Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Everything in Programfiles(x86) gone


  • Please log in to reply
10 replies to this topic

#1 King_Geedorah

King_Geedorah

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 13 March 2016 - 09:13 AM

Hi there,

 

I'm hoping somebody on this forum can give me a sanity check.  A couple of days ago I had what I'm 99% sure was Java pop up from my task bar asking for an update while I was making some music.  I was distracted at the time but the update was definitely legit (or at least it was coming from an already installed app on my Laptop rather than from an online popup) and I allowed it to update while I carried on with what I was doing.  A little while later I went to open a program only to find that it was gone.  Long story short, I then went on to discover that my D: drive was 700gb lighter and that everything that had been in the program files(x86) folder on that drive was now gone.

 

After a bit of research on google and in forums like this one I decided that it sounded like I'd contracted the java.blacole virus and that it had wiped my program files (x86) folder.  First thing I did was delete Java.  Over the past few days I've backed up as much as I can from the laptop and run a ridiculous number of security programs in an attempt to find and kill the virus (Avast, Malware Bytes ESET Online, MSE, Spybot, aswMBR, TDDSKiller, Roguekiller, MSE Offline and probably more). I simply cannot find the virus, and I'm hoping that's because I managed to kill it by deleting Java immediately.    I know the simple answer to this is that I should re-format the laptop to be 100% sure the virus is gone but I really don't want to do that, it's set up just how I like it and fortunately a lot of the apps I use to work on were in the program files folder and are thus ok, I've mainly lost games which are easily reinstalled. 

 

I'm hoping somebody here can tell me if I've missed something crucial to making sure the virus is gone, or if I was even on the right lines in the first place by thinking it was this particular virus.  I've heard that the exploit can be used for a number of things including key logging and stealing financial data so I really want to be as sure as I can be that it is gone, though I'm hoping that this particular strain was just a malicious one made to delete the infected's programs rather than one to steal data.

 

Thanks in advance! 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 AM

Posted 14 March 2016 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Did you check to see if you still have a good Restore point.
Any dates prior to start of your problem should be good enough to restore.

====

Let see what else remains to be removed.


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please post the logs

#3 King_Geedorah

King_Geedorah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 14 March 2016 - 10:34 AM

Thank for coming back man. I actually didn't have a decent restore point, and a lot of the stuff I had read about the virus I think I have/had was to actually delete your restore point... Either way for some silly reason my restore points weren't switched on anyway so it's not an option unfortunately.

 

I've run the program you've asked me to, thanks again for your support:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Luke (administrator) on LAPTOP (14-03-2016 14:59:17)
Running from C:\Users\Luke\Downloads
Loaded Profiles: Luke (Available Profiles: Luke)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) D:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Cambridge Silicon Radio Limited) D:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe
(Cambridge Silicon Radio Limited) D:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Avast Software) D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Cambridge Silicon Radio Limited) D:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Cambridge Silicon Radio Limited) D:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Cambridge Silicon Radio Limited) C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\HarmonyHFPSkypePlugin.exe
(Cambridge Silicon Radio Limited) D:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Unified Intents AB) D:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\avastui.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Elaborate Bytes AG) D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) D:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Luke\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Luke\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Luke\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4689072 2013-12-16] (VIA)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2777840 2013-08-14] (Synaptics Incorporated)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [vksts] => D:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe [168552 2011-05-26] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyUserStartup] => D:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe [37504 2011-05-26] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [HarmonyHFPSkypePlugin] => C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\HarmonyHFPSkypePlugin.exe [147080 2011-05-26] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [TrayApplication] => D:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe [619136 2011-05-26] (Cambridge Silicon Radio Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-27] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => d:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => d:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2146068824-933803117-2314476848-1001\...\Run: [DS3 Tool] => D:\Program Files (x86)\MotionInJoy\DS3_Tool.exe -mini
HKU\S-1-5-21-2146068824-933803117-2314476848-1001\...\Run: [AirDroid 3] => D:\Program Files (x86)\AirDroid\AirDroid.exe /start
HKU\S-1-5-21-2146068824-933803117-2314476848-1001\...\Run: [Unified Remote V3] => D:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4327632 2015-11-11] (Unified Intents AB)
HKU\S-1-5-21-2146068824-933803117-2314476848-1001\...\Run: [Google Update] => C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-14] (Google Inc.)
HKU\S-1-5-21-2146068824-933803117-2314476848-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2146068824-933803117-2314476848-1001\...\Run: [Steam] => d:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-2146068824-933803117-2314476848-1001\...\MountPoints2: {160a88f6-bda5-11e4-977b-80fa5b002895} - F:\setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177416 2015-10-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155976 2015-10-03] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => d:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-08] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk [2014-09-17]
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5DEA2C4F-42F6-4AD9-BEB5-48EFB8E65526}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AFAF44E4-A019-4FC9-9EDE-68A76916BE9E}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> d:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-10-08] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-06-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-06-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> d:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2146068824-933803117-2314476848-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2146068824-933803117-2314476848-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - d:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - d:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
 
Chrome: 
=======
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Rapport) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Play Music) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-03-10]
CHR Extension: (Google Sheets) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-12]
CHR Extension: (Avast Online Security) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-19]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKU\S-1-5-21-2146068824-933803117-2314476848-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - d:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; d:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; d:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-08] (AVAST Software)
R3 AvastVBoxSvc; d:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-10-08] (Avast Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-04] ()
R2 CsrBtOBEXService; D:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe [581248 2011-05-26] (Cambridge Silicon Radio Limited)
R2 CsrBtService; D:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe [548472 2011-05-26] (Cambridge Silicon Radio Limited)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-06-24] (Intel Corporation)
S2 MBAMService; d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-06-18] ()
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-03-09] (Native Instruments GmbH) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-03-12] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-11-12] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-20] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [46592 2013-05-30] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-03-03] (IBM Corp.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] ()
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4250624 2014-06-09] (A-Volute) [File not signed]
R2 SDScannerService; d:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; d:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; d:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816656 2014-06-18] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-08] (AVAST Software)
R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87864 2014-05-19] (Motorola Solutions, Inc.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [154112 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.) [File not signed]
S3 cpuz138; C:\Users\Luke\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-03-13] (CPUID)
S3 CsrBtPort; C:\Windows\System32\DRIVERS\CsrBtPort.sys [2060400 2011-04-21] (Cambridge Silicon Radio Limited)
S3 csrusb; C:\Windows\System32\Drivers\csrusb.sys [50792 2011-04-21] (Cambridge Silicon Radio Limited)
S3 dc21x4vm; C:\Windows\System32\DRIVERS\dc21x4vm.sys [57344 2009-06-10] (Microsoft Corp.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HDJMidi; C:\Windows\System32\DRIVERS\HDJMidi.sys [144896 2009-10-02] (© Guillemot R&D, 2009. All rights reserved.) [File not signed]
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-04-03] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-09] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [125952 2014-06-24] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-10-08] (AVAST Software)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R1 RapportCerberus_1507082; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507082.sys [972896 2016-03-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [514336 2016-03-03] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [152320 2016-03-03] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [407168 2016-03-03] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [507424 2016-03-03] (IBM Corp.)
S3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [585944 2015-01-19] (Realtek Semiconductor Corporation)
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)
S3 RwDrv; C:\Windows\SysWOW64\Drivers\RwDrv.sys [22312 2016-03-12] () [File not signed]
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows ® Win 7 DDK provider)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
S3 SaiK1703; C:\Windows\System32\DRIVERS\SaiK1703.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiU1703; C:\Windows\System32\DRIVERS\SaiU1703.sys [47168 2012-09-20] (Saitek)
R1 SASDIFSV; d:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; d:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2013-08-14] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-03-10] ()
R3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [25592 2015-11-11] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; d:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-10-08] (Avast Software)
R3 VMfilt; C:\Windows\System32\drivers\VMfilt64.sys [33456 2013-12-16] (Creative Technology Ltd.)
S3 aswVmm; \??\C:\Users\Luke\AppData\Local\Temp\aswVmm.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RTCore64; \??\D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-14 14:59 - 2016-03-14 14:59 - 00028369 _____ C:\Users\Luke\Downloads\FRST.txt
2016-03-14 14:56 - 2016-03-14 14:59 - 00000000 ____D C:\FRST
2016-03-14 14:55 - 2016-03-14 14:55 - 02374144 _____ (Farbar) C:\Users\Luke\Downloads\FRST64.exe
2016-03-13 15:29 - 2016-03-13 15:29 - 21437144 _____ (Dell, Inc.) C:\Users\Luke\Downloads\DRVR_WIN_R278544.EXE
2016-03-13 13:16 - 2016-03-13 13:16 - 00000000 ____D C:\Users\Luke\AppData\Local\VS Revo Group
2016-03-13 13:15 - 2016-03-13 13:15 - 00000899 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-03-13 13:15 - 2016-03-13 13:15 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-03-13 13:15 - 2016-03-13 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-03-13 13:15 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-03-13 13:06 - 2016-03-13 13:06 - 11199448 _____ (VS Revo Group ) C:\Users\Luke\Downloads\RevoUninProSetup.exe
2016-03-12 21:36 - 2016-03-12 21:36 - 02870984 _____ (ESET) C:\Users\Luke\Downloads\esetsmartinstaller_enu.exe
2016-03-12 20:35 - 2016-03-12 21:25 - 00289232 _____ C:\Windows\ntbtlog.txt
2016-03-12 19:49 - 2016-03-12 19:49 - 05198336 _____ (AVAST Software) C:\Users\Luke\Downloads\aswMBR.exe
2016-03-12 19:48 - 2016-03-12 19:55 - 00488414 _____ C:\TDSSKiller.3.1.0.9_12.03.2016_19.48.49_log.txt
2016-03-12 19:48 - 2016-03-12 19:48 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Luke\Downloads\tdsskiller.exe
2016-03-12 19:26 - 2016-02-23 17:23 - 00000512 _____ C:\Users\Luke\Documents\Convo With Hugo.txt
2016-03-12 19:26 - 2016-02-11 23:34 - 00000013 _____ C:\Users\Luke\Documents\homegroup pw.txt
2016-03-12 19:26 - 2016-01-04 17:21 - 00001224 _____ C:\Users\Luke\Documents\Insurance Claim.txt
2016-03-12 18:08 - 2016-03-14 14:56 - 00000000 ____D C:\Users\Luke\AppData\LocalLow\uTorrent
2016-03-12 15:04 - 2016-03-12 15:04 - 00022312 _____ C:\Windows\SysWOW64\Drivers\RwDrv.sys
2016-03-12 14:15 - 2016-03-12 14:15 - 24210616 _____ (Audacity Team ) C:\Users\Luke\Downloads\audacity-win-2.1.0 (1).exe
2016-03-12 13:48 - 2016-03-12 13:48 - 00000000 ____D C:\Windows\pss
2016-03-12 13:48 - 2016-03-12 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Westwood Online
2016-03-12 13:48 - 2016-03-12 13:48 - 00000000 ____D C:\Program Files (x86)\WestwoodOnline
2016-03-12 13:07 - 2016-03-12 13:09 - 02950200 _____ (Blizzard Entertainment) C:\Users\Luke\Downloads\Battle.net-Setup.exe
2016-03-12 12:44 - 2016-03-12 12:45 - 31334856 _____ (Electronic Arts, Inc.) C:\Users\Luke\Downloads\OriginThinSetup.exe
2016-03-11 21:24 - 2016-03-11 21:24 - 00000000 ____D C:\Windows\Microsoft Antimalware
2016-03-11 12:39 - 2016-03-11 12:39 - 00000000 ____D C:\Users\Luke\Downloads\JavaRa-2.6.1
2016-03-11 12:38 - 2016-03-11 12:38 - 00184620 _____ C:\Users\Luke\Downloads\JavaRa-2.6.1.zip
2016-03-11 00:38 - 2016-03-11 00:38 - 00886256 _____ (Microsoft Corporation) C:\Users\Luke\Downloads\mssstool64.exe
2016-03-10 17:30 - 2016-03-10 17:30 - 00000000 ____D C:\Users\Luke\Documents\Shadow Warrior DX11
2016-03-10 17:22 - 2016-03-10 17:22 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-10 17:21 - 2016-03-10 20:00 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-10 17:20 - 2016-03-10 17:21 - 19476552 _____ C:\Users\Luke\Downloads\RogueKiller.exe
2016-03-10 17:10 - 2016-03-10 17:10 - 01812264 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Luke\Downloads\GPU-Z.0.8.7.exe
2016-03-10 17:07 - 2015-11-11 10:31 - 00025592 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\uvhid.sys
2016-03-10 17:07 - 2015-11-11 10:31 - 00007680 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2016-03-10 17:06 - 2016-03-10 17:06 - 23553608 _____ (Unified Intents AB ) C:\Users\Luke\Downloads\ServerSetup-3-3-4-889.exe
2016-03-10 17:05 - 2016-03-10 17:05 - 00002990 _____ C:\Windows\System32\Tasks\elbyExecuteWithUAC
2016-03-10 17:03 - 2016-03-10 17:03 - 01710680 _____ C:\Users\Luke\Downloads\SetupVCD5500.exe
2016-03-10 17:01 - 2016-03-10 17:02 - 10328598 _____ (Nullsoft, Inc.) C:\Users\Luke\Downloads\winamp5666_full_en-us_redux.exe
2016-03-10 16:48 - 2016-03-10 16:49 - 30510920 _____ C:\Users\Luke\Downloads\vlc-2.2.2-win32.exe
2016-03-10 16:06 - 2016-03-10 16:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-10 16:04 - 2016-03-12 19:24 - 00000000 ____D C:\ProgramData\SecTaskMan
2016-03-10 16:04 - 2016-03-10 16:04 - 00000827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2016-03-10 16:04 - 2016-03-10 16:04 - 00000826 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2016-03-10 16:03 - 2016-03-10 16:03 - 02828328 _____ C:\Users\Luke\Downloads\SecurityTaskManager_Setup.exe
2016-03-10 16:00 - 2016-03-10 16:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-10 16:00 - 2016-03-10 16:00 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-10 16:00 - 2016-03-10 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-10 16:00 - 2016-03-10 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-03-10 16:00 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-03-10 15:52 - 2016-03-10 15:54 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Luke\Downloads\spybot-2.4.exe
2016-03-10 15:51 - 2016-03-10 15:55 - 96369872 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Luke\Downloads\Evernote_5.9.6.9494.exe
2016-03-10 15:38 - 2016-03-10 15:38 - 00388608 _____ (Trend Micro Inc.) C:\Users\Luke\Downloads\HijackThis.exe
2016-03-10 12:55 - 2016-03-10 12:55 - 24950928 _____ (SUPERAntiSpyware) C:\Users\Luke\Downloads\SUPERAntiSpyware.exe
2016-03-10 12:55 - 2016-03-10 12:55 - 00000000 ____D C:\Users\Luke\AppData\Roaming\SUPERAntiSpyware.com
2016-03-10 12:55 - 2016-03-10 12:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-03-10 12:55 - 2016-03-10 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-03-09 22:06 - 2016-03-10 23:13 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-03-09 22:06 - 2016-03-10 23:13 - 00001945 _____ C:\Windows\epplauncher.mif
2016-03-09 22:06 - 2016-03-10 23:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-03-09 22:06 - 2016-03-10 23:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-03-09 22:05 - 2016-03-09 22:06 - 14243008 _____ (Microsoft Corporation) C:\Users\Luke\Downloads\mseinstall.exe
2016-03-09 21:54 - 2016-03-09 21:54 - 01380712 _____ C:\Users\Luke\Downloads\SteamSetup.exe
2016-03-09 21:49 - 2016-03-09 21:49 - 22908888 _____ (Malwarebytes ) C:\Users\Luke\Downloads\mbam-setup-2.2.0.1024.exe
2016-03-09 20:04 - 2016-03-09 20:04 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Sun
2016-03-09 20:04 - 2016-03-09 20:04 - 00000000 ____D C:\Users\Luke\.oracle_jre_usage
2016-03-09 20:03 - 2016-03-09 20:03 - 00000000 ____D C:\Users\Luke\AppData\LocalLow\Oracle
2016-03-09 12:08 - 2016-02-12 18:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 12:08 - 2016-02-12 18:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 12:08 - 2016-02-12 18:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 12:08 - 2016-02-12 18:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 12:08 - 2016-02-12 18:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 12:08 - 2016-02-12 18:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 12:08 - 2016-02-12 18:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 12:08 - 2016-02-12 18:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 12:08 - 2016-02-12 18:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 12:08 - 2016-02-12 18:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 12:08 - 2016-02-12 18:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 12:08 - 2016-02-12 18:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 12:08 - 2016-02-12 18:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 12:08 - 2016-02-12 18:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 12:08 - 2016-02-12 18:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 12:08 - 2016-02-12 18:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 12:08 - 2016-02-04 17:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 12:08 - 2015-11-19 14:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 12:08 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-09 12:07 - 2016-01-11 19:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 12:06 - 2016-02-09 06:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 12:06 - 2016-02-09 06:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 12:06 - 2016-02-08 21:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 12:06 - 2016-02-08 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 12:06 - 2016-02-08 20:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 12:06 - 2016-02-08 20:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 12:06 - 2016-02-08 20:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 12:06 - 2016-02-08 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 12:06 - 2016-02-08 20:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 12:06 - 2016-02-08 20:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 12:06 - 2016-02-08 20:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 12:06 - 2016-02-08 20:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 12:06 - 2016-02-08 20:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 12:06 - 2016-02-08 20:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 12:06 - 2016-02-08 20:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 12:06 - 2016-02-08 20:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 12:06 - 2016-02-08 20:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 12:06 - 2016-02-08 20:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 12:06 - 2016-02-08 20:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 12:06 - 2016-02-08 20:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 12:06 - 2016-02-08 20:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 12:06 - 2016-02-08 20:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 12:06 - 2016-02-08 20:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 12:06 - 2016-02-08 20:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 12:06 - 2016-02-08 20:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 12:06 - 2016-02-08 20:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 12:06 - 2016-02-08 20:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 12:06 - 2016-02-08 20:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 12:06 - 2016-02-08 20:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 12:06 - 2016-02-08 20:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 12:06 - 2016-02-08 19:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 12:06 - 2016-02-08 19:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 12:06 - 2016-02-08 19:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 12:06 - 2016-02-08 18:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 12:06 - 2016-02-08 18:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 12:06 - 2016-02-08 18:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 12:06 - 2016-02-08 18:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 12:06 - 2016-02-08 18:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 12:06 - 2016-02-08 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 12:06 - 2016-02-08 18:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 12:06 - 2016-02-08 18:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 12:06 - 2016-02-08 18:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 12:06 - 2016-02-08 18:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 12:06 - 2016-02-08 18:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 12:06 - 2016-02-08 18:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 12:06 - 2016-02-08 18:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 12:06 - 2016-02-08 18:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 12:06 - 2016-02-08 18:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 12:06 - 2016-02-08 18:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 12:06 - 2016-02-08 18:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 12:06 - 2016-02-08 18:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 12:06 - 2016-02-08 17:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 12:06 - 2016-02-08 17:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 12:06 - 2016-02-08 17:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 12:06 - 2016-02-08 17:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 12:06 - 2016-02-08 17:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 12:06 - 2016-02-08 17:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 12:06 - 2016-02-08 17:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 12:06 - 2016-02-08 17:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 12:06 - 2016-02-08 17:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 12:06 - 2016-02-08 17:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 12:06 - 2016-02-08 17:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 12:06 - 2016-02-08 17:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 12:06 - 2016-02-08 17:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 12:06 - 2016-02-08 17:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 12:06 - 2016-02-08 16:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 12:06 - 2016-02-03 18:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 12:06 - 2016-02-03 18:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 12:06 - 2016-02-03 18:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 12:06 - 2016-02-03 18:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 12:06 - 2016-02-03 18:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 12:03 - 2016-02-11 18:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 12:03 - 2016-02-11 18:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 12:03 - 2016-02-11 18:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 12:03 - 2016-02-11 18:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 12:03 - 2016-02-11 18:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 12:03 - 2016-02-11 18:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 12:03 - 2016-02-11 18:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 12:03 - 2016-02-11 18:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 12:03 - 2016-02-11 18:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 12:03 - 2016-02-11 18:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 12:03 - 2016-02-11 18:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 12:03 - 2016-02-11 18:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 12:03 - 2016-02-11 18:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 12:03 - 2016-02-11 18:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 12:03 - 2016-02-11 18:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 12:03 - 2016-02-11 18:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 12:03 - 2016-02-11 18:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 12:03 - 2016-02-11 18:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 12:03 - 2016-02-11 18:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 12:03 - 2016-02-11 18:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 12:03 - 2016-02-11 18:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 12:03 - 2016-02-11 18:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 12:03 - 2016-02-11 18:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 12:03 - 2016-02-11 18:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 12:03 - 2016-02-11 18:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 12:03 - 2016-02-11 18:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 12:03 - 2016-02-11 18:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 12:03 - 2016-02-11 18:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 12:03 - 2016-02-11 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 12:03 - 2016-02-11 18:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 12:03 - 2016-02-11 18:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 12:03 - 2016-02-11 18:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 12:03 - 2016-02-11 18:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 12:03 - 2016-02-11 18:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 12:03 - 2016-02-11 18:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 12:03 - 2016-02-11 18:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 12:03 - 2016-02-11 18:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 12:03 - 2016-02-11 18:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 12:03 - 2016-02-11 18:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 12:03 - 2016-02-11 18:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 12:03 - 2016-02-11 18:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 12:03 - 2016-02-11 18:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 12:03 - 2016-02-11 17:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 12:03 - 2016-02-11 17:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 12:03 - 2016-02-11 17:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 12:03 - 2016-02-11 17:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 12:03 - 2016-02-11 17:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 12:03 - 2016-02-11 17:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 12:03 - 2016-02-11 17:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 12:03 - 2016-02-11 17:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 12:03 - 2016-02-11 17:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 12:03 - 2016-02-11 17:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 12:03 - 2016-02-11 17:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 12:03 - 2016-02-11 17:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 12:02 - 2016-02-11 18:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 12:02 - 2016-02-11 18:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 12:02 - 2016-02-11 18:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 12:02 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 12:02 - 2016-02-11 18:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 12:02 - 2016-02-11 18:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 12:02 - 2016-02-11 18:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 12:02 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 17:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 12:02 - 2016-02-11 17:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 12:02 - 2016-02-11 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 12:02 - 2016-02-11 17:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 12:02 - 2016-02-11 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 12:01 - 2016-02-05 01:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 12:01 - 2016-02-04 18:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 12:00 - 2016-02-19 19:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 12:00 - 2016-02-19 18:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 12:00 - 2016-02-19 14:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 12:00 - 2016-02-11 14:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 12:00 - 2016-02-09 09:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 12:00 - 2016-02-09 09:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 12:00 - 2016-02-09 09:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 12:00 - 2016-02-09 09:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 12:00 - 2016-02-09 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 12:00 - 2016-02-09 09:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 12:00 - 2016-02-09 09:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 12:00 - 2016-02-09 09:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 12:00 - 2016-02-09 09:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 12:00 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 12:00 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 12:00 - 2016-02-05 18:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 12:00 - 2016-02-05 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 12:00 - 2016-02-05 18:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 12:00 - 2016-02-05 18:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 12:00 - 2016-02-05 18:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 12:00 - 2016-02-05 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 12:00 - 2016-02-05 18:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 12:00 - 2016-02-05 17:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 12:00 - 2016-02-05 17:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 12:00 - 2016-02-05 17:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 12:00 - 2016-02-05 14:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 12:00 - 2016-02-05 14:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 12:00 - 2016-02-05 14:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-01 20:38 - 2016-03-01 20:39 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-02-24 15:08 - 2016-02-24 15:08 - 01105797 _____ C:\Users\Luke\Downloads\grades comp web.pdf
2016-02-20 13:01 - 2016-02-20 13:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-20 13:01 - 2016-02-20 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-19 15:03 - 2016-02-19 15:42 - 00000000 ____D C:\Users\Luke\AppData\Roaming\webex
2016-02-19 15:03 - 2016-02-19 15:03 - 00708272 _____ (Cisco WebEx LLC) C:\Users\Luke\Downloads\Cisco_WebEx_Add-On.exe
2016-02-19 15:03 - 2016-02-19 15:03 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Mozilla
2016-02-19 15:03 - 2016-02-19 15:03 - 00000000 ____D C:\Users\Luke\AppData\LocalLow\WebEx
2016-02-19 15:03 - 2016-02-19 15:03 - 00000000 ____D C:\Users\Luke\AppData\Local\WebEx
2016-02-19 15:03 - 2016-02-19 15:03 - 00000000 ____D C:\ProgramData\WebEx
2016-02-19 14:18 - 2016-02-19 14:18 - 07893472 _____ C:\Users\Luke\Downloads\Hello from Vietnam (1).zip
2016-02-19 14:17 - 2016-02-19 14:18 - 07893472 _____ C:\Users\Luke\Downloads\Hello from Vietnam.zip
2016-02-18 13:43 - 2016-02-18 13:43 - 04863023 _____ C:\Users\Luke\Downloads\wb0.9.311007_INSTALLER (1).zip
2016-02-18 13:41 - 2016-02-18 13:41 - 00000000 ____D C:\Windows\Downloaded Installations
2016-02-18 13:40 - 2016-02-18 13:40 - 04863023 _____ C:\Users\Luke\Downloads\Unconfirmed 894077.crdownload
2016-02-18 13:39 - 2016-02-18 13:39 - 04863023 _____ C:\Users\Luke\Downloads\wb0.9.311007_INSTALLER.zip
2016-02-13 14:30 - 2016-03-12 20:00 - 00308224 ___SH C:\Users\Luke\Downloads\Thumbs.db
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-14 15:00 - 2014-11-10 18:25 - 00000000 ____D C:\Users\Luke\AppData\Roaming\uTorrent
2016-03-14 14:59 - 2014-09-20 23:52 - 00000000 _____ C:\Windows\system32\RzMaelstromVADAudioDeviceManager_log.txt
2016-03-14 14:41 - 2015-08-20 15:44 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-14 14:29 - 2015-05-14 03:29 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2146068824-933803117-2314476848-1001UA.job
2016-03-14 14:29 - 2015-05-14 03:29 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2146068824-933803117-2314476848-1001Core.job
2016-03-14 13:41 - 2015-08-20 15:44 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 12:47 - 2009-07-14 04:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-14 12:47 - 2009-07-14 04:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-14 12:39 - 2009-07-14 05:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 12:39 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-03-14 12:33 - 2014-09-19 18:01 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-03-14 12:32 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-13 22:22 - 2015-05-12 07:09 - 00000000 ____D C:\ProgramData\Unified Remote
2016-03-12 21:25 - 2015-12-24 15:03 - 00000000 ____D C:\Users\Luke\AppData\Local\CrashDumps
2016-03-12 19:28 - 2014-09-21 00:15 - 00000000 ____D C:\Users\Luke\Desktop\Games
2016-03-12 19:13 - 2015-06-30 03:51 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Audacity
2016-03-12 17:46 - 2016-02-08 18:00 - 00000000 ____D C:\Users\Luke\Downloads\Logo Photos
2016-03-12 17:45 - 2014-11-10 17:20 - 00000000 ____D C:\Users\Luke\Downloads\d826cd93-c2d7-4d56-8635-c08357d04f6e
2016-03-12 16:56 - 2014-09-29 19:18 - 00000000 ____D C:\Users\Luke\AppData\Roaming\vlc
2016-03-12 15:03 - 2014-09-20 14:53 - 00000000 ____D C:\Users\Luke\AppData\Local\Battle.net
2016-03-12 14:16 - 2015-06-30 03:50 - 00000722 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-03-12 14:16 - 2014-09-20 14:40 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-03-12 14:06 - 2014-12-02 15:03 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Skype
2016-03-12 13:48 - 2009-07-14 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-12 13:43 - 2014-09-20 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-03-12 13:36 - 2014-09-20 14:40 - 00000000 ____D C:\ProgramData\Origin
2016-03-12 12:43 - 2014-10-08 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-03-10 17:07 - 2015-05-12 07:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3
2016-03-10 16:58 - 2014-09-20 14:53 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Battle.net
2016-03-10 16:58 - 2014-09-20 14:42 - 00000000 ____D C:\ProgramData\Battle.net
2016-03-10 16:07 - 2015-12-03 14:34 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-10 11:58 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2016-03-09 21:55 - 2014-09-19 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-03-09 21:53 - 2014-09-20 15:48 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-09 21:51 - 2014-09-19 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-09 20:35 - 2014-09-19 19:02 - 00000000 ____D C:\ProgramData\Oracle
2016-03-09 20:04 - 2014-09-20 00:18 - 00000000 ____D C:\Users\Luke
2016-03-09 20:04 - 2014-09-19 19:02 - 00278624 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-03-09 19:57 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-09 19:57 - 2009-07-14 04:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-09 19:57 - 2009-07-14 04:45 - 00275088 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-09 17:46 - 2014-08-15 01:44 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 17:41 - 2014-12-12 02:03 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-09 17:41 - 2014-08-15 01:44 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-07 19:23 - 2014-10-24 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-03-07 15:31 - 2014-08-14 16:14 - 00000000 ____D C:\Windows\Panther
2016-03-07 15:20 - 2015-10-30 09:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-03 11:19 - 2015-06-03 03:37 - 00152320 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-03-03 11:19 - 2014-10-24 17:53 - 00407168 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-02-28 14:42 - 2015-04-04 17:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-28 14:42 - 2015-04-04 17:52 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-20 18:05 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-20 14:43 - 2015-08-20 15:44 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 14:43 - 2015-08-20 15:44 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-20 13:01 - 2014-12-02 15:03 - 00000000 ____D C:\ProgramData\Skype
2016-02-19 15:03 - 2015-02-02 09:14 - 00000000 ____D C:\Users\Luke\AppData\LocalLow\Temp
2016-02-17 13:56 - 2016-02-03 16:05 - 00000000 ____D C:\Users\Luke\Downloads\Photos (1)
 
==================== Files in the root of some directories =======
 
2015-09-25 06:18 - 2015-09-25 06:19 - 6420480 _____ () C:\Program Files (x86)\GUT8BCC.tmp
2016-02-11 17:01 - 2016-02-11 17:01 - 0005795 _____ () C:\Users\Luke\AppData\Local\recently-used.xbel
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-09 12:30
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 AM

Posted 14 March 2016 - 01:36 PM

Here is my suggested fix.
It's only a cleanup of items that are not required or empty.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(BitTorrent Inc.) C:\Users\Luke\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Luke\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast Online Security) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - d:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]
S3 cpuz138; C:\Users\Luke\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-03-13] (CPUID)
S3 aswVmm; \??\C:\Users\Luke\AppData\Local\Temp\aswVmm.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RTCore64; \??\D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [X]
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

===

#5 King_Geedorah

King_Geedorah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 14 March 2016 - 03:46 PM

Hi Dude,

 

Thanks again for looking into this for me.  I just want to be clear on what you're instructing above is actually going to do before I do it? Sorry if I'm being a pain but I like to understand what tweaks I'm making to my machine, especially as I'm not sure that what you're suggesting is connected to the original issue I had. 

 

Also just wanted to re-iterate that at present I have no problems at all, the program files(x86) folder wiped itself days ago but anything I've reinstalled since has not been deleted.  What I'm really trying to do is make sure that there's not an evil virus lurking around on my machine, do you have any experience with the java.blacole virus and if so do the symptoms I'm describing sound like they may be a result of said virus?

 

Thanks again and sorry if I'm cross questioning!



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 AM

Posted 15 March 2016 - 07:40 AM

All I know about this infection can be seen here.

https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Java%2fBlacole

p.s.
You may need to hava an account with Microsoft.
===

Witht the fix I suggested I'm creating a Restore point, temporary files will be deleted and the open processes will be closed before proceeding.

The rest of the fix will close some of the processes and Chrome extensions.
The rest will be remove from the registry as the items are empty and referencing nothing.

It's you call if you want to clean it.

===

#7 King_Geedorah

King_Geedorah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 15 March 2016 - 10:29 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Luke (2016-03-15 15:16:39) Run:1
Running from C:\Users\Luke\Downloads
Loaded Profiles: Luke (Available Profiles: Luke)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(BitTorrent Inc.) C:\Users\Luke\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
(BitTorrent Inc.) C:\Users\Luke\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Avast Online Security) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - d:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]
S3 cpuz138; C:\Users\Luke\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-03-13] (CPUID)
S3 aswVmm; \??\C:\Users\Luke\AppData\Local\Temp\aswVmm.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RTCore64; \??\D:\Program Files (x86)\MSI Afterburner\RTCore64.sys [X]
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Luke\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Luke\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe => No running process found
C:\Users\Luke\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
Could not move "d:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
cpuz138 => service removed successfully
aswVmm => service could not remove
EagleX64 => service removed successfully
RTCore64 => service removed successfully
"HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-2146068824-933803117-2314476848-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}" => key removed successfully
EmptyTemp: => 2.1 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-15 15:19:00)
 
"d:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 15:19:00 ====
 
 
 
Thanks again nasdaq, I really appreciate you taking the time out to explain, log is above. The Microsoft link does not provide much information at all, and if I'm honest I'm concerned that this fix seems to bare little relation to the actual issue I've had.  I won't lie, I'm not ecstatic that the fix wiped all of my passwords from Chrome and lost links on the homepage of chrome, this is the sort of stuff I was trying to avoid by not reformatting.
 
I'd really appreciate it if you or anybody else are able to help me address the actual question I've asked IE does it sound like the java.blacole virus could be what wiped my programfiles(x86) folder and what can I do to be as sure as possible that I'm virus free at this stage?


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 AM

Posted 16 March 2016 - 08:29 AM

I won't lie, I'm not ecstatic that the fix wiped all of my passwords from Chrome and lost links on the homepage of chrome, this is the sort of stuff I was trying to avoid by not reformatting.

This could happen when you reset Chrome. I did not issue such a command,

Try this and see if the passwords still available to you.
http://www.techverse.net/recover-lost-password-google-chrome/


This is an interesting article that may also help.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
===

Run the CHKDSK command with the /R switch.
https://askleo.com/chkdsk_what_is_it_and_how_do_i_run_it/

If lucky you may get your folder back.

===

You can also start a new topic in the Internal Hardware forum.
An expert may be able to suggest other tools to possibly restore it.
http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

#9 King_Geedorah

King_Geedorah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 17 March 2016 - 10:51 AM

Thanks Nasdaq, don't worry, this isn't the end of the world, just a minor inconvenience. I'm much more concerned about making sure there isn't a virus on my system still than those passwords, I apologies if I came off as standoffish about that.

 

I probably should have posted this in my first post as these pages are what made me think I have the java.blacole issue in the first place, might give you some more context as to what is going on with my machine and why I'm worried it's still there somewhere:

 

http://www.sevenforums.com/system-security/231459-programs-being-deleted-c-program-files-x86.html

https://www.reddit.com/r/Windows10/comments/3j6is3/bug_my_program_files_and_program_files_x86/

 

Thanks man.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 AM

Posted 17 March 2016 - 01:10 PM

For me the contents were moved to c:\Windows.old\Program Files (x86)
Very annoying, but at least not deleted.

Quoted from the second link you gave me.

No such luck on your part?
===

Look for the Program Files (x86).

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :folderfind
    Program Files (x86)
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===

#11 King_Geedorah

King_Geedorah
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 17 March 2016 - 03:21 PM

The guy you quoted wasn't the OP, he had a different issue, I wish it was that simple! The programs haven't just been hidden somewhere else, the HDD they were on had 700gb more space after this happened.  My files were definitely deleted not just moved. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users