Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow internet, suspect infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 Lagmastac

Lagmastac

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 10 January 2016 - 02:47 AM

For the past few days I have had uncharacteristically slow internet and I suspect it's due to some type of malware. Typically I would just reinstall the OS, but I have too many things to lose on this computer to be able to do that. I ran Avast, Malwarebytes and AVG scans only to find nothing, it was only until I ran ESET's online scanner that I found 5 infections, 4 being "a variant of Win32/keygen.AD" and one being "a Win32 HackTool.Crack.BL". I was also redirected to a website at one point after I thought my computer was infected, something along the lines of "a.ttrack.com", although that isn't the exact name (can't remember what it was exactly). The infection is probably because of my downloading and installing of audio VSTs from torrents. I have seen how helpful BleepingComputer has been for others in the past so I was hoping you might be able to help me out with this.



BC AdBot (Login to Remove)

 


#2 Lagmastac

Lagmastac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 11 January 2016 - 06:15 PM

bump



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 12 January 2016 - 10:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


How is the computer running now?
Wait for further instructions.

#4 Lagmastac

Lagmastac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 12 January 2016 - 02:49 PM

# AdwCleaner v5.029 - Logfile created 12/01/2016 at 14:39:19
# Updated 11/01/2016 by Xplode
# Database : 2016-01-12.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Valence - VALENCE-PC
# Running from : C:\Users\Valence\Downloads\adwcleaner_5.029.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [592 bytes] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Valence (administrator) on VALENCE-PC (12-01-2016 14:43:53)
Running from C:\Users\Valence\Downloads\frst
Loaded Profiles: Valence (Available Profiles: Valence & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CPUID) C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-01] (AVAST Software)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1139112 2015-12-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2015-12-16] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\MountPoints2: I - I:\INSTALL.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-01] (AVAST Software)
Startup: C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fraps.lnk [2015-09-30]
ShortcutTarget: Fraps.lnk -> C:\Fraps\fraps.exe (Beepa P/L)
Startup: C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSI Afterburner.lnk [2015-10-03]
ShortcutTarget: MSI Afterburner.lnk -> C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
Startup: C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr - Shortcut.lnk [2015-09-27]
ShortcutTarget: taskmgr - Shortcut.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9522BF84-A691-4434-A652-4545E9E7B4F3}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-29] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-29] (AVAST Software)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-02]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-02]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://rateyourmusic.com/customchart?page=1&chart_type=top&type=album&year=alltime&genre_include=1&include_child_genres=1&genres=library+music&include_child_genres_chk=1&include=both&origin_countries=&limit=none&countries=
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-12-16]
CHR Extension: (Google Drive) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-07]
CHR Extension: (Gmail Offline) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-22]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnibmbcdeepaahjmddiihohjanlimlmj [2015-09-27]
CHR Extension: (Google Docs Offline) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]
CHR Extension: (Avast Online Security) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-30]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-27]
CHR Extension: (Gmail) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-27]
CHR HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-01] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2015-12-16] (AVG Technologies CZ, s.r.o.)
S2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1587640 2015-12-16] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3902984 2015-12-16] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1049000 2015-12-08] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2015-10-05] (EasyAntiCheat Ltd)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [322480 2015-10-10] (Locktime Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-01] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-01] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-01] (AVAST Software)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
R3 cpuz138; C:\Users\Valence\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-01-08] (CPUID)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-10-13] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [120720 2015-10-10] (Locktime Software)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-06-01] ()
S3 ALSysIO; \??\C:\Users\Valence\AppData\Local\Temp\ALSysIO64.sys [X]
S3 GPU-Z; \??\C:\Users\Valence\AppData\Local\Temp\GPU-Z.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 14:43 - 2016-01-12 14:43 - 00000000 ____D C:\Users\Valence\Downloads\frst
2016-01-12 14:43 - 2016-01-12 14:43 - 00000000 ____D C:\FRST
2016-01-12 14:39 - 2016-01-12 14:39 - 00000000 ____D C:\AdwCleaner
2016-01-12 14:37 - 2016-01-12 14:37 - 01754112 _____ C:\Users\Valence\Downloads\adwcleaner_5.029.exe
2016-01-10 19:26 - 2016-01-10 19:29 - 718238810 _____ C:\Users\Valence\Downloads\Final Fantasy - Crystal Chronicles (USA).7z
2016-01-09 20:53 - 2016-01-09 20:53 - 02870984 _____ (ESET) C:\Users\Valence\Downloads\esetsmartinstaller_enu (1).exe
2016-01-08 22:59 - 2016-01-08 22:59 - 31899222 _____ C:\Users\Valence\Downloads\L9Manual_EN.pdf
2016-01-08 22:59 - 2016-01-08 22:59 - 00000000 ____D C:\Users\Valence\Desktop\Manuelox
2016-01-08 00:40 - 2012-02-06 13:55 - 00974848 _____ (Uderzo Software e Consulenza Informatica) C:\Users\Valence\Desktop\SpaceSniffer.exe
2016-01-07 19:36 - 2016-01-12 13:25 - 00000000 ____D C:\ProgramData\MFAData
2016-01-07 19:36 - 2016-01-07 19:36 - 00000000 ____D C:\Users\Valence\AppData\Local\MFAData
2016-01-07 19:35 - 2016-01-07 19:35 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-07 19:35 - 2016-01-07 19:35 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-01-07 19:35 - 2016-01-07 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-07 19:33 - 2016-01-07 14:45 - 00000000 ____D C:\ProgramData\Avg
2016-01-07 19:33 - 2016-01-07 14:44 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-07 19:30 - 2016-01-07 19:35 - 00000000 ____D C:\Users\Valence\AppData\Local\AvgSetupLog
2016-01-07 19:30 - 2016-01-07 14:51 - 00000000 ____D C:\Users\Valence\AppData\Local\Avg
2016-01-07 19:29 - 2016-01-07 19:30 - 133417432 _____ (Symantec Corporation) C:\Users\Valence\Downloads\NSD5-TW-22.5.4-EN-US.exe
2016-01-07 19:29 - 2016-01-07 19:30 - 02970984 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Valence\Downloads\AVG_Protection_Free_698.exe
2016-01-07 14:51 - 2016-01-07 14:51 - 00000000 ____D C:\Users\Valence\AppData\Roaming\AVG
2016-01-07 14:50 - 2016-01-07 14:50 - 00000000 ____D C:\Users\Valence\AppData\Roaming\TuneUp Software
2016-01-07 14:50 - 2016-01-07 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-07 14:45 - 2016-01-07 14:45 - 00000000 ___HD C:\$AVG
2016-01-06 13:56 - 2016-01-06 13:56 - 00001723 _____ C:\Users\Public\Desktop\FTL - Advanced Edition.lnk
2016-01-03 10:22 - 2016-01-03 10:22 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-03 10:22 - 2016-01-03 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-03 10:21 - 2016-01-03 10:22 - 00000000 ____D C:\Program Files\iTunes
2016-01-03 10:21 - 2016-01-03 10:21 - 00000000 ____D C:\Program Files\iPod
2016-01-03 10:21 - 2016-01-03 10:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-02 21:21 - 2016-01-04 14:54 - 00000000 ____D C:\Users\Valence\AppData\Roaming\ToguAudioLine
2016-01-02 18:16 - 2016-01-02 18:16 - 01022221 _____ C:\Users\Valence\Downloads\fr_ultimate_ws.zip
2016-01-02 11:01 - 2016-01-02 11:01 - 00000000 ____D C:\Users\Valence\desktopemul8
2016-01-02 11:00 - 2016-01-02 11:00 - 00867785 _____ C:\Users\Valence\Downloads\zsnesw151.zip
2016-01-01 05:41 - 2016-01-01 05:45 - 736779319 _____ C:\Users\Valence\Downloads\Shadow of the Colossus (USA).7z
2016-01-01 05:41 - 2016-01-01 05:43 - 476869726 _____ C:\Users\Valence\Downloads\ICO (USA).7z
2016-01-01 05:40 - 2016-01-01 05:40 - 10658408 _____ C:\Users\Valence\Downloads\pcsx2-1.2.1-r5875-setup.exe
2015-12-28 04:50 - 2015-12-28 04:53 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Trine3
2015-12-27 09:05 - 2015-12-27 09:05 - 00000000 ____D C:\Users\Valence\Documents\Firefall
2015-12-27 09:05 - 2015-12-27 09:05 - 00000000 ____D C:\Users\Valence\AppData\Local\Red 5 Studios
2015-12-27 09:05 - 2015-12-27 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2015-12-27 09:05 - 2015-12-27 09:05 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
2015-12-26 08:55 - 2015-12-26 08:55 - 00000000 ____D C:\Users\Valence\AppData\Roaming\bsnes
2015-12-25 21:47 - 2015-12-25 21:47 - 75562126 _____ C:\Users\Valence\Downloads\Anya - Sea Maiden - Imgur.zip
2015-12-23 20:39 - 2015-12-23 20:39 - 00000000 ____D C:\Users\Administrator.Valence-PC\AppData\Local\AMD
2015-12-22 03:32 - 2015-12-22 03:32 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Macromedia
2015-12-22 03:30 - 2015-12-22 03:30 - 00000000 ____D C:\Users\Valence\AppData\Roaming\LolClient
2015-12-22 02:51 - 2015-12-22 02:51 - 00000000 ____D C:\ProgramData\Riot Games
2015-12-21 03:46 - 2015-12-21 03:46 - 00000000 ____D C:\Users\Valence\AppData\Local\SKIDROW
2015-12-21 03:42 - 2015-12-21 03:42 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Trine2
2015-12-21 01:32 - 2015-12-21 01:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frozenbyte
2015-12-21 01:30 - 2016-01-06 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-12-21 01:27 - 2016-01-06 13:56 - 00000000 ____D C:\GOG Games
2015-12-21 01:27 - 2015-12-21 01:27 - 00000000 ____D C:\Program Files (x86)\Frozenbyte
2015-12-20 23:46 - 2015-12-20 23:46 - 07878008 _____ (Microsoft Corporation) C:\Users\Valence\Downloads\Xbox360_64Eng.exe
2015-12-20 23:31 - 2015-12-20 23:31 - 00049097 _____ C:\Users\Valence\Downloads\vcruntime140.zip
2015-12-20 23:31 - 2015-12-20 23:31 - 00000000 ____D C:\Users\Valence\Documents\Dolphin Emulator
2015-12-20 23:30 - 2015-12-20 23:30 - 00204917 _____ C:\Users\Valence\Downloads\msvcp140.zip
2015-12-20 23:29 - 2015-12-20 23:29 - 07194312 _____ (Microsoft Corporation) C:\Users\Valence\Downloads\vcredist_x64.exe
2015-12-20 21:03 - 2015-12-20 21:03 - 00003430 _____ C:\Windows\System32\Tasks\{EA1E51D4-6DC7-4D46-87FB-705B2ABAFD9D}
2015-12-20 21:01 - 2015-12-22 19:22 - 00000000 ____D C:\Program Files\VSTPlugins
2015-12-20 20:32 - 2016-01-10 19:34 - 00000000 ____D C:\Users\Valence\Desktop\Emul8
2015-12-20 20:28 - 2015-12-20 20:28 - 00835834 _____ C:\Users\Valence\Downloads\bsnes_v085-64bit-1058.7z
2015-12-20 07:46 - 2015-12-20 07:47 - 05164868 _____ C:\Users\Valence\Downloads\dolphin-master-4.0-8396-x64.7z
2015-12-20 06:40 - 2015-12-20 06:41 - 00275720 _____ C:\Windows\Minidump\122015-34694-01.dmp
2015-12-20 06:14 - 2015-12-20 06:15 - 92958484 _____ C:\Users\Valence\Downloads\Sonic Adventure 2 Soundtrack.zip
2015-12-20 02:19 - 2015-12-20 02:19 - 00275720 _____ C:\Windows\Minidump\122015-43305-01.dmp
2015-12-19 17:20 - 2015-12-19 17:20 - 13565282 _____ C:\Users\Valence\Downloads\Meg Turney Me In My Place Album - Imgur.zip
2015-12-18 23:58 - 2015-12-19 23:04 - 00000000 ____D C:\Users\Valence\AppData\Roaming\OBS
2015-12-18 23:58 - 2015-12-18 23:58 - 07086848 _____ C:\Users\Valence\Downloads\OBS_0_657b_Installer.exe
2015-12-18 23:58 - 2015-12-18 23:58 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-12-18 23:58 - 2015-12-18 23:58 - 00000000 ____D C:\Program Files\OBS
2015-12-18 23:58 - 2015-12-18 23:58 - 00000000 ____D C:\Program Files (x86)\OBS
2015-12-18 22:28 - 2015-12-18 22:28 - 00000000 ____D C:\Program Files (x86)\LastPass
2015-12-18 03:50 - 2015-12-18 03:51 - 00275720 _____ C:\Windows\Minidump\121815-154128-01.dmp
2015-12-18 01:20 - 2015-12-18 01:20 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-12-18 01:20 - 2015-12-18 01:20 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Locktime
2015-12-18 01:20 - 2015-12-18 01:20 - 00000000 ____D C:\ProgramData\Locktime
2015-12-18 01:19 - 2015-12-18 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4
2015-12-18 01:19 - 2015-12-18 01:19 - 00000000 ____D C:\Program Files\Locktime Software
2015-12-18 01:18 - 2015-12-18 01:18 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Locktime Software
2015-12-18 01:14 - 2015-12-18 01:17 - 08030664 _____ (Locktime Software) C:\Users\Valence\Downloads\netlimiter-4.0.15.0.exe
2015-12-18 00:27 - 2015-12-26 02:05 - 00000000 ____D C:\Program Files\Cloud Imperium Games
2015-12-18 00:27 - 2015-12-18 00:27 - 00000911 _____ C:\Users\Administrator.Valence-PC\Desktop\Star Citizen Launcher.lnk
2015-12-18 00:27 - 2015-12-18 00:27 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Citizen Launcher
2015-12-18 00:25 - 2015-12-18 00:26 - 111464086 _____ (Cloud Imperium Games) C:\Users\Valence\Downloads\Star_Citizen_Launcher_Setup (3).exe
2015-12-17 23:02 - 2016-01-07 13:56 - 00574574 _____ C:\Windows\ntbtlog.txt
2015-12-17 23:02 - 2015-12-17 23:02 - 00275720 _____ C:\Windows\Minidump\121715-54881-01.dmp
2015-12-17 22:45 - 2015-12-17 22:46 - 111464086 _____ (Cloud Imperium Games) C:\Users\Valence\Downloads\Star_Citizen_Launcher_Setup (2).exe
2015-12-17 19:11 - 2015-12-17 19:11 - 00000000 ____D C:\Program Files (x86)\AMD
2015-12-17 19:08 - 2015-12-17 19:08 - 00000000 ____D C:\Users\Valence\AppData\Roaming\ATI
2015-12-17 19:08 - 2015-12-17 19:08 - 00000000 ____D C:\Users\Valence\AppData\Local\ATI
2015-12-17 19:08 - 2015-12-17 19:08 - 00000000 ____D C:\ProgramData\ATI
2015-12-17 19:06 - 2015-12-17 22:46 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2015-12-17 18:58 - 2015-12-17 19:00 - 314031720 _____ (AMD Inc.) C:\Users\Valence\Downloads\radeon-crimson-15.12-with-dotnet45-win7-64bit.exe
2015-12-17 18:58 - 2015-12-17 18:58 - 43733016 _____ (AMD Inc.) C:\Users\Valence\Downloads\radeon-crimson-15.12-sb-sata-ahci-win10-win8.1-win7-64bit.exe
2015-12-15 04:12 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-12-15 04:12 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-12-15 04:11 - 2015-12-15 04:11 - 00000000 ____D C:\Riot Games
2015-12-15 04:11 - 2015-12-15 04:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-12-15 04:11 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-12-15 04:02 - 2015-12-15 04:21 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Riot Games
2015-12-15 04:02 - 2015-12-15 04:02 - 27864920 _____ (Riot Games) C:\Users\Valence\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe
2015-12-15 00:58 - 2015-12-15 00:58 - 49419440 _____ (Hammer & Chisel, Inc.) C:\Users\Valence\Downloads\DiscordSetup.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 14:43 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-12 14:17 - 2015-09-27 16:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-12 11:50 - 2009-07-13 23:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-12 11:50 - 2009-07-13 23:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-11 22:17 - 2015-09-27 16:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-11 06:14 - 2015-10-06 04:31 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Audacity
2016-01-10 04:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-10 03:58 - 2015-11-12 00:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-09 19:23 - 2015-10-08 03:28 - 00007613 _____ C:\Users\Valence\AppData\Local\Resmon.ResmonCfg
2016-01-09 04:35 - 2015-09-27 16:28 - 00000000 ____D C:\Users\Valence\AppData\Roaming\qBittorrent
2016-01-07 19:21 - 2015-10-02 23:09 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-01-07 19:19 - 2015-09-27 20:00 - 00000000 ___RD C:\Users\Valence\Google Drive
2016-01-07 19:19 - 2015-09-27 16:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-07 19:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-07 17:06 - 2015-11-05 21:14 - 00000000 ____D C:\Users\Valence\Desktop\Tor Browser
2016-01-07 14:51 - 2015-12-03 14:20 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-07 14:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-06 13:58 - 2015-09-29 14:15 - 00000000 ____D C:\Users\Valence\Documents\My Games
2016-01-06 13:56 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-04 22:45 - 2015-10-09 04:00 - 00000000 ____D C:\Users\Valence\AppData\Local\ElevatedDiagnostics
2016-01-03 10:21 - 2015-10-13 21:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-02 11:02 - 2015-10-22 20:01 - 00000000 ____D C:\Users\Valence\Documents\GForce
2016-01-02 11:01 - 2015-09-27 15:58 - 00000000 ____D C:\Users\Valence
2015-12-31 12:41 - 2015-10-28 20:01 - 00000312 _____ C:\Users\Valence\bcedit.cfg
2015-12-30 13:48 - 2015-10-22 03:13 - 00000000 ____D C:\Users\Valence\AppData\Roaming\vlc
2015-12-29 16:11 - 2015-09-28 14:33 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-29 16:09 - 2009-07-14 00:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-24 23:11 - 2015-10-22 07:56 - 00003030 _____ C:\Windows\System32\Tasks\MSIAfterburner
2015-12-21 05:38 - 2015-11-28 05:54 - 00000000 ____D C:\Users\Valence\AppData\Local\AMD
2015-12-21 01:38 - 2015-09-27 17:06 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-20 21:01 - 2015-10-11 08:52 - 00000000 ____D C:\Ableton
2015-12-20 06:40 - 2015-10-01 12:07 - 923358597 _____ C:\Windows\MEMORY.DMP
2015-12-20 06:40 - 2015-10-01 12:07 - 00000000 ____D C:\Windows\Minidump
2015-12-18 13:49 - 2015-09-28 14:33 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-12-18 13:49 - 2015-09-28 14:33 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-12-18 07:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-12-18 06:51 - 2009-07-13 23:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-18 06:48 - 2015-09-27 17:13 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-12-18 06:47 - 2015-10-03 08:24 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-18 06:47 - 2015-10-03 08:24 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-18 06:25 - 2015-09-29 13:52 - 00000000 ____D C:\Windows\system32\MRT
2015-12-18 06:20 - 2015-09-29 13:52 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-17 19:08 - 2015-09-27 17:06 - 00000000 ____D C:\Program Files\AMD
2015-12-17 19:06 - 2015-09-27 17:05 - 00000000 ____D C:\AMD
2015-12-15 23:30 - 2015-11-10 14:17 - 00000000 ____D C:\Program Files (x86)\Fallout 4
2015-12-15 16:18 - 2015-09-27 16:06 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2015-10-08 03:28 - 2016-01-09 19:23 - 0007613 _____ () C:\Users\Valence\AppData\Local\Resmon.ResmonCfg
2015-10-08 02:43 - 2015-10-08 02:43 - 0000000 _____ () C:\Users\Valence\AppData\Local\{DD102EBA-DE69-4C1E-99B7-834AC0A66CB5}
 
Some files in TEMP:
====================
C:\Users\Valence\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Valence\AppData\Local\Temp\Cleanup.dll
C:\Users\Valence\AppData\Local\Temp\ddu.exe
C:\Users\Valence\AppData\Local\Temp\difxapi.dll
C:\Users\Valence\AppData\Local\Temp\dotNetFx45_Full_setup.exe
C:\Users\Valence\AppData\Local\Temp\InstHelper.exe
C:\Users\Valence\AppData\Local\Temp\msvcm80.dll
C:\Users\Valence\AppData\Local\Temp\msvcp80.dll
C:\Users\Valence\AppData\Local\Temp\msvcr80.dll
C:\Users\Valence\AppData\Local\Temp\nshC2CB.tmp.exe
C:\Users\Valence\AppData\Local\Temp\PlaySound.dll
C:\Users\Valence\AppData\Local\Temp\radeon-crimson-15.11-minimalsetup.exe
C:\Users\Valence\AppData\Local\Temp\safeguard.exe
C:\Users\Valence\AppData\Local\Temp\sqlite3.dll
C:\Users\Valence\AppData\Local\Temp\tmp3A80.exe
C:\Users\Valence\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NS__{54308219-A277-403F-AEE1-755274338EA3}.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-09 03:37
 
==================== End of FRST.txt ============================

 

 

 

The internet on this computer is still slower than it usually is.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 13 January 2016 - 08:28 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast Online Security) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-29]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [X]
S3 ALSysIO; \??\C:\Users\Valence\AppData\Local\Temp\ALSysIO64.sys [X]
S3 GPU-Z; \??\C:\Users\Valence\AppData\Local\Temp\GPU-Z.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-01-07 19:19 - 2016-01-07 19:19 - 00098816 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32api.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00110080 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\pywintypes27.dll
2016-01-07 19:19 - 2016-01-07 19:19 - 00364544 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\pythoncom27.dll
2016-01-07 19:19 - 2016-01-07 19:19 - 00046080 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_socket.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 01208320 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_ssl.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00320512 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32com.shell.shell.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00776704 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_hashlib.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 01176576 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._core_.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00806400 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._gdi_.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00816128 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._windows_.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 01067008 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._controls_.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00733184 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._misc_.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00682496 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\pysqlite2._sqlite.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00088064 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_ctypes.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00119808 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32file.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00108544 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32security.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00007168 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\hashobjs_ext.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00017920 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\thumbnails_ext.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00079360 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\usb_ext.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00167936 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32gui.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00018432 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32event.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00128512 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_elementtree.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00127488 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\pyexpat.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00013824 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\common.time34.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00036864 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_psutil_windows.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00038912 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32inet.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00525640 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\windows._lib_cacheinvalidation.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00011264 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32crypt.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00077312 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._html2.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00027136 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_multiprocessing.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00020480 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_yappi.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00035840 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32process.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00686080 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\unicodedata.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00123392 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._wizard.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00024064 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32pipe.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00010240 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\select.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00025600 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32pdh.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00017408 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32profile.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00022528 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32ts.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00078848 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._animate.pyd
C:\Users\Valence\AppData\Local\Temp\_MEI5282
C:\Users\Valence\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Valence\AppData\Local\Temp\Cleanup.dll
C:\Users\Valence\AppData\Local\Temp\ddu.exe
C:\Users\Valence\AppData\Local\Temp\difxapi.dll
C:\Users\Valence\AppData\Local\Temp\dotNetFx45_Full_setup.exe
C:\Users\Valence\AppData\Local\Temp\InstHelper.exe
C:\Users\Valence\AppData\Local\Temp\msvcm80.dll
C:\Users\Valence\AppData\Local\Temp\msvcp80.dll
C:\Users\Valence\AppData\Local\Temp\msvcr80.dll
C:\Users\Valence\AppData\Local\Temp\nshC2CB.tmp.exe
C:\Users\Valence\AppData\Local\Temp\PlaySound.dll
C:\Users\Valence\AppData\Local\Temp\radeon-crimson-15.11-minimalsetup.exe
C:\Users\Valence\AppData\Local\Temp\safeguard.exe
C:\Users\Valence\AppData\Local\Temp\sqlite3.dll
C:\Users\Valence\AppData\Local\Temp\tmp3A80.exe
C:\Users\Valence\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NS__{54308219-A277-403F-AEE1-755274338EA3}.exe
 

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

P.S.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)

Please post the logs and let me know what problem persists.

#6 Lagmastac

Lagmastac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 14 January 2016 - 08:17 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Valence (2016-01-13 22:41:32) Run:3
Running from C:\Users\Valence\Downloads\frst
Loaded Profiles: Valence (Available Profiles: Valence & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast Online Security) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-30]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-11-29]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-29]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
S2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [X]
S3 ALSysIO; \??\C:\Users\Valence\AppData\Local\Temp\ALSysIO64.sys [X]
S3 GPU-Z; \??\C:\Users\Valence\AppData\Local\Temp\GPU-Z.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-01-07 19:19 - 2016-01-07 19:19 - 00098816 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32api.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00110080 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\pywintypes27.dll
2016-01-07 19:19 - 2016-01-07 19:19 - 00364544 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\pythoncom27.dll
2016-01-07 19:19 - 2016-01-07 19:19 - 00046080 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_socket.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 01208320 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_ssl.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00320512 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32com.shell.shell.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00776704 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_hashlib.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 01176576 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._core_.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00806400 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._gdi_.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00816128 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._windows_.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 01067008 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._controls_.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00733184 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._misc_.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00682496 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\pysqlite2._sqlite.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00088064 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_ctypes.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00119808 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32file.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00108544 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32security.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00007168 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\hashobjs_ext.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00017920 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\thumbnails_ext.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00079360 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\usb_ext.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00167936 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32gui.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00018432 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32event.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00128512 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_elementtree.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00127488 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\pyexpat.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00013824 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\common.time34.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00036864 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_psutil_windows.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00038912 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32inet.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00525640 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\windows._lib_cacheinvalidation.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00011264 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32crypt.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00077312 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._html2.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00027136 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_multiprocessing.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00020480 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\_yappi.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00035840 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32process.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00686080 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\unicodedata.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00123392 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._wizard.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00024064 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32pipe.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00010240 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\select.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00025600 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32pdh.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00017408 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32profile.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00022528 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32ts.pyd
2016-01-07 19:19 - 2016-01-07 19:19 - 00078848 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._animate.pyd
C:\Users\Valence\AppData\Local\Temp\_MEI5282
C:\Users\Valence\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Valence\AppData\Local\Temp\Cleanup.dll
C:\Users\Valence\AppData\Local\Temp\ddu.exe
C:\Users\Valence\AppData\Local\Temp\difxapi.dll
C:\Users\Valence\AppData\Local\Temp\dotNetFx45_Full_setup.exe
C:\Users\Valence\AppData\Local\Temp\InstHelper.exe
C:\Users\Valence\AppData\Local\Temp\msvcm80.dll
C:\Users\Valence\AppData\Local\Temp\msvcp80.dll
C:\Users\Valence\AppData\Local\Temp\msvcr80.dll
C:\Users\Valence\AppData\Local\Temp\nshC2CB.tmp.exe
C:\Users\Valence\AppData\Local\Temp\PlaySound.dll
C:\Users\Valence\AppData\Local\Temp\radeon-crimson-15.11-minimalsetup.exe
C:\Users\Valence\AppData\Local\Temp\safeguard.exe
C:\Users\Valence\AppData\Local\Temp\sqlite3.dll
C:\Users\Valence\AppData\Local\Temp\tmp3A80.exe
C:\Users\Valence\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NS__{54308219-A277-403F-AEE1-755274338EA3}.exe
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
AvastVBoxSvc => service could not remove
ekrn => service removed successfully
ALSysIO => service removed successfully
GPU-Z => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VBoxAswDrv => service could not remove
VGPU => service removed successfully
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32api.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\pywintypes27.dll" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\pythoncom27.dll" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\_socket.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\_ssl.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32com.shell.shell.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\_hashlib.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._core_.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._gdi_.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._windows_.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._controls_.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._misc_.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\pysqlite2._sqlite.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\_ctypes.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32file.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32security.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\hashobjs_ext.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\thumbnails_ext.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\usb_ext.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32gui.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32event.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\_elementtree.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\pyexpat.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\common.time34.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\_psutil_windows.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32inet.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\windows._lib_cacheinvalidation.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32crypt.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._html2.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\_multiprocessing.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\_yappi.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32process.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\unicodedata.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._wizard.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32pipe.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\select.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32pdh.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32profile.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\win32ts.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282\wx._animate.pyd" => not found.
"C:\Users\Valence\AppData\Local\Temp\_MEI5282" => not found.
C:\Users\Valence\AppData\Local\Temp\AMDCleanupUtility.exe => moved successfully
C:\Users\Valence\AppData\Local\Temp\Cleanup.dll => moved successfully
C:\Users\Valence\AppData\Local\Temp\ddu.exe => moved successfully
C:\Users\Valence\AppData\Local\Temp\difxapi.dll => moved successfully
C:\Users\Valence\AppData\Local\Temp\dotNetFx45_Full_setup.exe => moved successfully
C:\Users\Valence\AppData\Local\Temp\InstHelper.exe => moved successfully
C:\Users\Valence\AppData\Local\Temp\msvcm80.dll => moved successfully
C:\Users\Valence\AppData\Local\Temp\msvcp80.dll => moved successfully
C:\Users\Valence\AppData\Local\Temp\msvcr80.dll => moved successfully
C:\Users\Valence\AppData\Local\Temp\nshC2CB.tmp.exe => moved successfully
C:\Users\Valence\AppData\Local\Temp\PlaySound.dll => moved successfully
C:\Users\Valence\AppData\Local\Temp\radeon-crimson-15.11-minimalsetup.exe => moved successfully
C:\Users\Valence\AppData\Local\Temp\safeguard.exe => moved successfully
"C:\Users\Valence\AppData\Local\Temp\sqlite3.dll" => not found.
C:\Users\Valence\AppData\Local\Temp\tmp3A80.exe => moved successfully
C:\Users\Valence\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NS__{54308219-A277-403F-AEE1-755274338EA3}.exe => moved successfully
EmptyTemp: => 978.5 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-13 22:52:40)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 22:52:40 ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Valence (Administrator) on Thu 01/14/2016 at  7:50:57.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Failed to delete: C:\Users\Valence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZNGNOQEZ (Folder) 
Successfully deleted: C:\Users\Valence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2ZHMALQ1 (Folder) 
Successfully deleted: C:\Users\Valence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IE62GQQU (Folder) 
Successfully deleted: C:\Users\Valence\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XVNXDIHU (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/14/2016 at  7:56:25.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
The internet doesn't seem to have had any issues since I ran FRST.
 
I also updated Java to the latest version and uninstalled all the old software, thank you for telling me it was out of date.

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 14 January 2016 - 10:36 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 20 January 2016 - 09:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#9 Lagmastac

Lagmastac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 26 January 2016 - 01:47 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Valence (administrator) on VALENCE-PC (26-01-2016 13:43:25)
Running from C:\Users\Valence\Downloads\frst
Loaded Profiles: Valence (Available Profiles: Valence & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Beepa P/L) C:\Fraps\fraps.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(CPUID) C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Ableton) C:\Ableton\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
() C:\Ableton\Ableton\Live 9 Suite\Resources\Extensions\Index\Ableton Index.exe
() C:\Ableton\VSTPlugins\JBridge\auxhost.exe
() C:\Ableton\VSTPlugins\JBridge\auxhost.exe
() C:\Ableton\VSTPlugins\JBridge\auxhost.exe
() C:\Ableton\VSTPlugins\JBridge\auxhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-16] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\8c800c5a-63ab-4650-9a70-6527aa698c26.exe [168336 2016-01-21] (AVAST Software)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\MountPoints2: I - I:\INSTALL.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-16] (AVAST Software)
Startup: C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fraps.lnk [2015-09-30]
ShortcutTarget: Fraps.lnk -> C:\Fraps\fraps.exe (Beepa P/L)
Startup: C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSI Afterburner.lnk [2015-10-03]
ShortcutTarget: MSI Afterburner.lnk -> C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe ()
Startup: C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr - Shortcut.lnk [2015-09-27]
ShortcutTarget: taskmgr - Shortcut.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9522BF84-A691-4434-A652-4545E9E7B4F3}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-16] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-16] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-16]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-16]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://voteforbernie.org/#nc
CHR Profile: C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (BetterTTV) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-12-16]
CHR Extension: (Google Drive) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-07]
CHR Extension: (Gmail Offline) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-10-22]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnibmbcdeepaahjmddiihohjanlimlmj [2015-09-27]
CHR Extension: (Google Docs Offline) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]
CHR Extension: (Avast Online Security) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-27]
CHR Extension: (Gmail) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-27]
CHR HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-16] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1587640 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [245544 2015-10-05] (EasyAntiCheat Ltd)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [322480 2015-10-10] (Locktime Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-16] (AVAST Software)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
R3 cpuz138; C:\Users\Valence\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-01-25] (CPUID)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2015-10-13] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-07] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 nldrv; C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [120720 2015-10-10] (Locktime Software)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-06-01] ()
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-25 20:03 - 2016-01-25 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-01-25 20:02 - 2016-01-25 20:02 - 16933971 _____ (The qBittorrent project) C:\Users\Valence\Downloads\qbittorrent_3.3.3_setup.exe
2016-01-25 20:02 - 2016-01-25 20:02 - 16933971 _____ (The qBittorrent project) C:\Users\Valence\Downloads\qbittorrent_3.3.3_setup (1).exe
2016-01-24 16:03 - 2016-01-24 18:27 - 132766565 _____ C:\Users\Valence\Downloads\hanamiblossom-mfc-201511240411.mp4
2016-01-24 11:29 - 2016-01-24 11:29 - 00064292 _____ C:\Users\Valence\Downloads\opolnocy-sie-zjawili.mid
2016-01-22 21:08 - 2016-01-22 21:08 - 00000260 _____ C:\Users\Valence\Downloads\Non-Pythagorean_scale_on_C.mid
2016-01-22 06:02 - 2016-01-22 06:02 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2016-01-22 06:02 - 2016-01-22 06:02 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2016-01-20 01:16 - 2016-01-20 01:18 - 4130832637 _____ C:\Users\Valence\Downloads\AFX SoundCloud Trax.zip
2016-01-18 20:57 - 2016-01-18 20:57 - 16918448 _____ (The qBittorrent project) C:\Users\Valence\Downloads\qbittorrent_3.3.2_setup.exe
2016-01-16 01:40 - 2016-01-16 01:35 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-16 01:39 - 2016-01-16 01:39 - 00000000 ____D C:\Users\Valence\AppData\Roaming\AVAST Software
2016-01-16 01:38 - 2016-01-16 01:38 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-16 01:38 - 2016-01-16 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-16 01:37 - 2016-01-20 13:41 - 00464256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-16 01:37 - 2016-01-16 01:41 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-16 01:37 - 2016-01-16 01:37 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1453315314041
2016-01-16 01:37 - 2016-01-16 01:35 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-16 01:37 - 2016-01-16 01:35 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-16 01:37 - 2016-01-16 01:35 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-16 01:36 - 2016-01-20 13:41 - 01065208 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-01-16 01:36 - 2016-01-16 01:37 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-01-16 01:36 - 2016-01-16 01:35 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1453315314041
2016-01-16 01:36 - 2016-01-16 01:35 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-16 01:36 - 2016-01-16 01:35 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-16 01:35 - 2016-01-16 01:35 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-16 01:34 - 2016-01-16 01:34 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-16 00:46 - 2016-01-16 00:47 - 05065856 _____ (AVAST Software) C:\Users\Valence\Downloads\avast_free_antivirus_setup_online.exe
2016-01-15 04:46 - 2016-01-15 04:46 - 58421648 _____ C:\Users\Valence\Downloads\Hotel Prepared Piano.zip
2016-01-15 04:46 - 2016-01-15 04:46 - 15538661 _____ C:\Users\Valence\Downloads\Amplified Cactus.zip
2016-01-14 07:56 - 2016-01-14 07:56 - 00001068 _____ C:\Users\Valence\Desktop\JRT.txt
2016-01-14 04:59 - 2016-01-14 04:59 - 00005526 _____ C:\Users\Valence\Downloads\JynweythekYlow (1).mid
2016-01-14 04:59 - 2016-01-14 04:59 - 00003998 _____ C:\Users\Valence\Downloads\HyAScullyas.midi
2016-01-14 04:58 - 2016-01-14 04:58 - 00005858 _____ C:\Users\Valence\Downloads\Avril14.mid
2016-01-14 03:47 - 2016-01-14 03:47 - 06069353 _____ C:\Users\Valence\Downloads\MaxiVistaDemo_x64.zip
2016-01-14 02:13 - 2016-01-14 02:24 - 00000300 _____ C:\Users\Valence\Documents\synergy.sgc
2016-01-14 01:56 - 2016-01-14 01:56 - 02059112 _____ C:\Users\Valence\Downloads\REDETH-00247766-0042.EXE
2016-01-14 01:53 - 2016-01-14 01:55 - 177973096 _____ C:\Users\Valence\Downloads\NVDVID-00247791-0042.EXE
2016-01-14 01:53 - 2016-01-14 01:55 - 133055848 _____ C:\Users\Valence\Downloads\AHDBLT-00248344-0042.EXE
2016-01-14 00:59 - 2016-01-14 00:59 - 00001883 _____ C:\Users\Valence\Desktop\Synergy.lnk
2016-01-14 00:59 - 2016-01-14 00:59 - 00001883 _____ C:\Users\Administrator.Valence-PC\Desktop\Synergy.lnk
2016-01-14 00:59 - 2016-01-14 00:59 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synergy
2016-01-14 00:59 - 2016-01-14 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synergy
2016-01-14 00:59 - 2016-01-14 00:59 - 00000000 ____D C:\Program Files (x86)\Synergy
2016-01-14 00:58 - 2016-01-25 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-14 00:58 - 2016-01-25 20:37 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-13 23:10 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 23:10 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 23:10 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 23:10 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 23:10 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 23:10 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 23:10 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 23:10 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 23:10 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 23:10 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 23:09 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 23:09 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 23:09 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 23:09 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 23:09 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 23:09 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 23:09 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 23:09 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 23:09 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 23:09 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 23:09 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-13 23:09 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 23:09 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 23:09 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-13 23:09 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 23:09 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 23:09 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 23:09 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 23:09 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 23:09 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 23:09 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 23:09 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 23:09 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 23:09 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 23:09 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 23:09 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 23:09 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 23:09 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 23:09 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 23:09 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 23:09 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 23:09 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 23:09 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 23:09 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 23:09 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-13 23:09 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 23:09 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 23:09 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 23:09 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 23:09 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 23:09 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 23:09 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 23:09 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 23:09 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-13 23:09 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 23:09 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 23:09 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 23:09 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 23:09 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 23:09 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 23:09 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 23:09 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 23:09 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 22:56 - 2016-01-13 22:56 - 00584288 _____ (Oracle Corporation) C:\Users\Valence\Downloads\chromeinstall-8u66.exe
2016-01-13 22:55 - 2016-01-13 22:55 - 01600184 _____ (Malwarebytes) C:\Users\Valence\Downloads\JRT.exe
2016-01-13 22:40 - 2016-01-13 22:41 - 01754112 _____ C:\Users\Valence\Downloads\adwcleaner_5.029 (1).exe
2016-01-13 22:24 - 2016-01-13 22:33 - 00048039 _____ C:\Users\Valence\Downloads\Addition.txt
2016-01-13 22:16 - 2016-01-13 22:33 - 00036155 _____ C:\Users\Valence\Downloads\FRST.txt
2016-01-13 22:15 - 2016-01-13 22:15 - 01754112 _____ C:\Users\Valence\Downloads\adwcleaner_5.029.exe
2016-01-13 21:30 - 2016-01-13 21:30 - 00000000 __SHD C:\found.001
2016-01-13 19:51 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 19:51 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 19:51 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 19:51 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 19:51 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 19:51 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 19:51 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 19:51 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 19:51 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 19:51 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 19:51 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 19:51 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 19:51 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 19:51 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 19:51 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 19:51 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 19:51 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 19:51 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 19:51 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 19:51 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 19:51 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 19:51 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 19:51 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 19:51 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 19:51 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 19:51 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 19:51 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 19:51 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 19:51 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 19:51 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 19:51 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 19:51 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 19:51 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 19:51 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 19:51 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 19:51 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 19:51 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 19:51 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 19:51 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 19:51 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 19:51 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 19:51 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 19:51 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 19:51 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 19:51 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 19:51 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 19:51 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 19:51 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 19:51 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 19:51 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 19:51 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 19:51 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 19:51 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 19:51 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 19:51 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 19:51 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 19:51 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 19:51 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 19:51 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 19:51 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 19:51 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 19:51 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 19:51 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 19:51 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 19:51 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-13 19:51 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 19:51 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 19:51 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 19:51 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 19:51 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 19:51 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 19:51 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 19:51 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 19:51 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 19:51 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 19:51 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 19:51 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-13 19:51 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 19:51 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 19:51 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 19:51 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 19:51 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 19:51 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 19:51 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 19:51 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 19:51 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 19:51 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 19:51 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 19:51 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 19:51 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 19:51 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 19:51 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 19:51 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 19:51 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 19:51 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 19:51 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 19:51 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 19:51 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 19:51 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 19:51 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 19:51 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 19:51 - 2015-11-16 20:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-13 19:51 - 2015-11-16 20:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 19:51 - 2015-11-16 20:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 19:51 - 2015-11-16 20:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-13 19:51 - 2015-11-16 20:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-13 19:51 - 2015-11-16 20:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-13 19:51 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 19:51 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 19:51 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 19:51 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 19:51 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 19:51 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 19:51 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 19:24 - 2016-01-25 20:39 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-13 06:21 - 2016-01-13 06:21 - 00000000 ____D C:\Users\Valence\AppData\LocalLow\Lazy Bear Games
2016-01-13 01:34 - 2016-01-13 01:34 - 00005526 _____ C:\Users\Valence\Downloads\JynweythekYlow.mid
2016-01-12 14:43 - 2016-01-26 13:43 - 00000000 ____D C:\Users\Valence\Downloads\frst
2016-01-12 14:43 - 2016-01-26 13:43 - 00000000 ____D C:\FRST
2016-01-12 14:39 - 2016-01-12 14:39 - 00000000 ____D C:\AdwCleaner
2016-01-10 19:26 - 2016-01-10 19:29 - 718238810 _____ C:\Users\Valence\Downloads\Final Fantasy - Crystal Chronicles (USA).7z
2016-01-08 22:59 - 2016-01-08 22:59 - 31899222 _____ C:\Users\Valence\Downloads\L9Manual_EN.pdf
2016-01-08 22:59 - 2016-01-08 22:59 - 00000000 ____D C:\Users\Valence\Desktop\Manuelox
2016-01-08 00:40 - 2012-02-06 13:55 - 00974848 _____ (Uderzo Software e Consulenza Informatica) C:\Users\Valence\Desktop\SpaceSniffer.exe
2016-01-07 19:36 - 2016-01-26 12:56 - 00000000 ____D C:\ProgramData\MFAData
2016-01-07 19:36 - 2016-01-07 19:36 - 00000000 ____D C:\Users\Valence\AppData\Local\MFAData
2016-01-07 19:35 - 2016-01-13 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-07 19:35 - 2016-01-07 19:35 - 00000862 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-07 19:35 - 2016-01-07 19:35 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-01-07 19:33 - 2016-01-07 14:45 - 00000000 ____D C:\ProgramData\Avg
2016-01-07 19:33 - 2016-01-07 14:44 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-07 19:30 - 2016-01-22 06:02 - 00000000 ____D C:\Users\Valence\AppData\Local\Avg
2016-01-07 19:30 - 2016-01-07 19:35 - 00000000 ____D C:\Users\Valence\AppData\Local\AvgSetupLog
2016-01-07 19:29 - 2016-01-07 19:30 - 133417432 _____ (Symantec Corporation) C:\Users\Valence\Downloads\NSD5-TW-22.5.4-EN-US.exe
2016-01-07 19:29 - 2016-01-07 19:30 - 02970984 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Valence\Downloads\AVG_Protection_Free_698.exe
2016-01-07 14:51 - 2016-01-07 14:51 - 00000000 ____D C:\Users\Valence\AppData\Roaming\AVG
2016-01-07 14:50 - 2016-01-22 06:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-07 14:50 - 2016-01-07 14:50 - 00000000 ____D C:\Users\Valence\AppData\Roaming\TuneUp Software
2016-01-07 14:45 - 2016-01-07 14:45 - 00000000 ___HD C:\$AVG
2016-01-06 13:56 - 2016-01-06 13:56 - 00001723 _____ C:\Users\Public\Desktop\FTL - Advanced Edition.lnk
2016-01-03 10:22 - 2016-01-13 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-03 10:22 - 2016-01-03 10:22 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-03 10:21 - 2016-01-03 10:22 - 00000000 ____D C:\Program Files\iTunes
2016-01-03 10:21 - 2016-01-03 10:21 - 00000000 ____D C:\Program Files\iPod
2016-01-03 10:21 - 2016-01-03 10:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-02 21:21 - 2016-01-04 14:54 - 00000000 ____D C:\Users\Valence\AppData\Roaming\ToguAudioLine
2016-01-02 18:16 - 2016-01-02 18:16 - 01022221 _____ C:\Users\Valence\Downloads\fr_ultimate_ws.zip
2016-01-02 11:01 - 2016-01-02 11:01 - 00000000 ____D C:\Users\Valence\desktopemul8
2016-01-02 11:00 - 2016-01-02 11:00 - 00867785 _____ C:\Users\Valence\Downloads\zsnesw151.zip
2016-01-01 05:41 - 2016-01-01 05:45 - 736779319 _____ C:\Users\Valence\Downloads\Shadow of the Colossus (USA).7z
2016-01-01 05:41 - 2016-01-01 05:43 - 476869726 _____ C:\Users\Valence\Downloads\ICO (USA).7z
2016-01-01 05:40 - 2016-01-01 05:40 - 10658408 _____ C:\Users\Valence\Downloads\pcsx2-1.2.1-r5875-setup.exe
2015-12-28 04:50 - 2015-12-28 04:53 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Trine3
2015-12-27 09:05 - 2015-12-27 09:05 - 00000000 ____D C:\Users\Valence\Documents\Firefall
2015-12-27 09:05 - 2015-12-27 09:05 - 00000000 ____D C:\Users\Valence\AppData\Local\Red 5 Studios
2015-12-27 09:05 - 2015-12-27 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2015-12-27 09:05 - 2015-12-27 09:05 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-26 13:41 - 2009-07-13 23:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-26 13:41 - 2009-07-13 23:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-26 13:17 - 2015-09-27 16:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-26 11:34 - 2015-10-08 03:28 - 00007616 _____ C:\Users\Valence\AppData\Local\Resmon.ResmonCfg
2016-01-26 11:34 - 2015-10-06 04:31 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Audacity
2016-01-25 22:17 - 2015-09-27 16:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-25 20:39 - 2015-10-12 19:13 - 00000000 ____D C:\ProgramData\Oracle
2016-01-25 20:37 - 2015-10-12 19:14 - 00000000 ____D C:\Users\Valence\.oracle_jre_usage
2016-01-25 20:03 - 2015-09-27 16:28 - 00000000 ____D C:\Users\Valence\AppData\Roaming\qBittorrent
2016-01-25 20:03 - 2015-09-27 16:28 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-01-24 18:53 - 2015-10-22 03:13 - 00000000 ____D C:\Users\Valence\AppData\Roaming\vlc
2016-01-24 16:07 - 2015-09-27 15:58 - 00000000 ____D C:\Users\Valence
2016-01-24 01:00 - 2015-10-09 04:00 - 00000000 ____D C:\Users\Valence\AppData\Local\ElevatedDiagnostics
2016-01-21 12:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2016-01-20 07:23 - 2015-09-27 16:09 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-20 07:22 - 2015-12-18 00:27 - 00000000 ____D C:\Program Files\Cloud Imperium Games
2016-01-18 23:16 - 2015-09-27 20:00 - 00000000 ___RD C:\Users\Valence\Google Drive
2016-01-18 23:13 - 2015-10-02 20:04 - 00721040 _____ C:\Windows\system32\perfh00A.dat
2016-01-18 23:13 - 2015-10-02 20:04 - 00716516 _____ C:\Windows\system32\perfh010.dat
2016-01-18 23:13 - 2015-10-02 20:04 - 00690348 _____ C:\Windows\system32\perfh00C.dat
2016-01-18 23:13 - 2015-10-02 20:04 - 00459046 _____ C:\Windows\system32\perfh001.dat
2016-01-18 23:13 - 2015-10-02 20:04 - 00375796 _____ C:\Windows\system32\perfh00D.dat
2016-01-18 23:13 - 2015-10-02 20:04 - 00148720 _____ C:\Windows\system32\perfc00A.dat
2016-01-18 23:13 - 2015-10-02 20:04 - 00138126 _____ C:\Windows\system32\perfc010.dat
2016-01-18 23:13 - 2015-10-02 20:04 - 00130016 _____ C:\Windows\system32\perfc00C.dat
2016-01-18 23:13 - 2015-10-02 20:04 - 00087502 _____ C:\Windows\system32\perfc001.dat
2016-01-18 23:13 - 2015-10-02 20:04 - 00077488 _____ C:\Windows\system32\perfc00D.dat
2016-01-18 23:09 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 23:08 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-18 23:08 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-01-18 23:08 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-01-18 23:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-18 23:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-16 01:34 - 2015-09-28 14:31 - 00000000 ____D C:\ProgramData\AVAST Software
2016-01-16 01:26 - 2015-09-27 17:13 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-01-16 01:25 - 2015-10-22 07:56 - 00003030 _____ C:\Windows\System32\Tasks\MSIAfterburner
2016-01-15 05:00 - 2015-10-11 08:52 - 00000000 ____D C:\Ableton
2016-01-14 19:24 - 2015-09-27 16:06 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-14 18:00 - 2015-10-02 23:09 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-01-14 17:18 - 2009-07-14 00:13 - 04394674 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-14 17:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-14 17:12 - 2009-07-13 23:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-14 17:08 - 2015-09-29 14:11 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-14 17:08 - 2015-09-29 14:11 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-14 03:13 - 2015-09-29 13:52 - 00000000 ____D C:\Windows\system32\MRT
2016-01-14 03:08 - 2015-09-29 13:52 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-14 00:57 - 2015-10-13 02:19 - 00000000 ____D C:\Program Files\Java
2016-01-13 23:57 - 2015-12-18 23:58 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-01-13 23:57 - 2015-12-18 01:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLimiter 4
2016-01-13 23:57 - 2015-12-15 04:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-01-13 23:57 - 2015-12-03 14:20 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-01-13 23:57 - 2015-10-17 07:21 - 00000000 ____D C:\Users\Administrator.Valence-PC
2016-01-13 23:57 - 2015-10-10 15:41 - 00000000 ____D C:\Users\Valence\AppData\Roaming\Winamp
2016-01-13 23:57 - 2015-10-03 08:24 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-13 23:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-13 23:56 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-01-13 22:10 - 2015-10-25 14:25 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 22:07 - 2015-10-25 14:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-07 19:22 - 2015-11-12 00:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-07 17:06 - 2015-11-05 21:14 - 00000000 ____D C:\Users\Valence\Desktop\Tor Browser
2016-01-07 14:51 - 2015-12-03 14:20 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-07 13:56 - 2015-12-17 23:02 - 00574574 _____ C:\Windows\ntbtlog.txt
2016-01-06 13:58 - 2015-09-29 14:15 - 00000000 ____D C:\Users\Valence\Documents\My Games
2016-01-06 13:56 - 2015-12-21 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-01-06 13:56 - 2015-12-21 01:27 - 00000000 ____D C:\GOG Games
2016-01-03 10:21 - 2015-10-13 21:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-02 11:02 - 2015-10-22 20:01 - 00000000 ____D C:\Users\Valence\Documents\GForce
2016-01-02 11:01 - 2015-12-20 20:32 - 00000000 ____D C:\Users\Valence\Desktop\Emul8
2015-12-31 12:41 - 2015-10-28 20:01 - 00000312 _____ C:\Users\Valence\bcedit.cfg
2015-12-29 16:09 - 2009-07-14 00:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2015-10-08 03:28 - 2016-01-26 11:34 - 0007616 _____ () C:\Users\Valence\AppData\Local\Resmon.ResmonCfg
2015-10-08 02:43 - 2015-10-08 02:43 - 0000000 _____ () C:\Users\Valence\AppData\Local\{DD102EBA-DE69-4C1E-99B7-834AC0A66CB5}
 
Some files in TEMP:
====================
C:\Users\Valence\AppData\Local\Temp\avguirn_08879850804.exe
C:\Users\Valence\AppData\Local\Temp\jre-8u71-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-09 03:37
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Valence (2016-01-26 13:44:45)
Running from C:\Users\Valence\Downloads\frst
Windows 7 Ultimate Service Pack 1 (X64) (2015-09-27 20:58:03)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3305886847-3635493196-2145276194-500 - Administrator - Enabled) => C:\Users\Administrator.Valence-PC
Guest (S-1-5-21-3305886847-3635493196-2145276194-501 - Limited - Disabled)
Valence (S-1-5-21-3305886847-3635493196-2145276194-1000 - Administrator - Enabled) => C:\Users\Valence
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG Internet Security (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 9 Suite (HKLM\...\{99C4D476-0AF0-4045-998F-E11CA4957BDB}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM-x32\...\{2CF88DC8-E126-481F-9CDB-5044C501A71E}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
AIDA64 5.50.3600 (HKLM-x32\...\AIDA64_is1) (Version: 5.50.3600 - l-rePack®)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Camel Audio Alchemy64 (HKLM-x32\...\Camel Audio Alchemy64) (Version: 1.25.0 - Camel Audio)
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVE Online (HKLM-x32\...\{515F4F84-3848-4625-8D31-AF56D6043654}) (Version: 3.0.0 - CCP Games Ltd.)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version:  - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version: 1.0 - Релиз от R.G. Steamgames)
Firefall (HKLM-x32\...\Steam App 227700) (Version:  - Red 5 Studios)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.1.0.11 - GOG.com)
Geeks3D FurMark 1.14.1 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version:  - JBridge)
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LuSH-101 1.1.2 (64bit) (HKLM\...\{47A8E039-235B-4512-9FE4-B5F691F25B31}) (Version: 1.1.2.0 - D16 Group Audio Software)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Max 7 (64-bit) (HKLM\...\{688B0F2E-F5C6-432C-9B75-C7575E2752C9}) (Version: 7.0.6 - Cycling '74)
Max 7 (HKLM-x32\...\{7C7CD065-6346-4034-9967-FBD6EAAB631B}) (Version: 7.0.6 - Cycling '74)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
M-Tron Pro (HKLM-x32\...\{EEE8DED0-8DCF-492A-865D-C20964420BE5}) (Version: 1.0.0.35 - GForce Software, Ltd.)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.15.0) (Version: 4.0.15.0 - Locktime Software)
NetLimiter 4 (Version: 4.0.15.0 - Locktime Software) Hidden
NVIDIA PhysX (HKLM-x32\...\{8A809006-C25A-4A3A-9DAB-94659BCDB107}) (Version: 9.10.0224 - NVIDIA Corporation)
Oddworld: Abe's Oddysee (HKLM-x32\...\Steam App 15700) (Version:  - Oddworld Inhabitants)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PlanetSide 2 (HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\DGC-PlanetSide 2) (Version: 1.0.3.191 - Daybreak Game Company)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
RIFT (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Saints Row The Third - The Full Package (HKLM-x32\...\Saints Row The Third - The Full Package_is1) (Version:  - )
Shadowgrounds (HKLM-x32\...\Steam App 2500) (Version:  - Frozenbyte)
Shadowgrounds: Survivor (HKLM-x32\...\Steam App 11200) (Version:  - Frozenbyte)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Star Citizen Launcher (HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\...\Star Citizen Launcher) (Version: 00.01.00.00 - Cloud Imperium Games)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sylenth1 v1.01.3 (HKLM-x32\...\Sylenth1_is1) (Version:  - )
Synergy (HKLM-x32\...\Synergy) (Version:  - )
System Requirements Lab Detection (HKLM-x32\...\{2A035DEB-224E-4467-B79B-A310A280B723}) (Version: 6.1.6.0 - Husdawg, LLC)
TAL-BassLine-101 (64bit) (HKLM\...\{D134E51B-5488-4B9F-BAA5-C9BB4794E1B8}) (Version: 1.3.6 - TAL - Togu Audio Line)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Terraria Xbox 360 Controller Support Mod version 2.6.5 (HKLM-x32\...\{0F588817-2079-4683-A8BA-AA7BABB1B1E3}_is1) (Version: 2.6.5 - Green Cat)
Trine (HKLM-x32\...\Steam App 35700) (Version:  - Frozenbyte)
Trine 2 - Complete Story (HKLM-x32\...\Trine 2 - Complete Story_is1) (Version:  - )
Trine 3 - Artifacts of Power (HKLM-x32\...\1431599567_is1) (Version: 2.2.0.5 - GOG.com)
UNi Xonar Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XInput GamePad Support Mod version 2.9.1 (HKLM-x32\...\{BB8DBD35-0E49-4D9F-B23B-AB3C5BB3439C}_is1) (Version: 2.9.1 - Meowmaritus)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D251CC4-6FBC-432D-9A74-DCC0320A452B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {1A52DA5B-BC7E-4A3D-91E1-E2964263C108} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {1CC35049-8135-45E4-94AE-DE2E9212C072} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {1DF5D5F9-44F2-4753-A5E5-4EB35882FCF5} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-06-01] ()
Task: {1EFC4780-E118-4ABE-BC2A-F8D3ECC83D81} - System32\Tasks\{EA1E51D4-6DC7-4D46-87FB-705B2ABAFD9D} => pcalua.exe -a C:\Users\Valence\Documents\Downloads\temp\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157\Setup.exe -d C:\Users\Valence\Documents\Downloads\temp\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157
Task: {30CC746A-F677-4C2A-9D67-68640B5C7CE1} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {3BB970FD-1392-4332-B912-07DB57C10FC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-27] (Google Inc.)
Task: {4023F9C5-9E42-414E-AB8E-9166DF1D4DF5} - System32\Tasks\{D96B6545-E90C-4346-B739-7D06A1782939} => pcalua.exe -a C:\Users\Valence\Downloads\ASIO4ALL_2_12_English.exe -d C:\Users\Valence\Downloads
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6EEC69CE-3483-4A07-97B1-3EC5C2571045} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-01-20] (AVAST Software)
Task: {7FA4A774-5F9D-470E-AA22-423DA77D013F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {842AF7B9-6420-4201-A2F9-4C7EB004DF1E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-01-16] (AVAST Software)
Task: {B533B19F-8A39-41B7-A1E0-C84E35FDA41D} - System32\Tasks\{6BBD8255-0062-4E07-9B87-9D5389CC6118} => pcalua.exe -a C:\Users\Valence\Documents\Downloads\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157\Setup.exe -d C:\Users\Valence\Documents\Downloads\D16.Phoscyon.VSTi.v1.5.7.Incl.Keygen-AiR\a-dph157\a-dph157
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E27109AD-4243-4C69-885F-F269D2E6EEC2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2015-06-01 20:19 - 2015-06-01 20:19 - 00578272 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2012-07-06 21:40 - 2012-07-06 21:40 - 00094208 _____ () C:\Ableton\VSTPlugins\JBridge\Proxy64.dll
2012-04-10 21:27 - 2012-04-10 21:27 - 00346624 _____ () C:\Ableton\VSTPlugins\JBridge\Bridger64.dll
2015-10-13 03:48 - 2012-04-10 21:27 - 00003584 _____ () C:\Ableton\VSTPlugins\MonoPoly.64.dll
2015-12-30 08:53 - 2012-04-10 21:27 - 00003584 _____ () C:\Ableton\VSTPlugins\D16\Phoscyon.64.dll
2015-10-13 03:48 - 2012-04-10 21:27 - 00003584 _____ () C:\Ableton\VSTPlugins\MDE-X.64.dll
2015-10-11 08:55 - 2015-07-27 16:55 - 10196424 _____ () C:\Ableton\Ableton\Live 9 Suite\Resources\Extensions\Index\Ableton Index.exe
2012-04-10 21:27 - 2012-04-10 21:27 - 00229888 _____ () C:\Ableton\VSTPlugins\JBridge\auxhost.exe
2016-01-16 01:35 - 2016-01-16 01:35 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-01-16 01:35 - 2016-01-16 01:35 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-18 17:51 - 2016-01-18 17:51 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011801\algo.dll
2016-01-16 01:35 - 2016-01-16 01:35 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-16 01:35 - 2016-01-16 01:35 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2016-01-26 08:06 - 2016-01-26 08:06 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16012601\algo.dll
2015-09-27 16:10 - 2015-11-10 14:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-27 16:10 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-27 16:10 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-27 16:10 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-27 16:10 - 2015-12-14 15:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-27 16:10 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-27 16:10 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-27 16:10 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-27 16:10 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-27 16:10 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-27 16:10 - 2015-12-14 15:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-09-27 16:10 - 2015-11-03 17:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2016-01-07 19:33 - 2016-01-07 19:31 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-05-18 06:43 - 2015-05-18 06:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2015-05-18 06:43 - 2015-05-18 06:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2015-05-18 06:43 - 2015-05-18 06:43 - 00218624 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2015-05-22 05:56 - 2015-05-22 05:56 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2015-05-22 06:36 - 2015-05-22 06:36 - 00649216 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2016-01-16 01:35 - 2016-01-16 01:35 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-01-18 23:15 - 2016-01-18 23:15 - 00098816 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32api.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00110080 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\pywintypes27.dll
2016-01-18 23:15 - 2016-01-18 23:15 - 00364544 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\pythoncom27.dll
2016-01-18 23:15 - 2016-01-18 23:15 - 00046080 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\_socket.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 01208320 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\_ssl.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00320512 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32com.shell.shell.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00776704 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\_hashlib.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 01176576 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\wx._core_.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00806400 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\wx._gdi_.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00816128 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\wx._windows_.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 01067008 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\wx._controls_.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00733184 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\wx._misc_.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00682496 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\pysqlite2._sqlite.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00088064 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\_ctypes.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00119808 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32file.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00108544 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32security.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00007168 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\hashobjs_ext.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00017920 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\thumbnails_ext.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00079360 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\usb_ext.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00167936 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32gui.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00018432 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32event.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00128512 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\_elementtree.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00127488 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\pyexpat.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00013824 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\common.time34.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00036864 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\_psutil_windows.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00038912 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32inet.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00525640 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\windows._lib_cacheinvalidation.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00011264 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32crypt.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00077312 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\wx._html2.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00027136 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\_multiprocessing.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00020480 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\_yappi.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00035840 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32process.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00686080 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\unicodedata.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00123392 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\wx._wizard.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00024064 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32pipe.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00010240 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\select.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00025600 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32pdh.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00017408 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32profile.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00022528 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\win32ts.pyd
2016-01-18 23:15 - 2016-01-18 23:15 - 00078848 _____ () C:\Users\Valence\AppData\Local\Temp\_MEI17522\wx._animate.pyd
2015-09-27 16:10 - 2015-11-16 19:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-01-14 19:24 - 2016-01-12 11:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-14 19:24 - 2016-01-12 11:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
2015-09-27 16:10 - 2015-09-24 18:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-01-19 18:18 - 2016-01-19 14:06 - 16792256 _____ () C:\Users\Valence\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.286\pepflashplayer.dll
2013-12-12 21:47 - 2013-12-12 21:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3305886847-3635493196-2145276194-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Valence^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AMD Catalyst Control Center.lnk => C:\Windows\pss\AMD Catalyst Control Center.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Valence^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^qBittorrent.lnk => C:\Windows\pss\qBittorrent.lnk.Startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{3916B7FE-21AF-4D99-ADC8-D4BFC076F16F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FF1A65AA-A920-411A-B873-3ED55CF1C0FD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D960EBC2-2D92-4D50-BC77-D6AF4E6F8885}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{59EEAC1A-7295-4CCB-AD6E-8381D6B641FE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{C18033B8-2C44-4FFD-BFBB-76F8BBE14B25}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [UDP Query User{3022E69A-ED26-4C59-BE66-3FCBD4840228}C:\program files\cloud imperium games\patcher\cigpatcher.exe] => (Allow) C:\program files\cloud imperium games\patcher\cigpatcher.exe
FirewallRules: [{15D63FE2-B636-4C75-AFAD-14A97C1013E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgrounds\Shadowgrounds.exe
FirewallRules: [{B0F51462-F418-4191-8524-A57B78380336}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgrounds\Shadowgrounds.exe
FirewallRules: [{FA60BF6A-CEC4-4FD9-BB38-366118D8652D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgrounds\ShadowgroundsLauncher.exe
FirewallRules: [{0F4309B1-4BD7-46F3-81F3-F822692291D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgrounds\ShadowgroundsLauncher.exe
FirewallRules: [{DFFD601B-9ECC-4101-AC71-A1D73F45AACE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{05F392BD-9A88-449F-8F68-675C87473B75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{66D67439-5969-43D7-9DC4-8B40102EAF8C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{C57C53E4-DA36-460E-9A3E-C025704FD068}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{7D482EB8-FEA1-483E-AF93-069F7872C3CD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RIFT\riftpatchlive.exe
FirewallRules: [{67B0221A-47DB-4BEF-80FA-3AE753451054}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RIFT\riftpatchlive.exe
FirewallRules: [{AE73004F-BC2D-44A1-9441-617ADF9BD9D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgrounds Survivor\survivor.exe
FirewallRules: [{A13564B8-DD9C-43B5-BA7E-1B13FC337477}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgrounds Survivor\survivor.exe
FirewallRules: [{CA41AF40-669E-4F96-AF5A-4ED75420BDD3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgrounds Survivor\Shadowgrounds Survivor Launcher.exe
FirewallRules: [{D927BB9A-855E-49D9-9392-62184B03704A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shadowgrounds Survivor\Shadowgrounds Survivor Launcher.exe
FirewallRules: [{A08E3BF7-DD72-4FCD-B359-E57C54C417B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Oddysee\AbeWin.exe
FirewallRules: [{BBB566A6-91CF-4C1C-A252-AEE02BE26D8A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oddworld Abes Oddysee\AbeWin.exe
FirewallRules: [{6B5C9DEA-359A-49E0-A2A1-F3FF56A1B7F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{D82F3DCE-C844-4180-B123-70642772E7C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\swkotor\swkotor.exe
FirewallRules: [{B3484DAE-BF98-4643-B7B6-347B654FE5A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{EEEB0D62-1044-46A5-A779-82E20B3F3739}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{008E5FE3-EBF0-4CCB-BA47-F81020685BEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{AF33C558-94A0-486B-9700-6700E2E7DDE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe
FirewallRules: [{525287FC-398A-4078-AA4B-D1FBFA88280E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{50E3FBC7-B61A-4E0B-9B9F-76B623DFB157}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{81FF3857-5F55-4B5C-9C1A-20643C7F8B50}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [UDP Query User{FD3DDFC6-1161-47DC-8C31-A19772A0FF5F}C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe] => (Allow) C:\program files\cloud imperium games\starcitizen\public\bin64\starcitizen.exe
FirewallRules: [TCP Query User{F98D853C-CAAC-432F-B64E-37BCF9035D1F}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{FC459F49-2EDE-478C-8CFE-232A1FC9BE35}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [TCP Query User{1319264D-4A8D-48ED-949E-ED3CF344B5C3}C:\users\public\daybreak game company\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\daybreak game company\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{82D91B0B-27F9-416A-81F8-1EF54B299757}C:\users\public\daybreak game company\installed games\planetside 2\planetside2_x64.exe] => (Allow) C:\users\public\daybreak game company\installed games\planetside 2\planetside2_x64.exe
FirewallRules: [{6964AA29-59A3-4C09-BBD8-C3253C10C90A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{21A6DE57-F8A9-41CB-9D7B-F531ACDB50CE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{39FA544E-597B-435C-AC36-11A481920010}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{318E05CA-33AC-48C9-82E5-096B58D49E3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe
FirewallRules: [{66FAEAEF-825C-4856-9611-84877B13AABF}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{61194CF9-6366-46A2-8DC1-176172CFEAC1}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{110AF2FE-63A7-4846-B994-97AEFBA557F4}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe
FirewallRules: [UDP Query User{309A547F-5975-44CE-BC27-2F821161500C}C:\program files\cycling '74\max 7\max.exe] => (Allow) C:\program files\cycling '74\max 7\max.exe
FirewallRules: [TCP Query User{D138FAE5-34E5-4E40-B203-FD9E013E2302}B:\ableton\live 9 suite\program\ableton live 9 suite.exe] => (Block) B:\ableton\live 9 suite\program\ableton live 9 suite.exe
FirewallRules: [UDP Query User{75F685CF-EB7C-42CC-887C-4A472512318A}B:\ableton\live 9 suite\program\ableton live 9 suite.exe] => (Block) B:\ableton\live 9 suite\program\ableton live 9 suite.exe
FirewallRules: [{525B751C-2F19-4E22-A22D-E4BF34413B9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3536C9A1-96F9-44DB-AB1F-779CA4D98274}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83F62728-7D23-4918-A828-70E700F86C70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0F2F500C-C1F1-4DA6-AB89-ED0239ADB462}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{34232AF3-0EFB-4956-A338-48221B767E58}C:\users\valence\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\valence\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{B1C10E74-96DD-47B2-B765-615FA65C28F5}C:\users\valence\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\valence\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{B18BF613-3BD1-414C-B7F1-8BC60BF0F92F}C:\program files\java\jdk1.8.0_65\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_65\bin\jmc.exe
FirewallRules: [UDP Query User{4D05E12E-EE37-4E7D-8456-1B449B75C243}C:\program files\java\jdk1.8.0_65\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_65\bin\jmc.exe
FirewallRules: [{F1F61C8E-8EAC-44D5-B649-5C413924B14A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{DA45A03E-CC79-473E-B15D-09BAB687FCE6}C:\ableton\ableton\live 9 suite\program\ableton live 9 suite.exe] => (Block) C:\ableton\ableton\live 9 suite\program\ableton live 9 suite.exe
FirewallRules: [UDP Query User{5683EEF0-9F58-4701-9724-0B643248AEAD}C:\ableton\ableton\live 9 suite\program\ableton live 9 suite.exe] => (Block) C:\ableton\ableton\live 9 suite\program\ableton live 9 suite.exe
FirewallRules: [TCP Query User{E401923D-D173-4E30-8F07-0488CBA10180}C:\ableton\cycling '74 64-bit\max.exe] => (Block) C:\ableton\cycling '74 64-bit\max.exe
FirewallRules: [UDP Query User{8B4DCD03-7CBD-429D-A1DC-54AC28281886}C:\ableton\cycling '74 64-bit\max.exe] => (Block) C:\ableton\cycling '74 64-bit\max.exe
FirewallRules: [{6FDABD6D-B760-434D-BF1F-0C36D119D9EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{CD3BB6A1-D730-491C-BE62-07127F1355A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [TCP Query User{6A783D70-79B4-4EDE-9CBA-89B0609577FC}C:\program files (x86)\deep silver\saints row the third - the full package\saintsrowthethird.exe] => (Block) C:\program files (x86)\deep silver\saints row the third - the full package\saintsrowthethird.exe
FirewallRules: [UDP Query User{12FFDD96-5292-41B9-9298-36034EC802B3}C:\program files (x86)\deep silver\saints row the third - the full package\saintsrowthethird.exe] => (Block) C:\program files (x86)\deep silver\saints row the third - the full package\saintsrowthethird.exe
FirewallRules: [TCP Query User{BD58F38E-AFA9-4F76-9794-C8A4C14FF62F}C:\program files (x86)\deep silver\saints row the third - the full package\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\deep silver\saints row the third - the full package\saintsrowthethird_dx11.exe
FirewallRules: [UDP Query User{F83354B2-B9A2-44F9-A872-E5F31333DCDE}C:\program files (x86)\deep silver\saints row the third - the full package\saintsrowthethird_dx11.exe] => (Block) C:\program files (x86)\deep silver\saints row the third - the full package\saintsrowthethird_dx11.exe
FirewallRules: [{89B34B7D-C1C8-4113-99B5-5F5359FFD32E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{23A85DD7-6C4B-4EBC-98EB-68CA61DC012E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{249D1BEC-0D72-4756-AEBA-15ABBE303DDA}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [UDP Query User{71ACE415-9109-4070-B255-DAE213F922D8}C:\program files (x86)\ccp\eve\bin\exefile.exe] => (Allow) C:\program files (x86)\ccp\eve\bin\exefile.exe
FirewallRules: [TCP Query User{E06C3C09-BB63-4DE6-A007-2EE81B83FAFD}C:\program files (x86)\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{0B77C513-0F03-4E4E-8E5E-027975354026}C:\program files (x86)\grand theft auto v\gta5.exe] => (Block) C:\program files (x86)\grand theft auto v\gta5.exe
FirewallRules: [{1BF49523-BB6A-444E-9662-5087CA7AE9E1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BFF6AC29-D20B-4A4F-8A7E-469AA2F0A3EB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{BE74669C-107D-4AAB-B62A-F8D855B64EAF}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{1625BB73-FC58-4737-AFD9-965B712F8575}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{5D5D45DA-A319-4E4A-A487-068664CF0479}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{6A47A8FA-D48B-49B8-8A8D-260973D212FC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{24F1305E-8753-41DB-96D7-3A07B91D50C0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4DF16191-3884-4854-8493-1FAD81EF7822}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{5DD37C8C-E10A-46AA-B3F0-47B71B68A426}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{CDE7B913-07BD-4666-BB43-521A17800DB6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2015B703-D404-464E-A971-46970BC0076A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{AFDE0941-1E52-45C4-A8C6-EBFA4EA6DA0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{4C0ECCA8-27FD-409C-8D6F-2D652B6D07BA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{67C5D099-9814-4321-A63E-C117A914F17F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{FEB13D96-1702-4BD7-B2D0-0207F1AD0906}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{DB1F1DC3-FC6A-4E0F-BA86-DD4136592206}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{A518BBEA-E6EA-4F23-9BEC-076B029AD042}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{E015F453-6DCF-4DE2-8AC9-DEA408E239F5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{C4C2A3AB-CFD4-4726-8386-AFB44C7DC8E0}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{69BDFAC8-992B-4895-948E-48A35BACA947}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
 
==================== Restore Points =========================
 
17-01-2016 08:30:39 Scheduled Checkpoint
18-01-2016 22:36:32 Windows Modules Installer
25-01-2016 21:12:29 Windows Modules Installer
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/22/2016 04:25:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Ableton Live 9 Suite.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1990
 
Start Time: 01d154f18d9c1971
 
Termination Time: 6
 
Application Path: C:\Ableton\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
 
Report Id: 02a10574-c0ea-11e5-9b86-40167ee87178
 
Error: (01/17/2016 03:02:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Ableton Live 9 Suite.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 208c
 
Start Time: 01d150fc10910b5e
 
Termination Time: 9
 
Application Path: C:\Ableton\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe
 
Report Id: a9b98aaf-bcf0-11e5-b008-40167ee87178
 
Error: (01/16/2016 03:28:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.2.1.0, time stamp: 0x00000004
Faulting module name: libqt4_plugin.dll, version: 2.2.1.0, time stamp: 0x00020002
Exception code: 0x40000015
Fault offset: 0x007ca10a
Faulting process id: 0x1844
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
 
Error: (01/16/2016 01:02:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1498
 
Start Time: 01d14f1b0551506e
 
Termination Time: 6101
 
Application Path: UNKNOWN
 
Report Id: 9e0cbafd-bc16-11e5-82e9-40167ee87178
 
Error: (01/15/2016 07:23:23 AM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (3604) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.
 
Error: (01/15/2016 07:23:23 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3604) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (01/15/2016 04:14:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x55b651b3
Faulting module name: ntdll.dll, version: 6.1.7601.19110, time stamp: 0x568429e5
Exception code: 0xc0000374
Fault offset: 0x00000000000bffc2
Faulting process id: 0x1b7c
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
 
Error: (01/14/2016 07:03:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winamp.exe, version: 5.6.6.3516, time stamp: 0x52aa753e
Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp: 0x4dace5b9
Exception code: 0xc0000417
Fault offset: 0x00066812
Faulting process id: 0x1e94
Faulting application start time: 0xwinamp.exe0
Faulting application path: winamp.exe1
Faulting module path: winamp.exe2
Report Id: winamp.exe3
 
Error: (01/14/2016 05:29:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: auxhost.exe, version: 0.0.0.0, time stamp: 0x4f84ec04
Faulting module name: Polysix.dll_unloaded, version: 0.0.0.0, time stamp: 0x4ce084e2
Exception code: 0xc0000005
Fault offset: 0x1003b1fa
Faulting process id: 0x1ea4
Faulting application start time: 0xauxhost.exe0
Faulting application path: auxhost.exe1
Faulting module path: auxhost.exe2
Report Id: auxhost.exe3
 
Error: (01/14/2016 05:28:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ableton Live 9 Suite.exe, version: 1.0.0.1, time stamp: 0x55b651b3
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000374
Fault offset: 0x00000000000bffc2
Faulting process id: 0x75c
Faulting application start time: 0xAbleton Live 9 Suite.exe0
Faulting application path: Ableton Live 9 Suite.exe1
Faulting module path: Ableton Live 9 Suite.exe2
Report Id: Ableton Live 9 Suite.exe3
 
 
System errors:
=============
Error: (01/18/2016 11:14:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.
 
Error: (01/18/2016 11:12:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/18/2016 11:11:48 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: CBS Client initialization failed. Last error: 0x80080005
 
Error: (01/18/2016 11:11:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (01/18/2016 11:10:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VBoxAsw Support Driver service failed to start due to the following error: 
%%3
 
Error: (01/18/2016 11:10:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetLimiter 4 Service service failed to start due to the following error: 
%%1053
 
Error: (01/18/2016 11:10:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the NetLimiter 4 Service service to connect.
 
Error: (01/18/2016 11:09:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:58:05 PM on ‎1/‎18/‎2016 was unexpected.
 
Error: (01/18/2016 03:24:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.
 
Error: (01/17/2016 08:31:54 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgsvc service.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 965 Processor
Percentage of memory in use: 38%
Total physical RAM: 20393.48 MB
Available physical RAM: 12517.93 MB
Total Virtual: 40785.18 MB
Available Virtual: 32004.28 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:195.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000644B4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 26 January 2016 - 03:23 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\8c800c5a-63ab-4650-9a70-6527aa698c26.exe [168336 2016-01-21] (AVAST Software)
Startup: C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr - Shortcut.lnk [2015-09-27]
ShortcutTarget: taskmgr - Shortcut.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)
CHR Extension: (Avast Online Security) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-16]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
R3 cpuz138; C:\Users\Valence\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-01-25] (CPUID)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#11 Lagmastac

Lagmastac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 28 January 2016 - 04:28 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Valence (2016-01-28 15:42:00) Run:4
Running from C:\Users\Valence\Downloads\frst
Loaded Profiles: Valence (Available Profiles: Valence & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\8c800c5a-63ab-4650-9a70-6527aa698c26.exe [168336 2016-01-21] (AVAST Software)
Startup: C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr - Shortcut.lnk [2015-09-27]
ShortcutTarget: taskmgr - Shortcut.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)
CHR Extension: (Avast Online Security) - C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-01-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-16]
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
R3 cpuz138; C:\Users\Valence\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-01-25] (CPUID)
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\20150107 => value not found.
C:\Users\Valence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr - Shortcut.lnk => moved successfully
C:\Windows\System32\taskmgr.exe => moved successfully
C:\Users\Valence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
AvastVBoxSvc => service could not remove
cpuz138 => service removed successfully
VBoxAswDrv => service could not remove
EmptyTemp: => 3.2 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-28 15:47:04)
 
"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 15:47:04 ====
 
The computer seems to be running okay for now, but the problem seems to be intermittent so I'll update this in a day or two.


#12 Lagmastac

Lagmastac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 29 January 2016 - 09:09 PM

For now the computer seems to be okay, I haven't had any weird stuttering issues. I do have another secondary problem that came up after I ran FRST and rebooted - taskmgr.exe is missing from System32. I (expectedly) can't start it with ctrl-alt-del either.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 30 January 2016 - 08:32 AM


Check to see if the file is in the System32 folder.
C:\Windows\System32\taskmgr.exe

It may be Hidden.
Unhide files/folders Windows 7.
How To:
http://windows.microsoft.com/en-ca/windows/show-hidden-files#show-hidden-files=windows-7
===

If not execute this.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start
CloseProcesses:
cmd: sfc /scanfile=C:\Windows\system32\taskmgr.exe

end
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Keep me posted.

#14 Lagmastac

Lagmastac
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:49 PM

Posted 06 February 2016 - 12:39 AM

I'm really sorry for taking so long to reply to this. The internet has been fine since you helped me out, I've had no stuttering issues and task manager is back (although I still have no idea what deleted it in the first place). Thank you so much for your help, the computer is running very smoothly now.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 PM

Posted 06 February 2016 - 08:45 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little
guide best security practices keep safe. http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users