper Update
2015-08-18 13:32 - 2015-08-19 14:23 - 0003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{653A267C-17E9-414B-958C-96AB36FEB25B}
2012-09-30 09:56 - 2012-09-30 09:56 - 0000000 ____D () C:\Windows\System32\Tasks\Apple
2012-09-30 09:56 - 2012-09-30 09:56 - 0003374 _____ () C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate
2009-07-13 20:20 - 2015-08-02 11:54 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft
2012-09-29 14:36 - 2015-08-19 12:21 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware
2015-07-16 22:30 - 2015-08-19 12:21 - 0004002 _____ () C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan
2013-01-05 20:26 - 2013-04-24 18:17 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Office
2009-07-13 20:20 - 2015-04-05 03:03 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows
2009-07-13 21:57 - 2014-02-08 12:05 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows Defender
2012-09-30 13:05 - 2012-09-30 13:05 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows Live
2012-09-30 13:05 - 2012-09-30 13:05 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
2012-09-30 13:05 - 2012-09-30 13:05 - 0004158 _____ () C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
2009-07-13 21:53 - 2009-07-13 21:53 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
2009-07-13 21:53 - 2009-07-13 21:53 - 0004472 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
2009-07-13 21:53 - 2009-07-13 21:53 - 0003854 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
2009-07-13 21:54 - 2009-07-13 21:54 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\AppID
2009-07-13 21:54 - 2009-07-13 21:54 - 0002900 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
2009-07-13 21:54 - 2009-07-13 21:54 - 0003790 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
2009-07-13 21:54 - 2015-08-12 05:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
2009-07-13 21:54 - 2009-07-13 21:54 - 0003458 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
2015-02-12 09:12 - 2015-08-12 05:08 - 0003918 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
2015-02-12 09:11 - 2015-08-12 05:08 - 0004004 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
2009-07-13 21:49 - 2009-07-13 21:49 - 0003026 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Autochk\Proxy
2009-07-13 21:57 - 2009-07-13 21:57 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
2009-07-13 21:57 - 2009-07-13 21:57 - 0001862 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
2009-07-13 21:53 - 2009-07-13 21:53 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
2009-07-13 21:53 - 2009-07-13 21:53 - 0004130 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
2009-07-13 21:53 - 2009-07-13 21:53 - 0003868 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
2009-07-13 21:53 - 2009-07-13 22:09 - 0003134 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
2009-07-13 21:53 - 2009-07-13 22:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
2009-07-13 21:57 - 2009-07-13 21:57 - 0002934 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
2009-07-13 21:53 - 2009-07-13 21:53 - 0003946 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
2009-07-13 21:54 - 2009-07-13 21:54 - 0003598 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
2009-07-13 21:57 - 2009-07-13 21:57 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
2009-07-13 21:57 - 2009-07-13 21:57 - 0003886 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
2009-07-13 21:57 - 2009-07-13 21:57 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
2009-07-13 21:57 - 2009-07-13 21:57 - 0004018 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
2012-09-30 04:08 - 2012-09-30 04:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
2012-09-30 04:08 - 2012-11-11 02:00 - 0003760 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
2012-09-30 04:08 - 2012-09-30 04:08 - 0002538 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
2009-07-13 21:55 - 2009-07-13 21:55 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Location
2009-07-13 21:55 - 2009-07-13 21:57 - 0003554 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Location\Notifications
2009-07-13 21:55 - 2009-07-13 21:55 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
2009-07-13 21:55 - 2013-10-20 01:00 - 0004086 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\WinSAT
2009-07-14 00:46 - 2012-09-30 04:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
2012-09-30 04:08 - 2012-09-30 04:08 - 0002420 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch
2012-09-30 04:08 - 2012-09-30 04:08 - 0002448 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService
2012-09-30 04:08 - 2012-09-30 04:08 - 0002592 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
2012-09-30 04:08 - 2012-09-30 04:08 - 0002400 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit
2012-09-30 04:08 - 2012-09-30 04:08 - 0002546 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady
2012-09-30 04:08 - 2012-09-30 04:08 - 0002790 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\mcupdate
2012-09-30 04:08 - 2012-09-30 04:08 - 0002954 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask
2012-09-30 04:08 - 2012-09-30 04:08 - 0002958 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
2012-09-30 04:08 - 2012-09-30 04:08 - 0002380 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate
2012-09-30 04:08 - 2012-09-30 04:08 - 0002400 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery
2012-09-30 04:08 - 2012-09-30 04:08 - 0002384 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery
2012-09-30 04:08 - 2012-09-30 04:08 - 0003226 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1
2012-09-30 04:08 - 2012-09-30 04:08 - 0003228 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2
2012-09-30 04:08 - 2012-09-30 04:08 - 0003822 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry
2012-09-30 04:08 - 2012-09-30 04:08 - 0002926 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask
2012-09-30 04:08 - 2012-09-30 04:08 - 0002918 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask
2012-09-30 04:08 - 2012-09-30 04:08 - 0003078 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart
2012-09-30 04:08 - 2012-09-30 04:08 - 0002408 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch
2012-09-30 04:08 - 2012-09-30 04:08 - 0002432 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot
2012-09-30 04:08 - 2012-09-30 04:08 - 0002942 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask
2012-09-30 04:08 - 2012-09-30 04:08 - 0002736 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath
2009-07-14 00:46 - 2009-07-14 00:46 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\Extender
2009-07-13 21:53 - 2009-07-13 22:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
2009-07-13 21:53 - 2009-07-13 21:53 - 0003304 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
2009-07-13 21:53 - 2009-07-13 21:53 - 0003510 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
2012-09-30 04:08 - 2012-09-30 04:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
2012-09-30 04:08 - 2012-09-30 04:08 - 0003576 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC\HotStart
2009-07-13 21:54 - 2012-10-02 03:50 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\MUI
2012-09-30 15:41 - 2012-09-30 16:41 - 0003456 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\MUI\Lpksetup
2009-07-13 21:54 - 2009-07-13 21:54 - 0003168 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove
2012-09-30 11:57 - 2012-10-02 03:50 - 0003324 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\MUI\Mcbuilder
2009-07-13 21:55 - 2009-07-13 21:55 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
2009-07-13 21:55 - 2009-07-13 21:57 - 0002602 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
2009-07-13 21:54 - 2009-07-13 21:54 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
2009-07-13 21:54 - 2009-07-13 21:54 - 0002044 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo
2009-07-13 21:54 - 2009-07-13 22:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
2012-09-30 04:08 - 2012-09-30 04:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Offline Files
2012-09-30 04:08 - 2012-09-30 04:09 - 0004152 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization
2012-09-30 04:08 - 2012-09-30 04:08 - 0003058 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization
2009-07-13 21:55 - 2009-07-13 21:55 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
2009-07-13 21:55 - 2009-07-13 21:55 - 0002832 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
2009-07-13 20:20 - 2009-07-13 20:20 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\PLA
2009-07-13 20:20 - 2009-07-13 22:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
2009-07-13 21:53 - 2009-07-13 21:53 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
2009-07-13 21:53 - 2009-07-13 21:53 - 0003752 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
2009-07-13 21:55 - 2009-07-13 22:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\RAC
2009-07-13 21:55 - 2009-07-13 21:57 - 0004370 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\RAC\RacTask
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Ras
2009-07-13 21:49 - 2009-07-13 21:49 - 0003052 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Ras\MobilityManager
2009-07-13 21:54 - 2009-07-13 21:54 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Registry
2009-07-13 21:54 - 2009-07-13 21:54 - 0003956 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
2009-07-13 20:20 - 2009-07-13 19:35 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update
2009-07-13 21:57 - 2009-07-13 21:57 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
2009-07-13 21:57 - 2009-07-13 21:57 - 0004596 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
2013-03-14 03:07 - 2013-03-14 03:07 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools
2015-04-05 03:03 - 2015-08-02 11:54 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Setup
2015-04-05 03:03 - 2015-07-16 19:58 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
2015-05-20 03:05 - 2015-07-16 19:58 - 0003176 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess
2015-05-20 03:04 - 2015-07-16 19:58 - 0003050 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig
2015-07-16 19:58 - 2015-07-16 19:58 - 0003664 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
2015-07-16 19:58 - 2015-07-16 19:58 - 0002876 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent
2015-05-20 03:05 - 2015-08-19 11:49 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
2015-08-01 23:50 - 2015-08-19 11:49 - 0003964 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
2009-07-13 21:54 - 2009-07-13 22:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Shell
2009-07-13 21:57 - 2009-07-13 21:57 - 0003616 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
2009-07-13 21:57 - 2009-07-13 22:09 - 0003912 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
2012-09-30 04:08 - 2012-09-30 04:08 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
2012-09-30 04:08 - 2012-09-30 04:08 - 0003784 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\AutoWake
2012-09-30 04:08 - 2012-09-30 04:08 - 0003612 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager
2012-09-30 04:08 - 2012-09-30 04:11 - 0003698 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent
2012-09-30 04:08 - 2012-09-30 04:12 - 0003792 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
2009-07-13 21:49 - 2009-07-13 21:49 - 0003942 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
2009-07-13 22:32 - 2009-07-13 22:32 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter
2009-07-13 22:01 - 2009-07-13 22:01 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
2009-07-13 22:01 - 2009-07-13 22:01 - 0003506 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore\SR
2009-07-13 21:53 - 2009-07-13 21:53 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
2009-07-13 21:53 - 2009-07-13 21:53 - 0002614 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager\Interactive
2009-07-13 21:53 - 2009-07-13 21:53 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
2009-07-13 21:53 - 2009-07-13 21:53 - 0003950 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
2009-07-13 21:53 - 2009-07-13 21:53 - 0004066 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
2009-07-13 21:53 - 2009-07-13 21:53 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
2009-07-13 21:53 - 2009-07-13 21:53 - 0002978 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
2009-07-13 21:49 - 2009-07-13 21:49 - 0003388 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
2009-07-13 21:49 - 2009-07-13 21:49 - 0001730 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
2009-07-13 21:53 - 2009-07-13 21:53 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service
2009-07-13 21:53 - 2009-07-13 21:53 - 0003420 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\WDI
2009-07-13 21:49 - 2009-07-13 21:49 - 0002682 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\WDI\ResolutionHost
2012-09-30 04:09 - 2012-09-30 04:09 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
2012-09-30 04:09 - 2015-08-19 05:19 - 0004310 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
2012-09-30 04:09 - 2015-08-19 05:19 - 0003758 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
2009-07-13 21:49 - 2009-07-13 21:49 - 0003048 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
2009-07-13 21:49 - 2009-07-13 21:49 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
2009-07-13 21:49 - 2009-07-13 21:49 - 0003290 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
2009-07-13 21:57 - 2009-07-13 21:57 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
2009-07-13 21:57 - 2009-07-13 21:57 - 0003304 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
2009-07-13 21:54 - 2009-07-13 21:54 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
2009-07-13 21:54 - 2012-09-30 04:57 - 0004330 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
2009-07-13 21:57 - 2009-07-13 21:57 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
2009-07-13 21:57 - 2015-04-17 07:36 - 0003530 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
2013-04-30 04:23 - 2013-04-30 04:23 - 0000000 ____D () C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
2013-04-30 04:23 - 2013-04-30 04:23 - 0003540 _____ () C:\Windows\System32\Tasks\Microsoft\Windows\Wininet\CacheTask
2012-10-22 18:24 - 2012-10-22 18:24 - 0000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2012-10-22 18:24 - 2015-08-17 09:17 - 0004394 _____ () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
2009-07-13 22:09 - 2013-12-12 08:36 - 0000000 ____D () C:\Windows\System32\Tasks\WPD
 
====== End of Folder: ======
 
 
 
The system needed a reboot.. 
 
==== End of Fixlog 10:53:04 ====
 
 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Light on Thu 08/20/2015 at 11:12:22.87.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\Light\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\Calcpro deleted successfully
C:\PROGRA~2\DSPRobotics deleted successfully
C:\PROGRA~2\epson deleted successfully
C:\PROGRA~2\MeteorEntertainment deleted successfully
C:\PROGRA~2\R.G. Games deleted successfully
C:\PROGRA~3\AirParrot deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\Splashtop deleted successfully
C:\PROGRA~3\SyncTERM deleted successfully
C:\Users\Light\AppData\Roaming\Awesomium deleted successfully
C:\Users\Light\AppData\Roaming\Braid deleted successfully
C:\Users\Light\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Light\AppData\Roaming\netfabb deleted successfully
C:\Users\Light\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Light\AppData\Roaming\Splashtop deleted successfully
C:\Users\Light\AppData\Roaming\WinRAR deleted successfully
C:\Users\Light\AppData\Local\calibre-cache deleted successfully
C:\Users\Light\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Light\AppData\Local\EmieSiteList deleted successfully
C:\Users\Light\AppData\Local\EmieUserList deleted successfully
C:\Users\Light\AppData\Local\GameSpy deleted successfully
C:\Users\Light\AppData\Local\PACE Anti-Piracy deleted successfully
C:\Users\Light\AppData\Local\PTGYl1F4Y3 deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2254185690-3351779975-16188528-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9F0DDD5E-DEE2-4210-9593-35BE93DEBA54} deleted successfully
HKEY_USERS\S-1-5-21-2254185690-3351779975-16188528-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\AGEIA Technologies not found
C:\PROGRA~2\Calcpro not found
C:\PROGRA~2\DSPRobotics not found
C:\PROGRA~2\epson not found
C:\PROGRA~2\Mafia  not found
C:\PROGRA~2\MeteorEntertainment not found
C:\PROGRA~2\R.G. Games not found
C:\PROGRA~2\SystemRequirementsLab deleted
C:\Users\Light\AppData\Roaming\calibre deleted
C:\Users\Light\AppData\Roaming\Sublime Text 3 deleted
C:\Users\Light\AppData\Roaming\DVDVideoSoft deleted
C:\Users\Light\.android deleted
C:\PROGRA~2\Deus.Ex.Human.Revolution.Directors.Cut deleted
C:\PROGRA~2\Splashtop deleted
C:\install.exe deleted
C:\LogitechUpdate.exe deleted
C:\LuInstall.exe deleted
C:\LULnchr.exe deleted
C:\Users\Light\AppData\Roaming\alsoft.ini deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Light\Downloads\android-studio-bundle-141.1903250-windows.exe deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Light\hpnt.exe deleted
"C:\Windows\Installer\1efc5440.msi" deleted
"C:\ProgramData\.rdata" deleted
"C:\Users\Light\AppData\Roaming\FreeCAD\system.cfg" deleted
"C:\Users\Light\AppData\Roaming\FreeCAD\user.cfg" deleted
"C:\Users\Light\AppData\Roaming\FreeCAD" deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F003DA68-8256-4b37-A6C4-350FA04494DF}"="C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt" []
 
==== Chromium Look ======================
 
 
Pushbullet - Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd
AdBlock - Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Chrome Hotword Shared Module - Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Morpheon Dark - Light\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad
 
==== Chromium Startpages ======================
 
C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Preferences
,http://www.netflix.com:80":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://news.moviefone.com:80,http://news.moviefone.com:80":{"geolocation":2},"http://stereopsis.com:80,http://stereopsis.com:80":{"geolocation":1},"http://vinesaucevidya.com:80,*":{"notifications":1},"http://www.amazon.com:80,*":{"ppapi-broker":1},"http://www.diamond-air.at:80,http://www.diamond-air.at:80":{"geolocation":1},"http://www.fogodechao.com:80,http://www.fogodechao.com:80":{"geolocation":2},"http://www.jackinthebox.com:80,http://www.jackinthebox.com:80":{"geolocation":2},"http://www.netflix.com:80,http://www.netflix.com:80":{"fullscreen":1},"http://www.onlinemictest.com:80,*":{"last_used":{"media-stream-camera":1417554001.719615,"media-stream-mic":1417554001.719501},"media-stream-camera":1,"media-stream-mic":1},"https://maps.google.com:443,https://maps.google.com:443":{"geolocation":1},"https://shrinkonce.com:443,https://shrinkonce.com:443":{"ssl-cert-decisions":{"cert_exceptions_map":{"4294967095n5n18u5nffh5gnccc/BS/cY2LcOuvnNcJYwSKvzvntQ=":1},"guid":"683BDB03-95DD-4E82-B63E-A7476FC6944C","version":1}},"https://www.google.com:443,*":{"last_used":{"media-stream-mic":1430514385.72858},"media-stream-mic":1},"https://www.google.com:443,https://www.google.com:443":{"geolocation":2}},"pref_version":1},"default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh5.googleusercontent.com/-YpHfkVO1Nro/AAAAAAAAAAI/AAAAAAAAAyM/3--3LUVQNCI/s256-c/photo.jpg","gaia_info_update_time":"13084528725195835","icon_version":3,"is_managed":false,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"A","password_manager_groups_for_domains":[7,null,null,null,null,null,8,0,null,9],"per_host_zoom_levels":{},"using_default_avatar":false,"using_default_name":false,"using_gaia_avatar":false},"protection":{"macs":{}},"reverse_autologin":{"rejected_email_list":["2lean4@gmail.com","andrewlight13@mittymonarch.com"]},"savefile":{"default_directory":"C:\\Users\\Light\\Desktop","type":1},"selectfile":{"last_directory":"C:\\Users\\Light\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13035088939770368"},"settings":{"privacy":{"drm_salt":"4E7798B4EE8D1E0F00461A318423003A5F4722F3D216E8DB7FBBEAAE9B0433E9"}},"sync":{"acknowledged_types":["Bookmarks","Preferences","Passwords","Autofill Profiles","Autofill","Themes","Typed URLs","Extensions","Encryption keys","Search Engines","Sessions","Apps","App settings","Extension settings","App Notifications"],"app_list":true,"app_notifications":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAARX3lAX8I8U64toPpnwH2fgAAAAACAAAAAAAQZgAAAAEAACAAAABR9196hN/z/uEThNdXdWs8behKoWUDXsd2lZWphZ6/hQAAAAAOgAAAAAIAACAAAADFWNrrOR7+/RMDfzx9Efo7XlGSACREgklCpjW8GE9UI0AAAAB1jwD6QKvhi0//i6ecr9/X8RRSVW9nITYMp7N03bE7RtZ3GwM01qaCD5v2hpC2HhS1j1lMbdFuJ0RDkmUSTRpKQAAAAJBiceS1I67m6KxvoVleRVnWqCWQg8p/mrK9mVZjX9zNsZflcXLJNURzG0hU4Jt0NYKHgPvpd7hzdq7FpLgkjHo=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"favicons_syncing_enabled":true,"first_sync_time":"13055012705793122","has_auth_error":false,"has_setup_completed":true,"history_delete_directives":true,"keep_everything_synced":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAH+ZGi8fK/EqdrDzzl3MTsgAAAAACAAAAAAAQZgAAAAEAACAAAADc7y1CIPFFanGkPsdb8k4tGit7oK92jHQbnXlwiwo3zgAAAAAOgAAAAAIAACAAAAArk9QgsK4alScQKlPFa+qa53PrrkjTBIAroaw6ah5nT1AAAAB9d7Klwkeps3qR2+fBFt3Vavb8wgLtPkvPOIcHtpGkNJxoQZGZFowEBPLbEfX5LoOFYjDv4tmDQ/qf/c2pfdeo4OhLh6Eh7zgRgw9Wwen3H0AAAADpsbj7ljEvA8WcON/yytqZS21NOqJhDzb475ynzq7JJ0TaJ3mnFvy7eMZOmUh4nqgzhIUKMNLBduPMUVxv0RjW","last_synced_time":"13084566581201487","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"memory_warning_count":0,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncthb1K/uMm/h/jfVLhMLkSQ==","sessions":true,"shutdown_cleanly":false,"suppress_start":false,"synced_notifications":true,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"show_ntp_bubble":false,"startup_count":7,"user_skipped":true,"view_count":7},"synced_notification":{"enabled_sending_services":["Google+"],"first_run":false,"initialized_sending_services":["Google+"]},"translate_accepted_count":{"ar":0,"bg":1,"cs":0,"da":0,"de":0,"en":0,"es":0,"fi":10,"fr":0,"id":0,"is":1,"it":0,"ja":0,"ka":0,"nl":2,"no":1,"pl":0,"pt":0,"ru":0,"sv":6,"tr":1,"zh-CN":0,"zh-TW":0},"translate_blocked_languages":["en"],"translate_denied_count":{"ar":5,"bg":0,"cs":0,"da":0,"de":0,"en":5,"es":0,"fi":0,"fr":0,"is":0,"it":6,"ja":23,"ka":1,"nl":0,"no":0,"pl":2,"pt":5,"ru":0,"sv":0,"tr":0,"zh-CN":0,"zh-TW":2},"translate_denied_count_for_language":{"ar":1,"cs":1,"da":1,"de":2,"en":3,"es":3,"fr":2,"id":1,"it":2,"ja":2,"pl":1,"pt":1,"ru":3,"sv":0,"zh-CN":3,"zh-TW":2},"translate_last_denied_time":1413656417334.976,"translate_last_denied_time_for_language":{"ar":1439742791235.309,"cs":1438800736304.604,"da":1438104096175.83,"de":1438049764538.469,"en":1438049159226.476,"es":1438848323026.669,"fr":1438793487375.859,"id":1438154237169.805,"it":1438280193341.4,"ja":1438626141996.185,"pl":1439406377989.2,"pt":1440055915241.821,"ru":1438720701269.25,"zh-CN":1439414436327.403,"zh-TW":1439581829518.304},"translate_too_often_denied":true,"translate_too_often_denied_for_language":{"de":true,"en":true,"es":true,"fr":true,"it":true,"ja":true,"ru":true,"zh-CN":true},"translate_whitelists":{},"webkit":{"webprefs":{"default_fixed_font_size":13,"default_font_size":16,"fonts":{"fixed":{"Zyyy":"Consolas"},"sansserif":{"Zyyy":"Arial"},"serif":{"Zyyy":"Times New Roman"},"standard":{"Zyyy":"Times New Roman"}},"minimum_font_size":6,"minimum_logical_font_size":6}},"zerosuggest":{"cachedresults":""}}
eihdjnejgicl":"234777089EACC08EDE97A6800EE786AF7306F6259E85BB13BB84A2E3AC0510BD","gighmmpiobklfepjocnamgkkbiglidom":"2F723414A933291479F5918E210DAD6F5C37922DEA132A2E3C7876B545FA543D","hgjpnmnpjmabddgmjdiaggacbololbjm":"B6E4160BD8B6178E56207F9188D3590B69CA736C3A5B96986E629EB519AA8DF8","kmendfapggjehodndflmmgagdbamhnfd":"2AFC7B689B12E81E115D5AD54322F53D67D48DAF3F1482FAD4694089F1BDECFF","lccekmodgklaepjeofjdjpbminllajkg":"D3836A0FE2449BB11F81F7DCDFBD4843058A68A5815F68C74AB66DF4DA906859","lnkdbjbjpnpjeciipoaflmpcddinpjjp":"319CBD60D65931253A690D2AEC33009800D4F471BC341A3C32AF71CCB3E0BD32","mafbdhjdkjnoafhfelkjpchpaepjknad":"45B862E9D2825BB4074D1281F96B51FCC61F799883A485B8D7868345EC1AB868","mfehgcgbbipciphmccgaenjidiccnmng":"10911827E181B503A8404A16E839389D416822290B2582D9DA42A8A5E0A40346","mgndgikekgjfcpckkfioiadnlibdjbkf":"D1F52687FEDA27AFB1C55A27DB221FAEABA3C769E2D1D67CD197710610CEDED9","mhjfbmdgcfjbbpaeojofohoefgiehjai":"62092E07E1809286C389CFC715ED85752EE79D7A0CFE67E623D914F872627100","nbpagnldghgfoolbancepceaanlmhfmd":"F1C1628271E32F8B2762C95C32C626F1410572D4BA95201F0253315F68FAD242","neajdppkdcdipfabeoofebfddakdcjhd":"13F4D6972B576B96E6E139F0BD2D4B8EF518637A41D361FDF92C95DE072C33A8","nkeimhogjdpnpccoofpliimaahmaaome":"5AC9EF10595CD5FF7E8BF15E2715207CCE81A838DB49AD56BABC4BB20E14F7C2","nmmhkkegccagdldgiimedpiccmgmieda":"316BE80171DBC38A2DBE36CE4F4291636B247C19A3240DFEC9E780951CB30439","oadboiipflhobonjjffjbfekfjcgkhco":"BEFF014959607596CE3BB7F3CB1769E0952ADA9EF2AF32400D114177312B4FF9","ompiailgknfdndiefoaoiligalphfdae":"0E857CA4A34EA3A859DD073BA21D7AA213AD90FB9AAD6DC016ED7034A9C8F1D0","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"FF61DA9CBFEBADFA7779FDE2D69978EA379964DBE5DF1BD3F124813E781806D0","pjkljhegncpnkpknbcohdijeoejaedia":"85D049D82051460673A7E26862F8D69019F98ADAA27A12D94DD3FEBA503CD4C6"}},"google":{"services":{"account_id":"BB735E27AA51A034A1CB4B44802DE650C4A2ADD9B10A1BAA56C18793185BE295","last_username":"EFF15DF2DFC89AEC3C4AFF160658B2A2B636F7F63C0EFD065E73C699F65082FD","username":"371DA45A5CA1B41C4CB5049F8C6FD3A1E7DF08319FC86B4523F4A11272BD73DD"}},"homepage":"B4C0FE64BA93CEE98857302D286B27C939306CA614D54B4E452B5C0EC4275ED6","homepage_is_newtabpage":"19ACA725B74CC8F9221361D96A2E2D8E1842AD5F79730064C3AE4E7417773015","pinned_tabs":"980593F8C893F6EB0066CA6D3544F7B8FCFBC316B13485679A850917615E92EA","prefs":{"preference_reset_time":"801526C64C9CBC786C6ED68295AC867568A9FBFBFEAB79642AA98B902DFA8516"},"profile":{"reset_prompt_memento":"57988ADFEF1BCD7EFD1EC78B3A349DF3E44509E5DA39C3508176727178E505B2"},"safebrowsing":{"incidents_sent":"51ED7840DA8128911D502F7284E8D6B917F0110C08A5349C302C47AF7FAEF788"},"search_provider_overrides":"4947A155915AD7B490A8366E53FFF9D8FD279253F89439855282DBFA14BF6095","session":{"restore_on_startup":"68EC46D806E704B8FB47CD0D78BEFF4F692EC8F74A4145F5B1F9BAE9802C7096","startup_urls":"488F4D5C4F3080C0905AB36D730F642E685BB2D043BFD9A5B4C12C5909C9D2F8"},"software_reporter":{"prompt_reason":"87C262C19750F3DB620D9A735F065580F7A1560C428396F0D2063D02143A339B","prompt_seed":"2A25CA9F592164B6289FE41F97E2EC7557E979D28A6D68565887F24FD7267DB9","prompt_version":"03B1842D15D050B6A93AECF3D31574A466708DCF1CA7CAD9F38E56F3E7915C90"},"sync":{"remaining_rollback_tries":"8666774366F6C082B8D7CB08EB36B3E1A647044D36B68F64608FA1B71C70BBE2"}},"super_mac":"F74BB9FB7AEF573EC9F07419764B8C0D1D15BEBE17C2094F9CA16EA671874528"},"session":{"restore_on_startup":5,"startup_urls":["http://google.com/"]},"sync":{"remaining_rollback_tries":0}}
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2254185690-3351779975-16188528-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-2254185690-3351779975-16188528-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{F003DA68-8256-4b37-A6C4-350FA04494DF} deleted successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mafia 1.3 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E1BAD1BA-C0E8-4018-9281-E7D2C6B07474} deleted successfully
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SOE-C:/Users/Light/AppData/Local/Sony Online Entertainment/ApplicationUpdater deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AB1DAB1E8E0C810429187E2D6C0B4747 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STCAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZyngaGamesAgent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{C07C3FBC-8CAC-4C60-9F74-9D50C9500578} deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Light\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Light\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Light\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=800 folders=643 22410099160 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Light\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Light\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Thu 08/20/2015 at 12:09:05.69 ======================
 

Edited by 2lean4, 20 August 2015 - 05:14 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:05 PM

Posted 21 August 2015 - 10:36 AM

C:\Users\Light\AppData\Local\Temp


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
CloseProcesses:

C:\Users\Light\AppData\Local\Temp

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

The file downloader.tmp is not to be found on any of your logs.

Please run the Farbar Recovery Scan Tool one mote time. Enter downloader.tmp in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

#10 2lean4

2lean4
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:05 PM

Posted 21 August 2015 - 02:04 PM

no further detection by MSE, nor has there been any obvious adware-like behavior (new toolbars, bitcoin miners etc)
 
Fix result of Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Light (2015-08-21 10:30:50) Run:3
Running from C:\Users\Light\Downloads
Loaded Profiles: Light (Available Profiles: Light)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
C:\Users\Light\AppData\Local\Temp
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
"C:\Users\Light\AppData\Local\Temp" folder move:
 
Could not move "C:\Users\Light\AppData\Local\Temp" => Scheduled to move on reboot.
 
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-08-21 10:50:07)<=
 
C:\Users\Light\AppData\Local\Temp => moved successfully
 
==== End of Fixlog 10:50:14 ====
 
Farbar Recovery Scan Tool (x64) Version:20-08-2015
Ran by Light (2015-08-21 11:00:13)
Running from C:\Users\Light\Downloads
Boot Mode: Normal
 
================== Search Files: "downloader.tmp" =============
 
====== End of Search ======

Edited by 2lean4, 21 August 2015 - 08:56 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:05 PM

Posted 22 August 2015 - 07:54 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:05 PM

Posted 28 August 2015 - 07:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users