Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unremoveable adware


  • This topic is locked This topic is locked
4 replies to this topic

#1 yosup7400

yosup7400

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 21 March 2016 - 11:56 PM

I have had a bad run of adware for the past week, which started when I downloaded 64-bit java from the actual java website. I actually checked before I made the download. It wasn't some fake website. After I made the download, severe adware started popping up in all of my browsers. The list so far includes Chrome, Internet Explorer, Firefox, and even Steam! I have run Malwarebytes, Adwcleaner, and Hitmanpro. I have also set my DNS settings to the factory default and cleared all of the cookies from all of my browsers. The adware has not gone away.

 

Some of the adware I've noticed from the Chrome loading procedures includes s.pmddy.com and dns unlocker. I have checked through my entire system and neither of them exist in name or form on my computer. Included in this post are some screenshots of the effects of the adware, including a screenshot of another instance where I tried to write a post in this issue, which promptly crashed after over 2000 ads were blocked by adware. 

 

Attached File  Adware.PNG   608.49KB   1 downloads

 

Attached File  adware2.PNG   422.85KB   0 downloads

 

When I click anywhere on the page, whether it be an ad or just empty space, a new tab opens to one of the advertised sites. After about two minutes, the page itself is redirected to a page with several download links that will "repair" my computer. If I hit the "back" navigation button, it goes back to the original page I was on, and the adware does not appear until I look at webpages on a different domain. The adware does not appear on Youtube or google results pages at all. 

 

 

Here is a video of it happening on your own website, so you can be sure that it doesn't belong there.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Bilmore (administrator) on BILMORE-PC (21-03-2016 22:44:25)
Running from C:\Users\Bilmore\Desktop
Loaded Profiles: Bilmore (Available Profiles: Bilmore)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices) C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(MY.COM B.V.) C:\Users\Bilmore\AppData\Local\MyComGames\MyComGames.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Users\Bilmore\AppData\Local\MediaFire Desktop\mf_watch.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(Wondershare) C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(GameStop Corp.) C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Bilmore\AppData\Local\MediaFire Desktop\mf_hub.exe
() C:\Users\Bilmore\AppData\Local\MediaFire Desktop\MediaFire Desktop.exe
() C:\Users\Bilmore\AppData\Local\MediaFire Desktop\mf_filetransfer.exe
() C:\Users\Bilmore\AppData\Local\MediaFire Desktop\mf_browser.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
() C:\Users\Bilmore\AppData\Local\MediaFire Desktop\mf_central_control.exe
() C:\Users\Bilmore\AppData\Local\MediaFire Desktop\mf_monitor.exe
() C:\Users\Bilmore\AppData\Local\MediaFire Desktop\mf_dialogs.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-03-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-05-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595504 2016-01-29] (Oracle Corporation)
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\Run: [UM] => C:\Users\Bilmore\AppData\Roaming\Update Manager\UM.EXE
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\Run: [MyComGames] => C:\Users\Bilmore\AppData\Local\MyComGames\MyComGames.exe [4844912 2016-03-14] (MY.COM B.V.)
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\Run: [MediaFire Tray] => C:\Users\Bilmore\AppData\Local\MediaFire Desktop\mf_watch.exe [4026368 2016-01-12] ()
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\MountPoints2: {c4e35bb1-9f81-11df-881f-806e6f6e6963} - setup\rsrc\Autorun.exe
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [] -> {b5458932-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Bilmore\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayError.dll [2016-01-12] ()
ShellIconOverlayIdentifiers: [] -> {b5458930-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Bilmore\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlaySynced.dll [2016-01-12] ()
ShellIconOverlayIdentifiers: [] -> {b5458934-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Bilmore\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayReadOnly.dll [2016-01-12] ()
ShellIconOverlayIdentifiers: [] -> {b5458933-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Bilmore\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlayLock.dll [2016-01-12] ()
ShellIconOverlayIdentifiers: [] -> {b5458931-3c8c-4131-ba1e-f0b5350e4e1e} => C:\Users\Bilmore\AppData\Local\MediaFire Desktop\x64\MFShellIconOverlaySyncing.dll [2016-01-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-15]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2015-12-22]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo\MobileGoService.exe (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2012-06-23]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Bilmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2015-12-11]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Bilmore\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2016-03-21]
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-08-03]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-08-03]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * bootdeletesdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-809334929-2000377688-2385556270-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-809334929-2000377688-2385556270-1000] => http=127.0.0.1:49493;https=127.0.0.1:49493
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{20B52CFF-DF0F-427B-B6F4-3FAEC4F4D0A0}: [DhcpNameServer] 24.116.0.53 24.116.2.50
Tcpip\..\Interfaces\{D8364CF4-42F7-4303-A1B2-9264E778E548}: [DhcpNameServer] 24.116.0.53 24.116.2.50
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.google.com
hxxp://google.com/
URLSearchHook: HKU\S-1-5-21-809334929-2000377688-2385556270-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {F9D47338-BF96-4B43-9DEF-01C36DF57C67} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {731CAA34-8331-4132-9318-052A349ECEE6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-809334929-2000377688-2385556270-1000 -> {731CAA34-8331-4132-9318-052A349ECEE6} URL = 
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-03-14] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-14] (Oracle Corporation)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-809334929-2000377688-2385556270-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-20] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2009-07-23] (Cozi Group, Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/yhp-ff
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1223183.dll [2015-12-21] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2010-08-27] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2010-08-27] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-809334929-2000377688-2385556270-1000: @my.com/Games -> C:\Users\Bilmore\AppData\Local\MyComGames\NPMyComDetector.dll [2016-01-26] (MY.COM B.V.)
FF Plugin HKU\S-1-5-21-809334929-2000377688-2385556270-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-6ca07d14e2274822\\NPRobloxProxy.dll [2012-06-13] ( Roblox Corporation)
FF Plugin HKU\S-1-5-21-809334929-2000377688-2385556270-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bilmore\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-809334929-2000377688-2385556270-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2010-08-27] (Pando Networks)
FF Plugin HKU\S-1-5-21-809334929-2000377688-2385556270-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-02-16] ()
FF user.js: detected! => C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\user.js [2016-03-19]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2016-01-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2016-01-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2016-01-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2016-01-02] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2016-01-02] (Apple Inc.)
FF SearchPlugin: C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\searchplugins\bing-zugo.xml [2011-07-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-08-16]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\bbrs_002@blabbers.com [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\ffxtlbr@babylon.com [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\ffxtlbr@Facemoods.com [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\m3ffxtbr@mywebsearch.com [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\toolbar@ask.com [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{7e80e173-7e63-464e-8252-fe170b15c15a} [not found]
FF Extension: Start Page - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{a192bf54-089f-4325-ac25-7eafcd17a342}.xpi [2016-03-06]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{b7870b41-bfb3-44cd-8cc2-e392e51b0874} [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [not found]
FF Extension: No Name - C:\Program Files (x86)\Object\facetheme [not found]
FF Extension: InternetSearch - C:\Program Files (x86)\SSearch\InternetSearch [2011-11-30] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{fe091d01-1668-48f4-8f27-244dc71f6a76}] - C:\Program Files (x86)\SSearch\InternetSearch
FF HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\Firefox\Extensions: [{fe091d01-1668-48f4-8f27-244dc71f6a76}] - C:\Program Files (x86)\SSearch\InternetSearch
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.palikan.com/?f=1&a=bfp_coinisrs_16_05&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0A0A0AzzyBzzyEtByDyCtN0D0Tzu0StCyEzyyDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StA0Fzzzz0C0AyB0AtGyCtDyC0EtGzztDtD0EtGtByB0E0FtGyEtD0F0DtCzytC0A0F0A0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtAyEyDyD0FyCzztGtCyEzy0DtGyEtDtCyEtG0ByE0D0DtGtC0C0CtC0AtAyBzy0E0D0C0F2QtN0A0LzutB&cr=1849604128&ir=
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Desmos Graphing Calculator) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdheahnajobgndecdbggfmcojekgdko [2015-09-10]
CHR Extension: (Edmodo) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpcdidgjjebefhmlhjlgnkahlimgaemc [2015-09-10]
CHR Extension: (AirMech) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn [2015-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Scientific Calculator) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\npoipmeppdioagbkigdlnpmjphnolaog [2015-09-10]
CHR Extension: (Khan Academy) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko [2015-09-10]
CHR Profile: C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-11]
CHR Extension: (Google Docs) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-11]
CHR Extension: (Google Drive) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-11]
CHR Extension: (Stylish) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-09-30]
CHR Extension: (Google Docs Offline) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-03-18]
CHR Extension: (Chromium Wheel Smooth Scroller) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\khpcanbeojalbkpgpmjpdkjnkfcgfkhb [2016-01-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-11]
CHR Extension: (Scientific Calculator) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\npoipmeppdioagbkigdlnpmjphnolaog [2015-11-05]
CHR Extension: (Gmail) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-11]
CHR Extension: (Luna Theme ) - C:\Users\Bilmore\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pmhihobegibbfdeogahppfhmbfmbjann [2015-12-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-03-22] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-03-15] (AMD) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-03-07] (BitRaider, LLC)
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-05-17] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2014-11-17] (EasyAntiCheat Ltd)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-03-21] (SurfRight B.V.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
S3 MediaFire Desktop Updater Service; C:\Program Files (x86)\MediaFire Desktop\bin\UpdaterLocalCOM.exe [210416 2016-01-12] ()
R2 MF NTFS Monitor; C:\Program Files (x86)\MediaFire Desktop\bin\MFUsnMonitorService.exe [456176 2016-01-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-05] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1009904 2016-02-11] (Overwolf LTD)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-12-03] ()
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [3337728 2015-10-30] (Microsoft Corporation) [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-10-14] (Secunia)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.4.4\WsAppService.exe [382464 2015-11-19] (Wondershare) [File not signed]
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [104248 2015-11-20] (Wondershare)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-05-17] (BitRaider)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-01-20] (BitRaider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hxsyol; C:\Windows\system32\hxsy64.sys [86352 2015-01-31] ()
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-21] (Malwarebytes)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2016-01-12] (Windows ® Win 7 DDK provider)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-21 22:44 - 2016-03-21 22:45 - 00036988 _____ C:\Users\Bilmore\Desktop\FRST.txt
2016-03-21 22:44 - 2016-03-21 22:44 - 00000000 ____D C:\FRST
2016-03-21 22:43 - 2016-03-21 22:43 - 02374144 _____ (Farbar) C:\Users\Bilmore\Desktop\FRST64.exe
2016-03-21 20:47 - 2016-03-21 20:47 - 00124966 _____ C:\Windows\system32\bootdelete.lst
2016-03-21 20:47 - 2016-03-21 20:47 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-03-21 20:12 - 2016-03-21 20:12 - 00001895 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-03-21 20:12 - 2016-03-21 20:12 - 00000000 ____D C:\Program Files\HitmanPro
2016-03-21 20:11 - 2016-03-21 20:49 - 00000000 ____D C:\ProgramData\HitmanPro
2016-03-21 20:11 - 2016-03-21 20:11 - 11441744 _____ (SurfRight B.V.) C:\Users\Bilmore\Downloads\hitmanpro_x64.exe
2016-03-20 13:42 - 2016-03-20 13:42 - 02305894 _____ C:\Users\Bilmore\Documents\wavesproblems2.pdf
2016-03-20 13:28 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-03-20 13:24 - 2016-03-20 13:24 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-03-20 13:23 - 2016-03-21 20:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-20 13:23 - 2016-03-21 20:54 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-20 13:23 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\Windows\system32\sdnclean64.exe
2016-03-20 13:20 - 2016-03-20 13:20 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Bilmore\Downloads\spybot-2.4.exe
2016-03-19 21:39 - 2016-03-19 21:39 - 00001251 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2016-03-19 21:39 - 2016-03-19 21:39 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2016-03-19 21:39 - 2016-03-19 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2016-03-19 21:39 - 2016-03-19 21:39 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2016-03-19 21:09 - 2016-03-19 21:12 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-19 21:09 - 2016-03-19 21:09 - 01527296 _____ C:\Users\Bilmore\Desktop\adwcleaner_5.102.exe
2016-03-17 13:43 - 2016-03-17 13:43 - 00000221 _____ C:\Users\Bilmore\Desktop\The Elder Scrolls V Skyrim.url
2016-03-16 19:01 - 2016-03-16 19:01 - 00000000 ____D C:\Users\Bilmore\Documents\BnS
2016-03-16 07:14 - 2016-03-16 07:14 - 00002192 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-03-16 07:14 - 2016-03-16 07:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-03-16 07:14 - 2016-03-16 07:14 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2016-03-16 07:12 - 2016-03-16 07:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-03-16 07:12 - 2016-03-16 07:12 - 00000000 ____D C:\Program Files (x86)\NCWest
2016-03-16 07:11 - 2016-03-16 07:11 - 227195640 _____ (NC Interactive, LLC) C:\Users\Bilmore\Downloads\BnS_Lite_Installer.exe
2016-03-15 07:25 - 2016-03-21 21:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-15 07:25 - 2016-03-15 07:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-15 07:25 - 2016-03-15 07:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-15 07:25 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-15 07:25 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-14 20:25 - 2015-10-30 01:17 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-03-14 18:15 - 2016-03-14 18:15 - 00000000 ____D C:\Users\Bilmore\AppData\Roaming\java
2016-03-14 17:43 - 2016-03-17 20:16 - 00000000 ____D C:\Users\Bilmore\AppData\Roaming\.pixelmon
2016-03-14 17:41 - 2016-03-14 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pixelmon Launcher
2016-03-14 17:41 - 2016-03-14 20:50 - 00000000 ____D C:\Program Files (x86)\Pixelmon Launcher
2016-03-14 17:41 - 2016-03-14 17:43 - 00001044 _____ C:\Users\Public\Desktop\Pixelmon Launcher.lnk
2016-03-14 17:40 - 2016-03-14 17:40 - 15403496 _____ (Ikara Software Limited) C:\Users\Bilmore\Downloads\PixelmonLauncher-1.1.57.exe
2016-03-14 15:47 - 2016-03-14 15:46 - 00110176 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2016-03-14 15:46 - 2016-03-14 15:46 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-03-14 15:44 - 2016-03-14 15:45 - 57099360 _____ (Oracle Corporation) C:\Users\Bilmore\Downloads\jre-8u73-windows-x64.exe
2016-03-13 20:03 - 2016-03-13 20:03 - 00002734 _____ C:\Users\Bilmore\AppData\Local\recently-used.xbel
2016-03-13 19:28 - 2016-03-13 19:28 - 03769609 _____ C:\Users\Bilmore\Documents\waveslab.pdf
2016-03-13 18:42 - 2016-03-13 18:42 - 04524719 _____ C:\Users\Bilmore\Documents\wavesproblems.pdf
2016-03-12 21:39 - 2016-03-12 21:39 - 04264093 _____ C:\Users\Bilmore\Documents\waves.pdf
2016-03-12 13:44 - 2016-03-12 13:44 - 01637970 _____ C:\Users\Bilmore\Documents\pendulums.pdf
2016-03-11 15:28 - 2016-03-11 15:28 - 00000220 _____ C:\Users\Bilmore\Desktop\Sid Meier's Civilization V.url
2016-03-10 18:08 - 2016-03-10 18:08 - 00068769 _____ C:\Users\Bilmore\Downloads\Ft._Funkist.pdf
2016-03-09 09:34 - 2016-02-12 12:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 09:34 - 2016-02-12 12:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 09:34 - 2016-02-12 12:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 09:34 - 2016-02-12 12:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 09:34 - 2016-02-12 12:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 09:34 - 2016-02-12 12:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 09:34 - 2016-02-12 12:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 09:34 - 2016-02-12 12:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 09:34 - 2016-02-12 12:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 09:34 - 2016-02-12 12:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 09:34 - 2016-02-12 12:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 09:34 - 2016-02-12 12:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 09:34 - 2016-02-12 12:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 09:34 - 2016-02-12 12:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 09:34 - 2016-02-12 12:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 09:34 - 2016-02-12 12:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 09:34 - 2016-02-04 11:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 09:34 - 2016-02-03 12:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 09:34 - 2016-01-11 13:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 09:34 - 2015-11-19 08:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 09:34 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-09 09:33 - 2016-02-11 12:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 09:33 - 2016-02-11 12:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 09:33 - 2016-02-11 12:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 09:33 - 2016-02-11 12:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 09:33 - 2016-02-11 12:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 09:33 - 2016-02-11 12:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 09:33 - 2016-02-11 12:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 09:33 - 2016-02-11 12:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 09:33 - 2016-02-11 12:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 09:33 - 2016-02-11 12:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 09:33 - 2016-02-11 12:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 09:33 - 2016-02-11 12:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 09:33 - 2016-02-11 12:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 09:33 - 2016-02-11 12:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 09:33 - 2016-02-11 12:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 09:33 - 2016-02-11 12:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 09:33 - 2016-02-11 12:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 09:33 - 2016-02-11 12:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 09:33 - 2016-02-11 12:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 09:33 - 2016-02-11 12:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 09:33 - 2016-02-11 12:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 09:33 - 2016-02-11 12:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 09:33 - 2016-02-11 12:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 09:33 - 2016-02-11 12:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 09:33 - 2016-02-11 12:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 09:33 - 2016-02-11 12:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 09:33 - 2016-02-11 12:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 09:33 - 2016-02-11 12:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 09:33 - 2016-02-11 12:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 09:33 - 2016-02-11 12:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 09:33 - 2016-02-11 12:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 09:33 - 2016-02-11 12:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 09:33 - 2016-02-11 12:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 09:33 - 2016-02-11 12:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 09:33 - 2016-02-11 12:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 09:33 - 2016-02-11 12:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 09:33 - 2016-02-11 12:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 09:33 - 2016-02-11 12:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 09:33 - 2016-02-11 12:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 09:33 - 2016-02-11 12:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 09:33 - 2016-02-11 12:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 09:33 - 2016-02-11 12:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 09:33 - 2016-02-11 12:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 09:33 - 2016-02-11 12:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 09:33 - 2016-02-11 12:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 09:33 - 2016-02-11 12:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 11:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 09:33 - 2016-02-11 11:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 09:33 - 2016-02-11 11:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 09:33 - 2016-02-11 11:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 09:33 - 2016-02-11 11:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 09:33 - 2016-02-11 11:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 09:33 - 2016-02-11 11:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 09:33 - 2016-02-11 11:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 09:33 - 2016-02-11 11:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 09:33 - 2016-02-11 11:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 09:33 - 2016-02-11 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 09:33 - 2016-02-11 11:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 09:33 - 2016-02-11 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 09:33 - 2016-02-11 11:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 09:33 - 2016-02-11 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 09:33 - 2016-02-11 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 09:33 - 2016-02-09 00:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 09:33 - 2016-02-09 00:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 09:33 - 2016-02-08 15:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 09:33 - 2016-02-08 14:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 09:33 - 2016-02-08 14:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 09:33 - 2016-02-08 14:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 09:33 - 2016-02-08 14:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 09:33 - 2016-02-08 14:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 09:33 - 2016-02-08 14:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 09:33 - 2016-02-08 14:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 09:33 - 2016-02-08 14:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 09:33 - 2016-02-08 14:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 09:33 - 2016-02-08 14:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 09:33 - 2016-02-08 14:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 09:33 - 2016-02-08 14:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 09:33 - 2016-02-08 14:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 09:33 - 2016-02-08 14:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 09:33 - 2016-02-08 14:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 09:33 - 2016-02-08 14:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 09:33 - 2016-02-08 14:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 09:33 - 2016-02-08 14:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 09:33 - 2016-02-08 14:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 09:33 - 2016-02-08 14:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 09:33 - 2016-02-08 14:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 09:33 - 2016-02-08 14:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 09:33 - 2016-02-08 14:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 09:33 - 2016-02-08 14:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 09:33 - 2016-02-08 14:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 09:33 - 2016-02-08 14:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 09:33 - 2016-02-08 14:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 09:33 - 2016-02-08 13:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 09:33 - 2016-02-08 13:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 09:33 - 2016-02-08 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 09:33 - 2016-02-08 12:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 09:33 - 2016-02-08 12:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 09:33 - 2016-02-08 12:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 09:33 - 2016-02-08 12:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 09:33 - 2016-02-08 12:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 09:33 - 2016-02-08 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 09:33 - 2016-02-08 12:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 09:33 - 2016-02-08 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 09:33 - 2016-02-08 12:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 09:33 - 2016-02-08 12:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 09:33 - 2016-02-08 12:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 09:33 - 2016-02-08 12:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 09:33 - 2016-02-08 12:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 09:33 - 2016-02-08 12:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 09:33 - 2016-02-08 12:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 09:33 - 2016-02-08 12:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 09:33 - 2016-02-08 12:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 09:33 - 2016-02-08 12:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 09:33 - 2016-02-08 11:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 09:33 - 2016-02-08 11:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 09:33 - 2016-02-08 11:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 09:33 - 2016-02-08 11:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 09:33 - 2016-02-08 11:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 09:33 - 2016-02-08 11:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 09:33 - 2016-02-08 11:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 09:33 - 2016-02-08 11:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 09:33 - 2016-02-08 11:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 09:33 - 2016-02-08 11:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 09:33 - 2016-02-08 11:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 09:33 - 2016-02-08 11:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 09:33 - 2016-02-08 11:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 09:33 - 2016-02-08 11:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 09:33 - 2016-02-08 10:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 09:33 - 2016-02-05 12:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 09:33 - 2016-02-05 12:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 09:33 - 2016-02-05 12:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 09:33 - 2016-02-05 12:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 09:33 - 2016-02-05 12:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 09:33 - 2016-02-05 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 09:33 - 2016-02-05 12:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 09:33 - 2016-02-05 11:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 09:33 - 2016-02-05 11:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 09:33 - 2016-02-05 11:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 09:33 - 2016-02-04 19:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 09:33 - 2016-02-04 12:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 09:33 - 2016-02-03 12:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 09:33 - 2016-02-03 12:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 09:33 - 2016-02-03 12:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 09:33 - 2016-02-03 12:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 09:32 - 2016-02-19 13:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 09:32 - 2016-02-19 12:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 09:32 - 2016-02-19 08:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 09:32 - 2016-02-11 08:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 09:32 - 2016-02-09 03:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 09:32 - 2016-02-09 03:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 09:32 - 2016-02-09 03:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 09:32 - 2016-02-09 03:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 09:32 - 2016-02-09 03:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 09:32 - 2016-02-09 03:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 09:32 - 2016-02-09 03:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 09:32 - 2016-02-09 03:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 09:32 - 2016-02-09 03:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 09:32 - 2016-02-09 03:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 09:32 - 2016-02-09 03:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 09:32 - 2016-02-05 08:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 09:32 - 2016-02-05 08:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 09:32 - 2016-02-05 08:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-06 19:55 - 2016-03-06 19:55 - 02944346 _____ C:\Users\Bilmore\Documents\elecmagnets.pdf
2016-03-06 18:56 - 2016-03-06 18:56 - 01270411 _____ C:\Users\Bilmore\Documents\magnets.pdf
2016-03-06 16:33 - 2016-03-06 16:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-05 17:09 - 2015-12-18 00:11 - 00047760 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-03-05 17:09 - 2015-12-18 00:10 - 00099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-03-05 17:09 - 2015-12-18 00:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-02-29 22:26 - 2016-02-29 22:26 - 11274890 _____ C:\Users\Bilmore\Documents\Mom_0001.pdf
2016-02-29 17:52 - 2016-02-29 20:29 - 00000000 ____D C:\Users\Bilmore\AppData\Roaming\FontForge
2016-02-29 17:52 - 2016-02-29 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontForge
2016-02-29 17:52 - 2016-02-29 17:52 - 00000000 ____D C:\Program Files (x86)\FontForgeBuilds
2016-02-29 17:51 - 2016-02-29 17:51 - 16501874 _____ (FontForgeBuilds ) C:\Users\Bilmore\Downloads\FontForge-2015-08-24-Windows.exe
2016-02-28 19:30 - 2016-02-28 19:30 - 01098961 _____ (Igor Pavlov) C:\Users\Bilmore\Downloads\7z1514.exe
2016-02-28 19:30 - 2016-02-28 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-02-28 19:30 - 2016-02-28 19:30 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-02-28 17:26 - 2016-02-28 17:27 - 19897456 _____ C:\Users\Bilmore\Downloads\chp916000_256k.asf
2016-02-27 17:31 - 2016-02-27 17:31 - 30845022 _____ C:\Users\Bilmore\Downloads\Et de Novo Incipere.wav
2016-02-25 21:22 - 2016-02-25 21:22 - 01527234 _____ C:\Users\Bilmore\Documents\Mom.pdf
2016-02-20 22:37 - 2016-02-20 22:37 - 07333461 _____ C:\Users\Bilmore\Documents\HATE.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-21 22:45 - 2015-12-30 09:00 - 00000000 ___HD C:\Users\Bilmore\.mediafire
2016-03-21 22:37 - 2015-07-20 17:14 - 00000000 ____D C:\Users\Bilmore\AppData\Roaming\OBS
2016-03-21 22:26 - 2014-06-22 17:55 - 00000000 ____D C:\Users\Bilmore\AppData\Roaming\Skype
2016-03-21 22:15 - 2010-08-11 19:07 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-21 22:10 - 2013-12-12 07:58 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-21 22:03 - 2012-04-04 07:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-21 22:02 - 2015-08-29 16:02 - 00000911 _____ C:\Windows\Tasks\EPSON WF-3640 Series Update {E57FE712-5FDD-4300-8E82-548439E04827}.job
2016-03-21 22:02 - 2015-08-29 16:02 - 00000725 _____ C:\Windows\Tasks\EPSON WF-3640 Series Invitation {E57FE712-5FDD-4300-8E82-548439E04827}.job
2016-03-21 21:23 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-21 21:23 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-21 21:20 - 2011-03-03 21:27 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-21 21:17 - 2010-10-27 08:09 - 00000000 ____D C:\Users\Bilmore\Tracing
2016-03-21 21:12 - 2016-01-09 18:28 - 00000000 ___RD C:\Users\Bilmore\MediaFire
2016-03-21 21:12 - 2015-07-23 13:09 - 00000000 ____D C:\Users\Bilmore\AppData\Local\MyComGames
2016-03-21 21:12 - 2012-05-14 16:26 - 00000000 ____D C:\Users\Bilmore\AppData\Local\LogMeIn Hamachi
2016-03-21 21:10 - 2014-10-01 21:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-21 21:10 - 2010-08-11 19:07 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-21 21:10 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-21 18:37 - 2014-07-21 16:23 - 00000000 ____D C:\Users\Bilmore\AppData\Local\Warframe
2016-03-21 11:30 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\L2Schemas
2016-03-20 19:34 - 2015-04-08 20:21 - 00001783 _____ C:\Users\Bilmore\.lmmsrc.xml
2016-03-20 14:55 - 2014-02-15 16:02 - 00000000 ____D C:\Users\Bilmore\AppData\Roaming\Audacity
2016-03-20 13:43 - 2011-06-30 14:15 - 00433664 ___SH C:\Users\Bilmore\Documents\Thumbs.db
2016-03-20 13:28 - 2015-07-09 10:43 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-19 21:13 - 2014-08-03 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
2016-03-19 13:11 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\addins
2016-03-17 14:04 - 2014-08-03 19:39 - 00000000 ____D C:\Users\Bilmore\Documents\Nexus Mod Manager
2016-03-17 14:04 - 2012-06-30 15:50 - 00000000 ____D C:\Users\Bilmore\AppData\Local\Skyrim
2016-03-17 13:48 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-16 07:14 - 2010-08-03 20:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-15 15:29 - 2010-08-03 20:48 - 00000000 ____D C:\Temp
2016-03-15 07:25 - 2012-06-23 10:16 - 00000000 ____D C:\Users\Bilmore\AppData\Roaming\Malwarebytes
2016-03-15 07:25 - 2012-06-23 10:15 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-15 07:25 - 2012-06-22 12:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-15 07:25 - 2012-06-22 12:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2016-03-15 06:47 - 2015-12-25 11:22 - 00000000 ____D C:\Users\Bilmore\AppData\Local\CrashDumps
2016-03-14 20:50 - 2015-01-10 14:32 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-14 20:50 - 2011-08-10 15:05 - 00000000 ____D C:\Users\Bilmore\AppData\Roaming\.minecraft
2016-03-14 20:50 - 2010-08-07 01:37 - 00000000 ____D C:\Users\Bilmore
2016-03-14 20:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-03-14 20:50 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-14 20:24 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\spool
2016-03-14 17:16 - 2010-09-21 21:21 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 15:47 - 2013-10-18 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-14 15:47 - 2010-08-03 20:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-14 15:46 - 2015-11-20 18:01 - 00000000 ____D C:\Users\Bilmore\.oracle_jre_usage
2016-03-14 15:46 - 2010-08-03 20:42 - 00000000 ____D C:\Program Files\Java
2016-03-14 15:28 - 2015-05-16 11:03 - 00000000 ____D C:\Users\Bilmore\AppData\Roaming\Ikara Software Limited
2016-03-14 07:33 - 2009-07-13 23:13 - 00796934 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-13 20:03 - 2012-06-25 18:32 - 00000000 ____D C:\Users\Bilmore\.gimp-2.8
2016-03-13 11:44 - 2012-06-23 13:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-11 15:26 - 2016-01-31 21:31 - 00000000 ____D C:\Users\Bilmore\AppData\Local\osu!
2016-03-10 21:03 - 2012-04-04 07:01 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 21:03 - 2012-04-04 07:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-10 21:03 - 2011-08-24 17:51 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 07:46 - 2010-08-03 20:56 - 00000000 ____D C:\ProgramData\Skype
2016-03-10 07:40 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-10 07:38 - 2009-07-13 22:45 - 00349856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-09 22:40 - 2013-08-14 17:51 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 22:17 - 2010-08-13 21:58 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 22:16 - 2014-12-11 06:30 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-08 21:55 - 2013-08-11 12:42 - 00000000 ____D C:\Users\Bilmore\Downloads\plugins
2016-03-05 17:11 - 2014-10-01 21:30 - 00000000 ____D C:\Users\Bilmore\AppData\Local\NVIDIA
2016-03-05 17:10 - 2014-10-15 18:25 - 00001339 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-02-28 22:23 - 2012-11-26 19:42 - 00000000 ____D C:\Users\Bilmore\AppData\Roaming\uTorrent
2016-02-28 19:20 - 2016-02-01 18:03 - 00000892 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-02-28 19:20 - 2014-08-03 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-02-28 19:20 - 2014-08-03 19:39 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-02-25 22:05 - 2015-04-04 23:17 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-25 22:05 - 2015-04-04 23:17 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-22 19:30 - 2016-02-16 20:12 - 00000000 ____D C:\Users\Bilmore\Documents\Unreal Projects
2016-02-22 17:27 - 2015-03-24 17:27 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-02-21 22:07 - 2014-01-02 20:32 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2014-10-22 17:16 - 2014-10-22 17:16 - 6000640 _____ () C:\Program Files (x86)\GUT450.tmp
2013-05-20 19:58 - 2014-06-22 12:06 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2015-10-20 13:45 - 2015-10-20 13:45 - 0037607 _____ () C:\Program Files (x86)\Common Files\license.rtf
2015-10-20 13:45 - 2015-10-20 13:45 - 0008046 _____ () C:\Program Files (x86)\Common Files\setupBanner.jpg
2015-07-20 16:52 - 2015-07-20 16:52 - 0000046 _____ () C:\Users\Bilmore\AppData\Roaming\Camdata.ini
2015-07-20 16:52 - 2015-07-20 16:52 - 0000408 _____ () C:\Users\Bilmore\AppData\Roaming\CamLayout.ini
2015-07-20 16:52 - 2015-07-20 16:52 - 0000408 _____ () C:\Users\Bilmore\AppData\Roaming\CamShapes.ini
2015-07-20 16:15 - 2015-07-20 16:51 - 0004536 _____ () C:\Users\Bilmore\AppData\Roaming\CamStudio.cfg
2012-06-22 20:29 - 2012-06-22 20:29 - 0000024 _____ () C:\Users\Bilmore\AppData\Roaming\mbam.context.scan
2015-07-20 16:14 - 2015-07-20 16:14 - 0000096 _____ () C:\Users\Bilmore\AppData\Roaming\version2.xml
2013-12-18 18:04 - 2015-05-21 17:04 - 0000157 _____ () C:\Users\Bilmore\AppData\Roaming\WB.CFG
2014-05-04 10:28 - 2014-05-04 10:48 - 0011264 _____ () C:\Users\Bilmore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-23 14:01 - 2012-06-23 14:01 - 0033758 _____ () C:\Users\Bilmore\AppData\Local\dt.dat
2012-06-12 00:22 - 2012-06-12 00:22 - 0000095 _____ () C:\Users\Bilmore\AppData\Local\fusioncache.dat
2016-03-13 20:03 - 2016-03-13 20:03 - 0002734 _____ () C:\Users\Bilmore\AppData\Local\recently-used.xbel
 
Files to move or delete:
====================
C:\Users\Bilmore\padSeguDIJoy.dll
 
 
Some files in TEMP:
====================
C:\Users\Bilmore\AppData\Local\Temp\021tlyep.dll
C:\Users\Bilmore\AppData\Local\Temp\0pkbjvs2.dll
C:\Users\Bilmore\AppData\Local\Temp\13-12_win7_win8_64_dd_ccc_whql.exe
C:\Users\Bilmore\AppData\Local\Temp\27fff54a706caf16275619fa9b79269c.dll
C:\Users\Bilmore\AppData\Local\Temp\8hhktqm2.dll
C:\Users\Bilmore\AppData\Local\Temp\adfnllul.dll
C:\Users\Bilmore\AppData\Local\Temp\AutoRun.exe
C:\Users\Bilmore\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Bilmore\AppData\Local\Temp\avguidx.dll
C:\Users\Bilmore\AppData\Local\Temp\b4gj8psk.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll1230003881607385087.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll1435909122813181313.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll1510563270920619445.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll1586226219079530469.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll180290014324430259.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll1921878289105986971.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll1981374045731716532.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll202850573031075682.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll2262516277113732577.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll245650569280759547.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll2536765733678660992.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll2825567866553016878.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll290315047015806038.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll3192440857651671873.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll3530692881259908385.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll3630774521675189774.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll3648080391188923675.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll3667558461767235267.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll4784281059861953747.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll5008274215578370327.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll5069275586605456668.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll5325216924850403823.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll5971039665092124876.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll6133002896181141438.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll6177498339790969741.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll6281524295293222854.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll6668281433651187258.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll6690424282563042348.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll6893790913030951058.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll6933181491382823818.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll7505034649568716891.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll7709026816580115475.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll7944779896900165871.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll8323899122850137204.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll8383078100831464369.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll8854299002837188790.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll9031088049530834928.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll9075855976805503878.dll
C:\Users\Bilmore\AppData\Local\Temp\bridj.dll9142902777692946902.dll
C:\Users\Bilmore\AppData\Local\Temp\bxayso2d.dll
C:\Users\Bilmore\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Bilmore\AppData\Local\Temp\dnitntzn.dll
C:\Users\Bilmore\AppData\Local\Temp\dpxsynsd.dll
C:\Users\Bilmore\AppData\Local\Temp\EAInstall.dll
C:\Users\Bilmore\AppData\Local\Temp\eauninstall.exe
C:\Users\Bilmore\AppData\Local\Temp\fuut1lmy.dll
C:\Users\Bilmore\AppData\Local\Temp\gcs3qylv.dll
C:\Users\Bilmore\AppData\Local\Temp\ICReinstall_CamStudio.exe
C:\Users\Bilmore\AppData\Local\Temp\ies2taie.dll
C:\Users\Bilmore\AppData\Local\Temp\InstallManager_GEN_GEN.exe
C:\Users\Bilmore\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Bilmore\AppData\Local\Temp\iy81v3ir.dll
C:\Users\Bilmore\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Bilmore\AppData\Local\Temp\MFDesktopShellStatic_x64.dll
C:\Users\Bilmore\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Bilmore\AppData\Local\Temp\Nexus Mod Manager-0.61.13.exe
C:\Users\Bilmore\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
C:\Users\Bilmore\AppData\Local\Temp\Nexus Mod Manager-0.61.2.exe
C:\Users\Bilmore\AppData\Local\Temp\Nexus Mod Manager-0.61.9.exe
C:\Users\Bilmore\AppData\Local\Temp\Nexus%20Mod%20Manager-0.52.2.exe
C:\Users\Bilmore\AppData\Local\Temp\nub2gkjk.dll
C:\Users\Bilmore\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Bilmore\AppData\Local\Temp\nvStInst.exe
C:\Users\Bilmore\AppData\Local\Temp\oegee6cy.dll
C:\Users\Bilmore\AppData\Local\Temp\oi_{AE3FFB55-8108-466C-B292-48265476630B}.exe
C:\Users\Bilmore\AppData\Local\Temp\oi_{BA1BBAEB-16E6-4F59-808B-1B88BE66383B}.exe
C:\Users\Bilmore\AppData\Local\Temp\OpenComputersMod-1.3.1.516-native.64.dll
C:\Users\Bilmore\AppData\Local\Temp\OpenComputersMod-native.64.dll
C:\Users\Bilmore\AppData\Local\Temp\pbon8tqd.dll
C:\Users\Bilmore\AppData\Local\Temp\s7i-wk6n.dll
C:\Users\Bilmore\AppData\Local\Temp\setup.exe
C:\Users\Bilmore\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Bilmore\AppData\Local\Temp\slxrb176.dll
C:\Users\Bilmore\AppData\Local\Temp\sqlite3.dll
C:\Users\Bilmore\AppData\Local\Temp\SRLDetectionLibrary2557685650222879553.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite14051.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite16739.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite24671.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite25458.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite25519.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite34664.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite43059.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite43724.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite54376.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite54605.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite56771.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite59991.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite68169.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite70345.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite72665.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite87189.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLite90980.dll
C:\Users\Bilmore\AppData\Local\Temp\System.Data.SQLiteda319d1a-5c18-4848-b4f3-97bdc6c57590.dll
C:\Users\Bilmore\AppData\Local\Temp\The Lord of the Rings, The Rise of the Witch-king_uninst.exe
C:\Users\Bilmore\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Bilmore\AppData\Local\Temp\ubysgz72.dll
C:\Users\Bilmore\AppData\Local\Temp\UE4_SuggestedIDEInstaller.exe
C:\Users\Bilmore\AppData\Local\Temp\uphx1ei0.dll
C:\Users\Bilmore\AppData\Local\Temp\utt8431.tmp.exe
C:\Users\Bilmore\AppData\Local\Temp\xiflv57e.dll
C:\Users\Bilmore\AppData\Local\Temp\_isE777.exe
C:\Users\Bilmore\AppData\Local\Temp\{9B4918B4-1E20-439C-AD12-605A4C61A2D8}-20.0.1132.57_20.0.1132.47_chrome_updater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2012-06-18 15:14
 
==================== End of FRST.txt ============================

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 PM

Posted 22 March 2016 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs and features applet.

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.4.1 - Pando Networks Inc.)
Update for Foxtab (HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\FoxTab) (Version: - Update for Foxtab) <==== ATTENTION
YTD Toolbar v21.6 (HKLM-x32\...\{AD5267AB-5D67-4E93-B206-1BEC5ED2A93C}) (Version: 21.6 - Spigot, Inc.) <==== ATTENTION
YTD Video Downloader 5.2 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.2 - GreenTree Applications SRL) <==== ATTENTION
==

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-809334929-2000377688-2385556270-1000\...\Run: [UM] => C:\Users\Bilmore\AppData\Roaming\Update Manager\UM.EXE
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-809334929-2000377688-2385556270-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-809334929-2000377688-2385556270-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF user.js: detected! => C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\user.js [2016-03-19]
FF SearchPlugin: C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\searchplugins\bing-zugo.xml [2011-07-01]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-08-16]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\bbrs_002@blabbers.com [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\ffxtlbr@babylon.com [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\ffxtlbr@Facemoods.com [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\m3ffxtbr@mywebsearch.com [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\toolbar@ask.com [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93} [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F} [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{7e80e173-7e63-464e-8252-fe170b15c15a} [not found]
FF Extension: Start Page - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{a192bf54-089f-4325-ac25-7eafcd17a342}.xpi [2016-03-06]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{b7870b41-bfb3-44cd-8cc2-e392e51b0874} [not found]
FF Extension: No Name - C:\Users\Bilmore\AppData\Roaming\Mozilla\Firefox\Profiles\j1nia3oj.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [not found]
FF Extension: No Name - C:\Program Files (x86)\Object\facetheme [not found]
CHR HomePage: Profile 1 -> hxxp://www.palikan.com/?f=1&a=bfp_coinisrs_16_05&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0A0A0AzzyBzzyEtByDyCtN0D0Tzu0StCyEzyyDtN1L2XzutAtFtCyBtFzytFtDtN1L1Czu1BtBtN1L1G1B1V1N2Y1L1Qzu2StA0Fzzzz0C0AyB0AtGyCtDyC0EtGzztDtD0EtGtByB0E0FtGyEtD0F0DtCzytC0A0F0A0FtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtAyEyDyD0FyCzztGtCyEzy0DtGyEtDtCyEtG0ByE0D0DtGtC0C0CtC0AtAyBzy0E0D0C0F2QtN0A0LzutB&cr=1849604128&ir=
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
C:\Users\Bilmore\AppData\Roaming\Update Manager
Task: {6DDFA769-8006-4254-BCD7-C95989D6F30F} - System32\Tasks\Program Manager => C:\Program Files (x86)\Common Files\ProgramManager\ProgramManager.exe
Task: {83070F32-4CF3-456C-8076-B5C4C564623B} - \DealPlyUpdate -> No File <==== ATTENTION
Task: {BF305554-4A20-4246-A84F-00FA5CDE651E} - \Scheduled Update for Ask Toolbar -> No File <==== ATTENTION
C:\Program Files (x86)\Common Files\ProgramManager

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please let me know what problem persists with this computer.

#3 yosup7400

yosup7400
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:15 PM

Posted 22 March 2016 - 12:10 PM

Thank you! The adware is gone. However, I did not delete YTD, as it is a utility I use relatively often. The YTD toolbar has been deleted for ages. It just shows up in the programs list, but when I try to uninstall it from there, it says that the installation registry does not exist. 

 

Thank you for your help! 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 PM

Posted 22 March 2016 - 02:47 PM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:15 PM

Posted 27 March 2016 - 07:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users