Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help removing Search Engage program/Chrome extension


  • Please log in to reply
9 replies to this topic

#1 metalsonic88

metalsonic88

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 24 April 2016 - 12:42 AM

While attempting to install an autoclicker program, I misread part of the installation text and also installed an unwanted search "helper" program called Search Engage. It has hijacked Chrome, my default browser, and prevents me from changing my home page, resetting the search engine to anything besides itself, and has uninstalled the extensions I previously had downloaded. By following a guide I found online I thought I removed it, but after recently restarting my computer I found it was back and malignant as ever.

It is not listed in the programs list, so I cannot uninstall it that way. It is listed among my Chrome extensions, but where normally a trash can icon is that would allow me to delete it there is instead an icon of a building (or something?) and when clicked on it displays the text "Installed by enterprise policy."

 

I don't know if this helps at all, bu it is in fact listed in the Chrome Webstore here:
https://chrome.google.com/webstore/detail/search-engage/aaehjjlljhmigellkdidoapcgkjblhoc

Please let me know if there is any more information you need, or what steps I should begin with to uninstall this mistake.
Below is the FRST.txt log, and attached is the Addition.txt log. Thank you in advance.

 

---
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Reginald (administrator) on COMPUTATO (23-04-2016 23:22:20)
Running from C:\Users\Reginald\Downloads
Loaded Profiles: Reginald (Available Profiles: Reginald)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(BitTorrent Inc.) C:\Users\Reginald\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hammer & Chisel, Inc.) C:\Users\Reginald\AppData\Local\Discord\app-0.0.288\Discord.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(SplitCam Co.) C:\Program Files (x86)\SplitCam\SplitCamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hammer & Chisel, Inc.) C:\Users\Reginald\AppData\Local\Discord\app-0.0.288\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Reginald\AppData\Local\Discord\app-0.0.288\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Reginald\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [VerizonCloud] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-03-04] (SUPERAntiSpyware)
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [HLBackupScheduler] => "C:\Program Files\Verizon Cloud\Verizon Cloud Service.exe"
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [uTorrent] => C:\Users\Reginald\AppData\Roaming\uTorrent\uTorrent.exe [1126480 2014-12-07] (BitTorrent Inc.)
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [SynchronossPC] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [Discord] => C:\Users\Reginald\AppData\Local\Discord\app-0.0.288\Discord.exe [53430456 2016-04-22] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\MountPoints2: {667f05bd-7de5-11e4-a8b8-fcaa1429c893} - G:\setup\autorun.exe
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\MountPoints2: {ad1a0ae7-e3ee-11e4-95a7-fcaa1429c893} - F:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\MountPoints2: {ad1a0afb-e3ee-11e4-95a7-fcaa1429c893} - F:\TL-Bootstrap.exe
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
CHR HKU\S-1-5-21-131321474-2350475203-3552042591-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-131321474-2350475203-3552042591-1000] => 127.0.0.1:9666
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{B36AFCF9-3ABC-4529-98B1-CE759D9FF85E}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchengage.com/?pub=2009
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-131321474-2350475203-3552042591-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Toolbar: HKLM - BitCro Social 10.0.0 - {B81BF46A-B455-48FB-A81B-40DFFF66786F} - C:\Users\Reginald\AppData\Local\Microsoft\Internet Explorer\bitcro64.dll [2016-04-23] (Bit-cro Ltd.)
Toolbar: HKLM-x32 - BitCro Social 10.0.0 - {B81BF46A-B455-48FB-A81B-40DFFF66786F} - C:\Users\Reginald\AppData\Local\Microsoft\Internet Explorer\bitcro.dll [2016-04-23] (Bit-cro Ltd.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-06-09] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-131321474-2350475203-3552042591-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://searchengage.com/?pub=2009
CHR StartupUrls: Default -> "hxxp://searchengage.com/?pub=2009"
CHR DefaultSearchURL: Default -> hxxp://search.bitcro.com/results.php?pub=2009&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchengage.com
CHR Profile: C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Search Engage) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc [2016-04-23]
CHR Extension: (Google Slides) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-23]
CHR Extension: (Google Docs) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-23]
CHR Extension: (Google Drive) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-23]
CHR Extension: (YouTube) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-23]
CHR Extension: (Google Sheets) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-23]
CHR Extension: (Google Docs Offline) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
CHR Extension: (Gmail) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-23]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [384512 2015-08-18] (Apple Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [312616 2015-11-03] (SplitCam Co.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [134656 2015-07-09] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 acdev32; C:\Windows\System32\cmd.exe /c start C:\Windows\system32\acdev32.exe
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-03-10] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2016-04-19] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2015-08-06] (Windows ® Win 7 DDK provider)
R3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37088 2015-10-15] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] ()
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-08-12] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.)
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 MFE_RR; \??\C:\Users\Reginald\AppData\Local\Temp\mfe_rr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-12-00 31664:840 - 1653-08-07 21:02 - 00166808 _____ C:\Windows\SysWOW64\acdev32.exe
2016-04-23 23:22 - 2016-04-23 23:22 - 00022161 _____ C:\Users\Reginald\Downloads\FRST.txt
2016-04-23 23:22 - 2016-04-23 23:22 - 00000000 ____D C:\FRST
2016-04-23 23:21 - 2016-04-23 23:21 - 02375680 _____ (Farbar) C:\Users\Reginald\Downloads\FRST64 (1).exe
2016-04-23 13:05 - 2016-04-23 13:05 - 00000735 _____ C:\Users\Reginald\Desktop\Search.lnk
2016-04-20 01:22 - 2016-04-20 01:23 - 2526155204 _____ C:\Users\Reginald\Downloads\ANIME NITE 2016-04-18-1900-49.zip
2016-04-19 17:20 - 2016-04-19 17:20 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\3909
2016-04-19 16:54 - 2016-04-19 16:54 - 00049584 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-04-19 16:53 - 2016-04-19 16:53 - 11441744 _____ (SurfRight B.V.) C:\Users\Reginald\Downloads\hitmanpro_x64.exe
2016-04-19 16:14 - 2016-04-19 16:14 - 00004101 _____ C:\Users\Reginald\Desktop\JRT.txt
2016-04-19 16:05 - 2016-04-19 16:57 - 00000000 ____D C:\AdwCleaner
2016-04-19 16:05 - 2016-04-19 16:05 - 03683904 _____ C:\Users\Reginald\Downloads\AdwCleaner.exe
2016-04-19 15:58 - 2016-04-23 14:35 - 00000560 __RSH C:\Users\Reginald\ntuser.pol
2016-04-19 15:53 - 2016-04-19 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Mouse Auto Clicker
2016-04-19 15:53 - 2016-04-19 15:53 - 00000000 ____D C:\Program Files (x86)\Free Mouse Auto Clicker
2016-04-19 15:52 - 2016-04-19 15:52 - 00537059 _____ (Advanced Mouse Auto Clicker ltd. ) C:\Users\Reginald\Downloads\FreeMouseAutoClickerSetupNew.exe
2016-04-17 00:11 - 2016-03-21 14:01 - 00109632 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-04-17 00:11 - 2016-03-21 14:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-04-17 00:11 - 2016-03-21 14:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-04-17 00:07 - 2016-04-19 15:12 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\Auto Clicker
2016-04-17 00:06 - 2016-04-17 00:06 - 00845000 _____ (MurGee.com ) C:\Users\Reginald\Downloads\setup (2).exe
2016-04-14 13:02 - 2016-04-14 13:02 - 00000000 ____D C:\Users\Reginald\AppData\LocalLow\SquareEnix
2016-04-14 02:12 - 2016-04-14 02:13 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\SplitCam
2016-04-14 02:11 - 2016-04-14 02:12 - 00000000 ____D C:\Program Files (x86)\SplitCam
2016-04-14 02:10 - 2016-04-14 02:10 - 100389904 _____ (SplitCam Co.) C:\Users\Reginald\Downloads\SplitCamSetup.exe
2016-04-14 02:09 - 2016-04-14 02:09 - 01522688 _____ C:\Users\Reginald\Downloads\FalseCamera.exe
2016-04-14 01:18 - 2016-04-14 01:18 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-14 01:18 - 2016-04-14 01:18 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-13 00:46 - 2016-04-13 00:51 - 151753368 _____ C:\Users\Reginald\Downloads\My dog harasses me in order to lick my pussy.flv
2016-04-12 15:06 - 2016-04-12 15:06 - 00494182 _____ C:\Users\Reginald\Downloads\pksvui_pkg2-1-1.zip
2016-04-12 15:06 - 2016-04-12 15:06 - 00000000 ____D C:\Users\Reginald\Downloads\pksvui_pkg2-1-1
2016-04-12 14:14 - 2016-03-31 13:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-12 14:14 - 2016-03-31 12:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-12 14:14 - 2016-03-30 18:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-12 14:14 - 2016-03-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-12 14:14 - 2016-03-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-12 14:14 - 2016-03-30 18:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-12 14:14 - 2016-03-30 18:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-12 14:14 - 2016-03-30 18:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-12 14:14 - 2016-03-30 18:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-12 14:14 - 2016-03-30 18:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-12 14:14 - 2016-03-30 18:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-12 14:14 - 2016-03-30 18:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-12 14:14 - 2016-03-30 18:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-12 14:14 - 2016-03-30 18:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-12 14:14 - 2016-03-30 18:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-12 14:14 - 2016-03-30 18:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-12 14:14 - 2016-03-30 18:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-12 14:14 - 2016-03-30 18:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-12 14:14 - 2016-03-30 18:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-12 14:14 - 2016-03-30 18:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-12 14:14 - 2016-03-30 18:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-12 14:14 - 2016-03-30 18:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-12 14:14 - 2016-03-30 18:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-12 14:14 - 2016-03-30 18:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-12 14:14 - 2016-03-30 17:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-12 14:14 - 2016-03-30 17:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-12 14:14 - 2016-03-30 17:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-12 14:14 - 2016-03-30 17:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-12 14:14 - 2016-03-30 17:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-12 14:14 - 2016-03-30 17:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-12 14:14 - 2016-03-30 17:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-12 14:14 - 2016-03-30 17:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-12 14:14 - 2016-03-30 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-12 14:14 - 2016-03-30 17:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-12 14:14 - 2016-03-30 17:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-12 14:14 - 2016-03-30 17:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-12 14:14 - 2016-03-30 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-12 14:14 - 2016-03-30 17:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-12 14:14 - 2016-03-30 17:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-12 14:14 - 2016-03-30 17:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-12 14:14 - 2016-03-30 17:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-12 14:14 - 2016-03-30 17:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-12 14:14 - 2016-03-30 17:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-12 14:14 - 2016-03-30 17:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-12 14:14 - 2016-03-30 17:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-12 14:14 - 2016-03-30 17:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-12 14:14 - 2016-03-30 17:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-12 14:14 - 2016-03-30 17:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-12 14:14 - 2016-03-30 17:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-12 14:14 - 2016-03-30 17:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-12 14:14 - 2016-03-30 17:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-12 14:14 - 2016-03-30 17:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-12 14:14 - 2016-03-30 17:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-12 14:14 - 2016-03-30 17:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-12 14:14 - 2016-03-30 17:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-12 14:14 - 2016-03-30 17:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-12 14:14 - 2016-03-30 17:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-12 14:14 - 2016-03-30 17:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-12 14:14 - 2016-03-30 17:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-12 14:14 - 2016-03-30 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-12 14:14 - 2016-03-30 17:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-12 14:14 - 2016-03-30 17:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-12 14:14 - 2016-03-30 17:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-12 14:14 - 2016-03-30 17:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-12 14:14 - 2016-03-30 17:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-12 14:14 - 2016-03-30 17:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-12 14:06 - 2016-04-04 12:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-12 14:06 - 2016-04-04 12:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-12 14:06 - 2016-04-02 07:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-12 14:06 - 2016-03-23 08:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-12 14:06 - 2016-03-17 12:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-12 14:06 - 2016-03-17 12:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-12 14:06 - 2016-03-17 12:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-12 14:06 - 2016-03-17 12:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-12 14:06 - 2016-03-06 12:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 14:06 - 2016-03-06 12:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-12 14:06 - 2016-03-06 12:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-12 14:06 - 2016-03-06 12:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 14:01 - 2016-03-17 17:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 14:01 - 2016-03-17 17:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-12 14:01 - 2016-03-17 17:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-12 14:01 - 2016-03-17 17:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-12 14:01 - 2016-03-17 17:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-12 14:01 - 2016-03-17 17:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-12 14:01 - 2016-03-17 16:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-12 14:01 - 2016-03-17 16:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-12 14:01 - 2016-03-17 16:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-12 14:01 - 2016-03-17 16:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-12 14:01 - 2016-03-17 16:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-12 14:01 - 2016-03-17 16:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-12 14:01 - 2016-03-17 16:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-12 14:01 - 2016-03-17 16:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-12 14:01 - 2016-03-17 16:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 14:01 - 2016-03-17 16:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-12 14:01 - 2016-03-17 16:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-12 14:01 - 2016-03-17 16:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-12 14:01 - 2016-03-17 16:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 14:01 - 2016-03-17 16:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-12 14:01 - 2016-03-17 16:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 14:01 - 2016-03-17 16:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-12 14:01 - 2016-03-17 16:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-12 14:01 - 2016-03-17 16:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-12 14:01 - 2016-03-17 16:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-12 14:01 - 2016-03-17 16:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-12 14:01 - 2016-03-17 16:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-12 14:01 - 2016-03-17 16:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-12 14:01 - 2016-03-17 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-12 14:01 - 2016-03-17 16:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-12 14:01 - 2016-03-17 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-12 14:01 - 2016-03-17 16:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-12 14:01 - 2016-03-17 16:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-12 14:01 - 2016-03-17 16:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-12 14:01 - 2016-03-17 16:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-12 14:01 - 2016-03-17 16:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-12 14:01 - 2016-03-17 16:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-12 14:01 - 2016-03-17 16:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-12 14:01 - 2016-03-17 16:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-12 14:01 - 2016-03-17 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-12 14:01 - 2016-03-17 16:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-12 14:01 - 2016-03-17 16:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 15:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-12 14:01 - 2016-03-17 15:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-12 14:01 - 2016-03-17 15:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-12 14:01 - 2016-03-17 15:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-12 14:01 - 2016-03-17 15:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-12 14:01 - 2016-03-17 15:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-12 14:01 - 2016-03-17 15:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-12 14:01 - 2016-03-17 15:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-12 14:01 - 2016-03-17 15:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-12 14:01 - 2016-03-17 15:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-12 14:01 - 2016-03-17 15:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-12 14:01 - 2016-03-17 15:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-12 14:01 - 2016-03-17 15:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-12 14:01 - 2016-03-17 15:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-12 14:01 - 2016-03-17 15:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-12 14:01 - 2016-03-17 15:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-12 14:01 - 2016-03-17 15:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-12 14:01 - 2016-03-17 15:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 15:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 15:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 15:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-12 14:01 - 2016-03-16 12:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 14:01 - 2016-03-16 12:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-12 14:01 - 2016-03-16 12:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-12 14:01 - 2016-03-15 18:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 14:01 - 2016-03-15 18:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 14:01 - 2016-03-15 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-12 14:00 - 2016-03-29 11:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-12 14:00 - 2016-03-11 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-12 14:00 - 2016-03-11 12:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-12 02:10 - 2016-04-12 02:12 - 2723695953 _____ C:\Users\Reginald\Downloads\2016-04-04-1902-17.zip
2016-04-10 03:02 - 2016-04-10 03:03 - 15432864 _____ (ManyCam LLC) C:\Users\Reginald\Downloads\2.6.1_manycam_2.6.1.exe
2016-04-10 02:46 - 2016-04-10 02:54 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\obs-studio
2016-04-10 02:44 - 2016-04-10 02:44 - 00001198 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-04-10 02:44 - 2016-04-10 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-04-10 02:44 - 2016-04-10 02:44 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-04-10 02:42 - 2016-04-10 02:42 - 36203480 _____ C:\Users\Reginald\Downloads\OBS-Studio-0.13.4-Installer.exe
2016-04-10 02:26 - 2016-04-14 00:31 - 00000000 ____D C:\ProgramData\Temp
2016-04-10 02:26 - 2012-10-10 21:08 - 00044928 _____ (ManyCam LLC) C:\Windows\system32\Drivers\mcvidrv_x64.sys
2016-04-10 00:04 - 2016-04-10 00:12 - 193937904 _____ C:\Users\Reginald\Downloads\animo3.mp4
2016-04-10 00:04 - 2016-04-10 00:11 - 100804996 _____ C:\Users\Reginald\Downloads\animo2.mp4
2016-04-10 00:03 - 2016-04-10 00:03 - 42505511 _____ C:\Users\Reginald\Downloads\animo1.mp4
2016-04-03 14:28 - 2016-04-03 14:28 - 00131072 _____ C:\Users\Reginald\Desktop\Pokemon - Emerald Version (USA, Europe).SaveRAM.bak
2016-04-03 14:25 - 2016-04-03 14:25 - 00131072 _____ C:\Users\Reginald\Downloads\Pspjunkie420PokemonEmerald(1).sav
2016-04-03 14:24 - 2016-04-04 14:01 - 00131072 _____ C:\Users\Reginald\Desktop\Pokemon - Emerald Version (USA, Europe).SaveRAM
2016-04-02 23:19 - 2016-04-02 23:20 - 00000000 ____D C:\Users\Reginald\Downloads\AdvanceMap
2016-04-02 23:19 - 2016-04-02 23:19 - 00961473 _____ C:\Users\Reginald\Downloads\am1.95.zip
2016-04-02 03:44 - 2016-04-02 03:46 - 00000000 ____D C:\Users\Reginald\Downloads\GilvaSunner - GilvaSunner's Highest Quality Video Game Rips- Volume 1 (FLAC)
2016-04-02 02:36 - 2016-04-02 02:38 - 546687274 _____ C:\Users\Reginald\Downloads\GilvaSunner - GilvaSunner's Highest Quality Video Game Rips- Volume 1 (FLAC).zip
2016-04-01 22:09 - 2016-04-01 23:05 - 00000000 ____D C:\Users\Reginald\Downloads\BizHawk-1.11.6
2016-04-01 22:08 - 2016-04-01 22:09 - 23261066 _____ C:\Users\Reginald\Downloads\BizHawk-1.11.6.zip
2016-04-01 22:00 - 2016-04-01 22:00 - 00039423 _____ C:\Users\Reginald\Downloads\PokeBot-GenerationIII-master.zip
2016-03-31 00:14 - 2016-03-31 00:15 - 2788916038 _____ C:\Users\Reginald\Downloads\ANIME NITE 2016-03-28-1902-36.zip
2016-03-29 12:12 - 2016-03-29 12:12 - 00032583 _____ C:\Users\Reginald\Downloads\gccx137.torrent
2016-03-29 01:36 - 2016-03-29 01:36 - 00027248 _____ C:\Users\Reginald\Downloads\Game Center CX - The People In My Head.torrent
2016-03-29 01:34 - 2016-03-29 01:34 - 00042373 _____ C:\Users\Reginald\Downloads\gccx vietnam special.torrent
2016-03-29 01:32 - 2016-03-29 01:32 - 00016589 _____ C:\Users\Reginald\Downloads\Game Center CX DVD Bonus Episodes.torrent
2016-03-29 01:31 - 2016-03-29 01:31 - 00013705 _____ C:\Users\Reginald\Downloads\Game Center CX - 178 - Mega Man X (Part 1) 60fps [SAGCCX].mp4.torrent
2016-03-29 01:31 - 2016-03-29 01:31 - 00011625 _____ C:\Users\Reginald\Downloads\Game Center CX - 179 - Mega Man X (Part 2) 60fps [SAGCCX].mp4.torrent
2016-03-29 01:30 - 2016-03-29 01:30 - 00039822 _____ C:\Users\Reginald\Downloads\Game Center CX 175 - Nosferatu.torrent
2016-03-29 01:30 - 2016-03-29 01:30 - 00022002 _____ C:\Users\Reginald\Downloads\Game Center CX 176 - Nosferatu.torrent
2016-03-29 01:29 - 2016-03-29 01:29 - 00021192 _____ C:\Users\Reginald\Downloads\Game Center CX Season 13.torrent
2016-03-29 01:29 - 2016-03-29 01:29 - 00016420 _____ C:\Users\Reginald\Downloads\Game Center CX Season 14.torrent
2016-03-29 01:28 - 2016-03-29 01:28 - 00033706 _____ C:\Users\Reginald\Downloads\golgo.torrent
2016-03-29 01:28 - 2016-03-29 01:28 - 00014049 _____ C:\Users\Reginald\Downloads\Game Center CX Season 12.torrent
2016-03-29 01:27 - 2016-03-29 01:27 - 00019051 _____ C:\Users\Reginald\Downloads\Game Center CX Season 02.torrent
2016-03-29 01:27 - 2016-03-29 01:27 - 00017654 _____ C:\Users\Reginald\Downloads\Game Center CX Season 06.torrent
2016-03-29 01:26 - 2016-03-29 01:26 - 00014308 _____ C:\Users\Reginald\Downloads\Game Center CX Season 05.torrent
2016-03-29 01:25 - 2016-03-29 01:25 - 00020622 _____ C:\Users\Reginald\Downloads\Game Center CX Season 08.torrent
2016-03-29 01:25 - 2016-03-29 01:25 - 00013118 _____ C:\Users\Reginald\Downloads\Game Center CX Season 07.torrent
2016-03-29 01:25 - 2016-03-29 01:25 - 00012045 _____ C:\Users\Reginald\Downloads\[Clover]_Game_Center_CX_-_80_[B38F6AF1].mkv.torrent
2016-03-29 01:24 - 2016-03-29 01:24 - 00013115 _____ C:\Users\Reginald\Downloads\Game Center CX - 184 - Super Mario Land [SAGCCX].mp4.torrent
2016-03-29 01:22 - 2016-03-29 01:22 - 00013705 _____ C:\Users\Reginald\Downloads\Game Center CX Season 16.torrent
2016-03-29 01:20 - 2016-03-29 01:20 - 00029125 _____ C:\Users\Reginald\Downloads\198.torrent
2016-03-29 01:19 - 2016-03-29 01:19 - 00031125 _____ C:\Users\Reginald\Downloads\gccx197.torrent
2016-03-27 14:53 - 2016-03-27 14:55 - 00000839 _____ C:\Users\Reginald\Desktop\lemmings.txt
2016-03-27 10:31 - 2016-02-02 12:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-03-27 10:31 - 2016-02-01 13:08 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-27 10:31 - 2016-02-01 12:59 - 03243008 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-03-27 10:31 - 2016-02-01 12:59 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-03-27 10:31 - 2016-02-01 12:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-03-27 10:31 - 2016-02-01 12:56 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-27 10:31 - 2016-02-01 12:56 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-27 10:31 - 2016-02-01 12:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-03-27 10:31 - 2016-02-01 12:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-03-27 10:31 - 2016-02-01 12:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-03-27 10:31 - 2016-02-01 12:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-03-27 10:31 - 2016-01-20 18:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-03-27 10:29 - 2016-02-05 12:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-03-27 10:29 - 2016-02-05 12:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-03-27 10:29 - 2016-02-05 11:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-03-27 10:29 - 2015-06-03 14:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-03-27 10:18 - 2016-03-27 10:19 - 11840839 _____ C:\Users\Reginald\Downloads\Windows6.1-KB2670838-x64.msu
2016-03-27 01:41 - 2016-03-27 01:41 - 00012599 _____ C:\Users\Reginald\Downloads\Game Center CX Nintendo Channel Episodes.torrent
2016-03-26 00:13 - 2016-03-26 00:13 - 00019880 _____ C:\Users\Reginald\Downloads\Game Center CX - 181 - Gunstar Heroes [SAGCCX].mp4.torrent
2016-03-24 21:07 - 2016-03-24 21:09 - 2669971685 _____ C:\Users\Reginald\Downloads\ANIME NITE 2016-03-21-1900-59.zip
2016-03-24 12:31 - 2016-04-18 03:04 - 00001534 _____ C:\Users\Reginald\Desktop\flint stones.txt
2016-03-24 05:14 - 2016-03-24 05:14 - 00027079 _____ C:\Users\Reginald\Downloads\gccx199.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-23 23:23 - 2014-12-07 15:26 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\uTorrent
2016-04-23 23:10 - 2014-12-06 20:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-23 23:02 - 2009-07-13 22:45 - 00034608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-23 23:02 - 2009-07-13 22:45 - 00034608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-23 14:35 - 2014-12-06 19:44 - 00000000 ____D C:\Users\Reginald
2016-04-23 13:43 - 2014-12-06 21:40 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-23 13:09 - 2015-04-16 15:15 - 00000000 ____D C:\Users\Reginald\AppData\Local\HTC MediaHub
2016-04-23 13:04 - 2016-01-15 01:20 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\discord
2016-04-23 13:03 - 2016-01-14 14:14 - 00000000 ___RD C:\Users\Reginald\Verizon Cloud Sync
2016-04-23 13:01 - 2014-12-06 20:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-23 13:00 - 2014-12-06 20:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-23 13:00 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-22 15:03 - 2016-01-15 01:20 - 00002176 _____ C:\Users\Reginald\Desktop\Discord.lnk
2016-04-22 15:03 - 2016-01-15 01:20 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-22 15:03 - 2016-01-15 01:20 - 00000000 ____D C:\Users\Reginald\AppData\Local\Discord
2016-04-22 15:02 - 2016-01-15 01:20 - 00000000 ____D C:\Users\Reginald\AppData\Local\SquirrelTemp
2016-04-19 16:06 - 2014-12-09 20:06 - 01610352 _____ (Malwarebytes) C:\Users\Reginald\Downloads\JRT.exe
2016-04-19 15:58 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-04-17 00:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-04-17 00:12 - 2014-12-06 20:40 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-04-17 00:10 - 2014-12-10 11:37 - 00000000 ____D C:\Users\Reginald\AppData\Local\CrashDumps
2016-04-14 01:18 - 2015-06-09 12:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-14 01:18 - 2014-12-07 20:05 - 00000000 ____D C:\Users\Reginald\AppData\Local\Adobe
2016-04-13 05:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-04-13 04:58 - 2014-12-11 15:39 - 00000000 ____D C:\Users\Reginald\AppData\Local\ElevatedDiagnostics
2016-04-13 03:49 - 2014-12-11 19:26 - 00502590 _____ C:\Windows\system32\perfh006.dat
2016-04-13 03:49 - 2014-12-11 19:26 - 00099898 _____ C:\Windows\system32\perfc006.dat
2016-04-13 03:49 - 2014-12-11 18:56 - 00391518 _____ C:\Windows\system32\prfh0404.dat
2016-04-13 03:49 - 2014-12-11 18:56 - 00116330 _____ C:\Windows\system32\prfc0404.dat
2016-04-13 03:49 - 2014-12-11 18:35 - 00707056 _____ C:\Windows\system32\prfh0416.dat
2016-04-13 03:49 - 2014-12-11 18:35 - 00148896 _____ C:\Windows\system32\prfc0416.dat
2016-04-13 03:49 - 2014-12-11 18:20 - 00722194 _____ C:\Windows\system32\prfh0816.dat
2016-04-13 03:49 - 2014-12-11 18:20 - 00154146 _____ C:\Windows\system32\prfc0816.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00733534 _____ C:\Windows\system32\perfh015.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00717776 _____ C:\Windows\system32\perfh019.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00649858 _____ C:\Windows\system32\perfh01F.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00600164 _____ C:\Windows\system32\perfh008.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00487690 _____ C:\Windows\system32\perfh014.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00374346 _____ C:\Windows\system32\prfh0804.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00157112 _____ C:\Windows\system32\perfc015.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00152082 _____ C:\Windows\system32\perfc019.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00141240 _____ C:\Windows\system32\perfc01F.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00120832 _____ C:\Windows\system32\prfc0804.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00112368 _____ C:\Windows\system32\perfc008.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00096644 _____ C:\Windows\system32\perfc014.dat
2016-04-13 03:49 - 2014-12-11 08:17 - 00656896 _____ C:\Windows\system32\perfh01D.dat
2016-04-13 03:49 - 2014-12-11 08:17 - 00143714 _____ C:\Windows\system32\perfc01D.dat
2016-04-13 03:49 - 2014-12-11 08:10 - 00421600 _____ C:\Windows\system32\perfh012.dat
2016-04-13 03:49 - 2014-12-11 08:10 - 00121624 _____ C:\Windows\system32\perfc012.dat
2016-04-13 03:49 - 2014-12-11 08:03 - 00662016 _____ C:\Windows\system32\perfh005.dat
2016-04-13 03:49 - 2014-12-11 08:03 - 00142666 _____ C:\Windows\system32\perfc005.dat
2016-04-13 03:49 - 2014-12-11 07:44 - 00736674 _____ C:\Windows\system32\perfh013.dat
2016-04-13 03:49 - 2014-12-11 07:44 - 00154342 _____ C:\Windows\system32\perfc013.dat
2016-04-13 03:49 - 2014-12-11 07:33 - 00474678 _____ C:\Windows\system32\perfh00B.dat
2016-04-13 03:49 - 2014-12-11 07:33 - 00102760 _____ C:\Windows\system32\perfc00B.dat
2016-04-13 03:49 - 2014-12-11 07:27 - 00676930 _____ C:\Windows\system32\perfh00E.dat
2016-04-13 03:49 - 2014-12-11 07:27 - 00172514 _____ C:\Windows\system32\perfc00E.dat
2016-04-13 03:49 - 2014-12-11 07:17 - 00738632 _____ C:\Windows\system32\perfh00A.dat
2016-04-13 03:49 - 2014-12-11 07:17 - 00159714 _____ C:\Windows\system32\perfc00A.dat
2016-04-13 03:49 - 2014-12-11 07:11 - 00385520 _____ C:\Windows\system32\perfh00D.dat
2016-04-13 03:49 - 2014-12-11 07:11 - 00085998 _____ C:\Windows\system32\perfc00D.dat
2016-04-13 03:49 - 2014-12-11 07:00 - 00733222 _____ C:\Windows\system32\perfh010.dat
2016-04-13 03:49 - 2014-12-11 07:00 - 00148086 _____ C:\Windows\system32\perfc010.dat
2016-04-13 03:49 - 2014-12-11 06:55 - 00738892 _____ C:\Windows\system32\perfh00C.dat
2016-04-13 03:49 - 2014-12-11 06:55 - 00472190 _____ C:\Windows\system32\perfh001.dat
2016-04-13 03:49 - 2014-12-11 06:55 - 00150820 _____ C:\Windows\system32\perfc00C.dat
2016-04-13 03:49 - 2014-12-11 06:55 - 00096012 _____ C:\Windows\system32\perfc001.dat
2016-04-13 03:49 - 2014-12-09 11:53 - 00690384 _____ C:\Windows\system32\perfh007.dat
2016-04-13 03:49 - 2014-12-09 11:53 - 00150356 _____ C:\Windows\system32\perfc007.dat
2016-04-13 03:49 - 2014-12-07 01:05 - 00420140 _____ C:\Windows\system32\perfh011.dat
2016-04-13 03:49 - 2014-12-07 01:05 - 00123552 _____ C:\Windows\system32\perfc011.dat
2016-04-13 03:49 - 2009-07-13 23:13 - 17444788 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-13 03:40 - 2009-07-13 22:45 - 00295792 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 03:35 - 2015-04-15 03:28 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-04-13 03:15 - 2014-12-06 22:17 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 03:06 - 2014-12-06 22:17 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-11 18:16 - 2014-12-06 20:01 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 18:16 - 2014-12-06 20:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-06 10:18 - 2010-11-20 21:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-05 23:23 - 2014-12-15 17:45 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\MusicBee
2016-04-05 21:58 - 2015-03-19 13:08 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\MPC-HC
2016-04-03 12:58 - 2015-09-17 05:53 - 00000000 ____D C:\Users\Reginald\Documents\Visual Studio 2015
2016-04-02 22:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\ModemLogs
2016-04-01 01:58 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-29 19:06 - 2014-12-11 20:08 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-03-29 19:06 - 2014-12-06 20:39 - 01373680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-03-29 19:05 - 2015-11-30 12:18 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-03-29 19:05 - 2014-12-11 20:08 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-03-29 19:05 - 2014-12-06 20:39 - 01767248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-03-27 02:13 - 2014-12-23 12:00 - 00000000 ____D C:\Users\Reginald\Desktop\Torrent Temp
2016-03-26 21:43 - 2016-01-12 13:18 - 00000000 ____D C:\Users\Reginald\Desktop\SNES9x v1.53-1240
2016-03-25 03:02 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-25 03:02 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX
 
Some files in TEMP:
====================
C:\Users\Reginald\AppData\Local\Temp\libeay32.dll
C:\Users\Reginald\AppData\Local\Temp\msvcr120.dll
C:\Users\Reginald\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-18 00:44
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 24 April 2016 - 09:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

Toolbar: HKLM - BitCro Social 10.0.0 - {B81BF46A-B455-48FB-A81B-40DFFF66786F} - C:\Users\Reginald\AppData\Local\Microsoft\Internet Explorer\bitcro64.dll [2016-04-23] (Bit-cro Ltd.)
Toolbar: HKLM-x32 - BitCro Social 10.0.0 - {B81BF46A-B455-48FB-A81B-40DFFF66786F} - C:\Users\Reginald\AppData\Local\Microsoft\Internet Explorer\bitcro.dll [2016-04-23] (Bit-cro Ltd.)
CHR HKU\S-1-5-21-131321474-2350475203-3552042591-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-131321474-2350475203-3552042591-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR HomePage: Default -> hxxp://searchengage.com/?pub=2009
CHR StartupUrls: Default -> "hxxp://searchengage.com/?pub=2009"
CHR DefaultSearchURL: Default -> hxxp://search.bitcro.com/results.php?pub=2009&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchengage.com
CHR Extension: (Search Engage) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc [2016-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
S2 acdev32; C:\Windows\System32\cmd.exe /c start C:\Windows\system32\acdev32.exe
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 MFE_RR; \??\C:\Users\Reginald\AppData\Local\Temp\mfe_rr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Reginald\AppData\Local\Microsoft\Internet Explorer\bitcro64.dll
C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc
C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Please post the log, post also the Addition.txt file.
You last attempt was inclomplete.

#3 metalsonic88

metalsonic88
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 24 April 2016 - 01:30 PM

After following the steps above the Search Engage extension seems broken, but is still present in Chrome and still unable to be removed like normal extensions. Opening Chrome attempts to open the Search Engage page but instead gives an error that the File was Not Found. I have not attempted to change my default search engine, reset my homepage, or take any other steps beyond the observations I've listed. Following this will be posted the Fixlog and the ADW log. Attached, hopefully correctly this time, will be the addition log.

--
 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Reginald (2016-04-24 11:55:11) Run:1
Running from C:\Users\Reginald\Downloads
Loaded Profiles: Reginald (Available Profiles: Reginald)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
Toolbar: HKLM - BitCro Social 10.0.0 - {B81BF46A-B455-48FB-A81B-40DFFF66786F} - C:\Users\Reginald\AppData\Local\Microsoft\Internet Explorer\bitcro64.dll [2016-04-23] (Bit-cro Ltd.)
Toolbar: HKLM-x32 - BitCro Social 10.0.0 - {B81BF46A-B455-48FB-A81B-40DFFF66786F} - C:\Users\Reginald\AppData\Local\Microsoft\Internet Explorer\bitcro.dll [2016-04-23] (Bit-cro Ltd.)
CHR HKU\S-1-5-21-131321474-2350475203-3552042591-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin HKU\S-1-5-21-131321474-2350475203-3552042591-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR HomePage: Default -> hxxp://searchengage.com/?pub=2009
CHR StartupUrls: Default -> "hxxp://searchengage.com/?pub=2009"
CHR DefaultSearchURL: Default -> hxxp://search.bitcro.com/results.php?pub=2009&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchengage.com
CHR Extension: (Search Engage) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc [2016-04-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-23]
S2 acdev32; C:\Windows\System32\cmd.exe /c start C:\Windows\system32\acdev32.exe
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 MFE_RR; \??\C:\Users\Reginald\AppData\Local\Temp\mfe_rr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Reginald\AppData\Local\Microsoft\Internet Explorer\bitcro64.dll
C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc
C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B81BF46A-B455-48FB-A81B-40DFFF66786F} => value removed successfully
"HKCR\CLSID\{B81BF46A-B455-48FB-A81B-40DFFF66786F}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B81BF46A-B455-48FB-A81B-40DFFF66786F} => value removed successfully
"HKCR\Wow6432Node\CLSID\{B81BF46A-B455-48FB-A81B-40DFFF66786F}" => key removed successfully
"HKU\S-1-5-21-131321474-2350475203-3552042591-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKU\S-1-5-21-131321474-2350475203-3552042591-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => key removed successfully
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => not found.
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc => moved successfully
C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
acdev32 => service removed successfully
cleanhlp => service removed successfully
MFE_RR => service removed successfully
VGPU => service removed successfully
C:\Users\Reginald\AppData\Local\Microsoft\Internet Explorer\bitcro64.dll => moved successfully
"C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc" => not found.
"C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
EmptyTemp: => 1.4 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:57:42 ====

--

# AdwCleaner v5.112 - Logfile created 24/04/2016 at 12:09:42
# Updated 17/04/2016 by Xplode
# Database : 2016-04-24.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Reginald - COMPUTATO
# Running from : C:\Users\Reginald\Desktop\adwcleaner_5.112.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
[-] Shortcut Disinfected : C:\Users\Reginald\Desktop\Search.lnk
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-131321474-2350475203-3552042591-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C3].txt - [983 bytes] - [24/04/2016 12:09:43]
C:\AdwCleaner\AdwCleaner[S3].txt - [1143 bytes] - [24/04/2016 12:05:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1128 bytes] ##########
 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 25 April 2016 - 07:02 AM

Did you Reset Chrome as I have suggested?
Do you Sync your files/settings with the Chrome server?
===

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

When the scan is completed please restart the computer normally.

Run the Farbar tool one more time.
Make sure the the box to create an Addition.txt file is checked. This will create a new Addition.txt file.

Please post the logs for my review.

#5 metalsonic88

metalsonic88
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 26 April 2016 - 12:13 AM

I did reset Chrome using the instructions you provided.
I do not know if I sync my files/settings with the Chrome server. If I do, it is not on purpose.

Chrome and the extension do not seem to have changed since my last post. File not Found still shows up upon opening a new tab, Search Engage still displays the enterprise policy information rather than give a remove option, etc.

 

Following are the logs generated by Combofix, then FRST, and attached is the new Addition log.

--
 

ComboFix 16-04-22.01 - Reginald 5/2016 Mon  19:07:58.1.6 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.932.81.1033.18.24541.20301 [GMT -6:00]
Running from: c:\users\Reginald\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\ntuser.pol
c:\users\Reginald\AppData\Local\Microsoft\Internet Explorer\bitcro.dll
c:\users\Reginald\Desktop\Search.lnk
c:\windows\apppatch\AppLoc.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\msdownld.tmp
c:\windows\SysWow64\SET81C4.tmp
c:\windows\SysWow64\SET8A60.tmp
c:\windows\SysWow64\SET95DE.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2016-03-26 to 2016-04-26  )))))))))))))))))))))))))))))))
.
.
2016-04-26 01:23 . 2016-04-26 01:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-25 11:36 . 2016-04-25 11:36 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7E04AE0-61CB-49FC-A062-430C4F4FE44A}\offreg.3616.dll
2016-04-24 17:49 . 2016-03-22 02:10 112184 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2016-04-24 05:22 . 2016-04-24 17:59 -------- d-----w- C:\FRST
2016-04-22 19:48 . 2016-03-17 01:45 11686560 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7E04AE0-61CB-49FC-A062-430C4F4FE44A}\mpengine.dll
2016-04-19 23:20 . 2016-04-19 23:20 -------- d-----w- c:\users\Reginald\AppData\Roaming\3909
2016-04-19 22:54 . 2016-04-19 22:54 49584 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2016-04-19 22:05 . 2016-04-24 18:09 -------- d-----w- C:\AdwCleaner
2016-04-19 21:53 . 2016-04-19 21:53 -------- d-----w- c:\program files (x86)\Free Mouse Auto Clicker
2016-04-17 06:11 . 2016-03-21 20:01 56384 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2016-04-17 06:11 . 2016-03-21 20:01 109632 ----a-w- c:\windows\system32\nvaudcap64v.dll
2016-04-17 06:11 . 2016-03-21 20:01 100416 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2016-04-17 06:07 . 2016-04-19 21:12 -------- d-----w- c:\users\Reginald\AppData\Roaming\Auto Clicker
2016-04-14 08:12 . 2016-04-14 08:13 -------- d-----w- c:\users\Reginald\AppData\Roaming\SplitCam
2016-04-14 08:11 . 2016-04-14 08:12 -------- d-----w- c:\program files (x86)\SplitCam
2016-04-14 07:18 . 2016-04-14 07:18 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-14 07:18 . 2016-04-14 07:18 -------- d-----w- c:\windows\system32\Macromed
2016-04-12 20:06 . 2016-03-06 18:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-04-12 20:06 . 2016-03-06 18:53 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-04-12 20:06 . 2016-03-06 18:38 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-04-12 20:06 . 2016-03-06 18:38 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
2016-04-12 20:06 . 2016-04-04 18:14 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-12 20:06 . 2016-04-02 13:08 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-04-12 20:06 . 2016-03-23 14:02 215040 ----a-w- c:\windows\system32\aepic.dll
2016-04-12 20:06 . 2016-03-17 18:04 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-04-12 20:06 . 2016-03-17 18:04 499200 ----a-w- c:\windows\system32\devinv.dll
2016-04-12 20:06 . 2016-03-17 18:04 279040 ----a-w- c:\windows\system32\invagent.dll
2016-04-12 20:06 . 2016-03-17 18:04 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-04-12 20:06 . 2016-04-04 18:02 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-12 20:00 . 2016-03-29 17:53 3216896 ----a-w- c:\windows\system32\win32k.sys
2016-04-12 20:00 . 2016-03-11 18:57 2048 ----a-w- c:\windows\system32\tzres.dll
2016-04-12 20:00 . 2016-03-11 18:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-04-10 08:46 . 2016-04-10 08:54 -------- d-----w- c:\users\Reginald\AppData\Roaming\obs-studio
2016-04-10 08:44 . 2016-04-10 08:44 -------- d-----w- c:\program files (x86)\obs-studio
2016-04-10 08:26 . 2012-10-11 03:08 44928 ----a-w- c:\windows\system32\drivers\mcvidrv_x64.sys
2016-03-27 16:31 . 2016-02-01 18:56 1940992 ----a-w- c:\windows\system32\authui.dll
2016-03-27 16:31 . 2016-02-01 19:08 114624 ----a-w- c:\windows\system32\consent.exe
2016-03-27 16:31 . 2016-02-01 18:59 504320 ----a-w- c:\windows\system32\msihnd.dll
2016-03-27 16:31 . 2016-02-01 18:59 3243008 ----a-w- c:\windows\system32\msi.dll
2016-03-27 16:31 . 2016-02-01 18:59 25088 ----a-w- c:\windows\system32\msimsg.dll
2016-03-27 16:31 . 2016-02-01 18:56 70144 ----a-w- c:\windows\system32\appinfo.dll
2016-03-27 16:31 . 2016-02-01 18:49 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2016-03-27 16:31 . 2016-02-01 18:49 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2016-03-27 16:31 . 2016-02-01 18:49 2364928 ----a-w- c:\windows\SysWow64\msi.dll
2016-03-27 16:31 . 2016-02-01 18:45 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2016-03-27 16:31 . 2016-02-02 18:57 511488 ----a-w- c:\windows\system32\rpcss.dll
2016-03-27 16:31 . 2016-01-21 00:51 73664 ----a-w- c:\windows\system32\drivers\disk.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-24 17:45 . 2014-12-10 02:17 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-14 07:18 . 2015-06-09 18:15 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-04-13 09:06 . 2014-12-07 04:17 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-06 16:18 . 2010-11-21 03:27 453280 ------w- c:\windows\system32\MpSigStub.exe
2016-03-30 01:06 . 2014-12-12 02:08 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2016-03-30 01:06 . 2014-12-07 02:39 1373680 ----a-w- c:\windows\SysWow64\nvspcap.dll
2016-03-30 01:05 . 2015-11-30 18:18 112216 ----a-w- c:\windows\system32\NvRtmpStreamer64.dll
2016-03-30 01:05 . 2014-12-12 02:08 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2016-03-30 01:05 . 2014-12-07 02:39 1767248 ----a-w- c:\windows\system32\nvspcap64.dll
2016-03-22 04:12 . 2015-10-08 07:07 16446032 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2016-03-22 04:12 . 2015-07-30 05:26 14128840 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2016-03-22 04:12 . 2014-12-07 02:37 3286992 ----a-w- c:\windows\SysWow64\nvapi.dll
2016-03-22 04:12 . 2014-12-07 02:37 3714472 ----a-w- c:\windows\system32\nvapi64.dll
2016-03-22 04:12 . 2014-08-20 06:15 19004040 ----a-w- c:\windows\system32\nvwgf2umx.dll
2016-03-22 02:25 . 2014-12-07 02:37 6369728 ----a-w- c:\windows\system32\nvcpl.dll
2016-03-22 02:25 . 2014-12-07 02:37 2993088 ----a-w- c:\windows\system32\nvsvc64.dll
2016-03-22 02:25 . 2014-12-07 02:37 2561472 ----a-w- c:\windows\system32\nvsvcr.dll
2016-03-22 02:25 . 2014-12-07 02:37 1264064 ----a-w- c:\windows\system32\nvvsvc.exe
2016-03-22 02:25 . 2015-12-26 10:40 81856 ----a-w- c:\windows\system32\nv3dappshextr.dll
2016-03-22 02:25 . 2015-12-26 10:40 532536 ----a-w- c:\windows\system32\nv3dappshext.dll
2016-03-22 02:25 . 2014-12-07 02:37 69568 ----a-w- c:\windows\system32\nvshext.dll
2016-03-22 02:25 . 2014-12-07 02:37 393784 ----a-w- c:\windows\system32\nvmctray.dll
2016-03-18 18:10 . 2014-12-07 02:37 6253721 ----a-w- c:\windows\system32\nvcoproc.bin
2016-03-17 22:24 . 2016-04-12 20:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-16 21:30 . 2016-03-16 21:30 128792 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-5-1.dll
2016-03-16 21:30 . 2016-03-10 23:08 128792 ----a-w- c:\windows\SysWow64\vulkan-1.dll
2016-03-16 21:29 . 2016-03-16 21:29 41752 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-5-1.exe
2016-03-16 21:29 . 2016-03-10 23:08 41752 ----a-w- c:\windows\SysWow64\vulkaninfo.exe
2016-03-16 21:29 . 2016-03-16 21:29 127768 ----a-w- c:\windows\system32\vulkan-1-1-0-5-1.dll
2016-03-16 21:29 . 2016-03-10 23:08 127768 ----a-w- c:\windows\system32\vulkan-1.dll
2016-03-16 21:28 . 2016-03-16 21:28 45848 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-5-1.exe
2016-03-16 21:28 . 2016-03-10 23:08 45848 ----a-w- c:\windows\system32\vulkaninfo.exe
2016-03-10 20:09 . 2014-12-10 02:24 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-10 20:08 . 2014-12-10 02:16 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-10 20:08 . 2014-12-10 02:24 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-10 14:46 . 2014-12-07 02:28 30528 ----a-w- c:\windows\GVTDrv64.sys
2016-03-10 14:46 . 2014-12-07 02:28 25640 ----a-w- c:\windows\gdrv.sys
2016-03-08 10:07 . 2016-03-10 23:06 1924152 ----a-w- c:\windows\system32\nvdispco6436451.dll
2016-03-08 10:07 . 2016-03-10 23:06 1571776 ----a-w- c:\windows\system32\nvdispgenco6436451.dll
2016-02-29 10:01 . 2016-02-29 10:01 294232 ----a-w- c:\windows\system32\drivers\VMM.sys
2016-02-14 01:47 . 2016-02-14 01:47 125720 ----a-w- c:\windows\SysWow64\vulkan-1-1-0-3-0.dll
2016-02-14 01:46 . 2016-02-14 01:46 126232 ----a-w- c:\windows\system32\vulkan-1-1-0-3-0.dll
2016-02-14 01:45 . 2016-02-14 01:45 42264 ----a-w- c:\windows\SysWow64\vulkaninfo-1-1-0-3-0.exe
2016-02-14 01:45 . 2016-02-14 01:45 45848 ----a-w- c:\windows\system32\vulkaninfo-1-1-0-3-0.exe
2016-02-12 18:52 . 2016-03-09 14:22 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 14:22 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 14:22 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 14:22 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 14:22 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 14:22 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 14:22 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 14:22 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 14:22 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 14:22 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 14:22 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 14:22 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 14:22 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 14:22 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 14:22 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 14:22 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 14:17 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 14:17 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 14:17 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 14:17 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 14:22 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 14:17 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 14:17 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 14:17 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 14:17 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 14:17 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-09 08:39 . 2016-02-16 20:40 1924152 ----a-w- c:\windows\system32\nvdispco6436191.dll
2016-02-09 08:39 . 2016-02-16 20:40 1571776 ----a-w- c:\windows\system32\nvdispgenco6436191.dll
2016-02-09 08:39 . 2014-12-07 02:37 3684072 ----a-w- c:\windows\system32\SET7031.tmp
2016-02-09 08:39 . 2014-08-20 06:15 18758400 ----a-w- c:\windows\system32\SET8017.tmp
2016-02-05 18:54 . 2016-03-09 14:17 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-09 14:17 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 14:17 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 14:17 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 14:17 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 14:17 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 14:17 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 14:17 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 14:17 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 14:17 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 01:19 . 2016-03-09 14:17 381440 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 14:17 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-02-03 18:58 . 2016-03-09 14:22 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:52 . 2016-03-09 14:22 84992 ----a-w- c:\windows\system32\asycfilt.dll
2016-02-03 18:49 . 2016-03-09 14:22 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-02-03 18:43 . 2016-03-09 14:22 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2016-02-03 18:07 . 2016-03-09 14:22 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2016-04-24 7943072]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-11-16 8591272]
"uTorrent"="c:\users\Reginald\AppData\Roaming\uTorrent\uTorrent.exe" [2014-12-07 1126480]
"SynchronossPC"="c:\program files\Verizon\VerizonCloud\VerizonCloud.exe" [2015-12-03 2136728]
"Discord"="c:\users\Reginald\AppData\Local\Discord\app-0.0.288\Discord.exe" [2016-04-22 53430456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-02 153992]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);c:\windows\system32\DRIVERS\RtTeam620.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam620.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VSStandardCollectorService140;Visual Studio Standard Collector Service;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe;c:\program files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [x]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SpliCamService;SplitCamService;c:\program files (x86)\SplitCam\SplitCamService.exe;c:\program files (x86)\SplitCam\SplitCamService.exe [x]
S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 scvad_simple;SplitCam Virtual Microphone (WDM);c:\windows\system32\drivers\SplitCamAudio.sys;c:\windows\SYSNATIVE\drivers\SplitCamAudio.sys [x]
S3 splitcam_hd_driver;SplitCam Virtual Video Driver;c:\windows\system32\DRIVERS\splitcam_hd_driver.sys;c:\windows\SYSNATIVE\DRIVERS\splitcam_hd_driver.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 00:14 1106072 ----a-w- c:\program files (x86)\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-12-18 15:42 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07 06:48]
.
2016-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-07 06:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (Blocked)]
@="{C418E880-6280-4010-A888-FD76028E5511}"
[HKEY_CLASSES_ROOT\CLSID\{C418E880-6280-4010-A888-FD76028E5511}]
2015-12-03 23:13 1091320 ----a-w- c:\program files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (InSync)]
@="{5F4A6070-DB92-4C56-A487-F3850430608F}"
[HKEY_CLASSES_ROOT\CLSID\{5F4A6070-DB92-4C56-A487-F3850430608F}]
2015-12-03 23:13 1091320 ----a-w- c:\program files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (Pending)]
@="{EE73A341-C788-4A6B-B1EF-DDBFC0F190B6}"
[HKEY_CLASSES_ROOT\CLSID\{EE73A341-C788-4A6B-B1EF-DDBFC0F190B6}]
2015-12-03 23:13 1091320 ----a-w- c:\program files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (Syncing)]
@="{28CDCD88-B179-49D6-8B21-1A9AF9C0AE13}"
[HKEY_CLASSES_ROOT\CLSID\{28CDCD88-B179-49D6-8B21-1A9AF9C0AE13}]
2015-12-03 23:13 1091320 ----a-w- c:\program files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\program files\VIA XHCI UASP Utility\usb3Monitor" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-12-13 13662936]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-03-30 2396096]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-03-30 1767248]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"VerizonCloud"="c:\program files\Verizon\VerizonCloud\VerizonCloud.exe" [2015-12-03 2136728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 127.0.0.1:9666
uInternet Settings,ProxyOverride = 127.0.0.1
IE: {{B81BF46A-B455-48FB-A81B-40DFFF66786F}
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon Cloud\Verizon Cloud Service.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
AddRemove-東方風神録_is1 - c:\program files (x86)\Touhou Project\Touhou Project 10 - Mountain of Faith\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,49,40,5d,4b,29,7a,46,80,3c,08,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,49,40,5d,4b,29,7a,46,80,3c,08,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-25  19:26:47
ComboFix-quarantined-files.txt  2016-04-26 01:26
.
Pre-Run: 41,559,662,592 bytes free
Post-Run: 41,540,558,848 bytes free
.
- - End Of File - - DD69722C51184A1BFFE4553AE34288B5
A36C5E4F47E84449FF07ED3517B43A31


--

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Reginald (administrator) on COMPUTATO (25-04-2016 23:06:38)
Running from C:\Users\Reginald\Downloads
Loaded Profiles: Reginald (Available Profiles: Reginald)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(SplitCam Co.) C:\Program Files (x86)\SplitCam\SplitCamService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-12] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [VerizonCloud] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-04-24] (SUPERAntiSpyware)
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [uTorrent] => C:\Users\Reginald\AppData\Roaming\uTorrent\uTorrent.exe [1126480 2014-12-07] (BitTorrent Inc.)
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [SynchronossPC] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\...\Run: [Discord] => C:\Users\Reginald\AppData\Local\Discord\app-0.0.288\Discord.exe [53430456 2016-04-22] (Hammer & Chisel, Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\VerizonCloud\x64\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-131321474-2350475203-3552042591-1000] => 127.0.0.1:9666
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{B36AFCF9-3ABC-4529-98B1-CE759D9FF85E}: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-131321474-2350475203-3552042591-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: GBHO.BHO -> {45d30484-7ded-43d9-957a-d2fd1f046511} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
Toolbar: HKLM - Smart Recovery 2 - {1d09c093-f71e-43c3-b948-19316cbd695e} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
 
FireFox:
========
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2015-06-09] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Search Engage) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc [2016-04-24]
CHR Extension: (Google Slides) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-23]
CHR Extension: (Google Docs) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-23]
CHR Extension: (Google Drive) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-23]
CHR Extension: (YouTube) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-23]
CHR Extension: (Sad Panda) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohapeiooecafommnlaiccilacgmkaoc [2016-04-24]
CHR Extension: (Google Sheets) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-23]
CHR Extension: (Google Docs Offline) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
CHR Extension: (Gmail) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-23]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [384512 2015-08-18] (Apple Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [312616 2015-11-03] (SplitCam Co.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [134656 2015-07-09] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 CrystalSysInfo; C:\Program Files\MediaCoder\SysInfoX64.sys [18128 2007-09-25] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-03-10] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2016-04-19] ()
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2015-08-06] (Windows ® Win 7 DDK provider)
R3 splitcam_hd_driver; C:\Windows\System32\DRIVERS\splitcam_hd_driver.sys [37088 2015-10-15] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-28] ()
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2013-08-12] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-08-12] (VIA Technologies, Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2099-12-00 12704:834 - 1653-08-07 21:02 - 00166808 _____ C:\Windows\SysWOW64\acdev32.exe
2016-04-25 23:06 - 2016-04-25 23:06 - 00019120 _____ C:\Users\Reginald\Downloads\FRST.txt
2016-04-25 19:26 - 2016-04-25 19:26 - 00033302 _____ C:\ComboFix.txt
2016-04-25 19:03 - 2016-04-25 19:26 - 00000000 ____D C:\Qoobox
2016-04-25 19:03 - 2016-04-25 19:24 - 00000000 ____D C:\Windows\erdnt
2016-04-25 19:03 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2016-04-25 19:03 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2016-04-25 19:03 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-04-25 19:03 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-04-25 19:03 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-04-25 19:03 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2016-04-25 19:03 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2016-04-25 19:03 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2016-04-25 19:02 - 2016-04-25 19:02 - 05660058 ____R (Swearware) C:\Users\Reginald\Desktop\ComboFix.exe
2016-04-24 19:45 - 2016-04-24 19:45 - 00023696 _____ C:\Users\Reginald\Downloads\Game Center CX in Budokan.torrent
2016-04-24 11:49 - 2016-03-21 20:10 - 00112184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-04-24 11:48 - 2016-04-24 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan
2016-04-24 11:47 - 2016-03-21 22:12 - 42923576 _____ C:\Windows\system32\nvcompiler.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 37567424 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 31555008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 25321408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 21355248 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 20897416 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 17748712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 17342392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 17248408 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 12567608 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-04-24 11:47 - 2016-03-21 22:12 - 10550736 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 08659472 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 03235896 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 02809280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436472.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 01573432 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436472.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00959544 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00889400 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00753208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00695864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00678520 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00571912 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00501896 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00473592 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00425016 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00423080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00391632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00153392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00151368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00129208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-04-24 11:47 - 2016-03-21 22:12 - 00000139 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-04-24 11:47 - 2016-03-21 22:12 - 00000139 _____ C:\Windows\system32\nv-vk64.json
2016-04-24 11:41 - 2016-04-24 11:41 - 03683904 _____ C:\Users\Reginald\Desktop\adwcleaner_5.112.exe
2016-04-24 11:40 - 2016-04-24 11:40 - 02375680 _____ (Farbar) C:\Users\Reginald\Downloads\FRST64.exe
2016-04-23 23:22 - 2016-04-25 23:06 - 00000000 ____D C:\FRST
2016-04-20 01:22 - 2016-04-20 01:23 - 2526155204 _____ C:\Users\Reginald\Downloads\ANIME NITE 2016-04-18-1900-49.zip
2016-04-19 17:20 - 2016-04-19 17:20 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\3909
2016-04-19 16:54 - 2016-04-19 16:54 - 00049584 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-04-19 16:14 - 2016-04-19 16:14 - 00004101 _____ C:\Users\Reginald\Desktop\JRT.txt
2016-04-19 16:05 - 2016-04-24 12:09 - 00000000 ____D C:\AdwCleaner
2016-04-19 15:58 - 2016-04-23 14:35 - 00000560 __RSH C:\Users\Reginald\ntuser.pol
2016-04-19 15:53 - 2016-04-19 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Mouse Auto Clicker
2016-04-19 15:53 - 2016-04-19 15:53 - 00000000 ____D C:\Program Files (x86)\Free Mouse Auto Clicker
2016-04-17 00:11 - 2016-03-21 14:01 - 00109632 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-04-17 00:11 - 2016-03-21 14:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-04-17 00:11 - 2016-03-21 14:01 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-04-17 00:07 - 2016-04-19 15:12 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\Auto Clicker
2016-04-14 13:02 - 2016-04-14 13:02 - 00000000 ____D C:\Users\Reginald\AppData\LocalLow\SquareEnix
2016-04-14 02:12 - 2016-04-14 02:13 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\SplitCam
2016-04-14 02:11 - 2016-04-14 02:12 - 00000000 ____D C:\Program Files (x86)\SplitCam
2016-04-14 01:18 - 2016-04-14 01:18 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-14 01:18 - 2016-04-14 01:18 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-12 15:06 - 2016-04-12 15:06 - 00494182 _____ C:\Users\Reginald\Downloads\pksvui_pkg2-1-1.zip
2016-04-12 15:06 - 2016-04-12 15:06 - 00000000 ____D C:\Users\Reginald\Downloads\pksvui_pkg2-1-1
2016-04-12 14:14 - 2016-03-31 13:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-12 14:14 - 2016-03-31 12:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-12 14:14 - 2016-03-30 18:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-12 14:14 - 2016-03-30 18:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-12 14:14 - 2016-03-30 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-12 14:14 - 2016-03-30 18:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-12 14:14 - 2016-03-30 18:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-12 14:14 - 2016-03-30 18:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-12 14:14 - 2016-03-30 18:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-12 14:14 - 2016-03-30 18:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-12 14:14 - 2016-03-30 18:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-12 14:14 - 2016-03-30 18:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-12 14:14 - 2016-03-30 18:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-12 14:14 - 2016-03-30 18:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-12 14:14 - 2016-03-30 18:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-12 14:14 - 2016-03-30 18:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-12 14:14 - 2016-03-30 18:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-12 14:14 - 2016-03-30 18:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-12 14:14 - 2016-03-30 18:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-12 14:14 - 2016-03-30 18:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-12 14:14 - 2016-03-30 18:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-12 14:14 - 2016-03-30 18:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-12 14:14 - 2016-03-30 18:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-12 14:14 - 2016-03-30 18:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-12 14:14 - 2016-03-30 17:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-12 14:14 - 2016-03-30 17:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-12 14:14 - 2016-03-30 17:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-12 14:14 - 2016-03-30 17:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-12 14:14 - 2016-03-30 17:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-12 14:14 - 2016-03-30 17:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-12 14:14 - 2016-03-30 17:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-12 14:14 - 2016-03-30 17:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-12 14:14 - 2016-03-30 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-12 14:14 - 2016-03-30 17:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-12 14:14 - 2016-03-30 17:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-12 14:14 - 2016-03-30 17:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-12 14:14 - 2016-03-30 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-12 14:14 - 2016-03-30 17:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-12 14:14 - 2016-03-30 17:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-12 14:14 - 2016-03-30 17:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-12 14:14 - 2016-03-30 17:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-12 14:14 - 2016-03-30 17:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-12 14:14 - 2016-03-30 17:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-12 14:14 - 2016-03-30 17:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-12 14:14 - 2016-03-30 17:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-12 14:14 - 2016-03-30 17:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-12 14:14 - 2016-03-30 17:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-12 14:14 - 2016-03-30 17:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-12 14:14 - 2016-03-30 17:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-12 14:14 - 2016-03-30 17:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-12 14:14 - 2016-03-30 17:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-12 14:14 - 2016-03-30 17:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-12 14:14 - 2016-03-30 17:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-12 14:14 - 2016-03-30 17:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-12 14:14 - 2016-03-30 17:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-12 14:14 - 2016-03-30 17:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-12 14:14 - 2016-03-30 17:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-12 14:14 - 2016-03-30 17:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-12 14:14 - 2016-03-30 17:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-12 14:14 - 2016-03-30 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-12 14:14 - 2016-03-30 17:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-12 14:14 - 2016-03-30 17:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-12 14:14 - 2016-03-30 17:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-12 14:14 - 2016-03-30 17:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-12 14:14 - 2016-03-30 17:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-12 14:14 - 2016-03-30 17:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-12 14:06 - 2016-04-04 12:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-12 14:06 - 2016-04-04 12:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-12 14:06 - 2016-04-02 07:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-12 14:06 - 2016-03-23 08:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-12 14:06 - 2016-03-17 12:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-12 14:06 - 2016-03-17 12:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-12 14:06 - 2016-03-17 12:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-12 14:06 - 2016-03-17 12:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-12 14:06 - 2016-03-06 12:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-12 14:06 - 2016-03-06 12:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-12 14:06 - 2016-03-06 12:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-12 14:06 - 2016-03-06 12:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-12 14:01 - 2016-03-17 17:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-12 14:01 - 2016-03-17 17:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-12 14:01 - 2016-03-17 17:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-12 14:01 - 2016-03-17 17:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-12 14:01 - 2016-03-17 17:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-12 14:01 - 2016-03-17 17:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-12 14:01 - 2016-03-17 16:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-12 14:01 - 2016-03-17 16:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-12 14:01 - 2016-03-17 16:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-12 14:01 - 2016-03-17 16:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-12 14:01 - 2016-03-17 16:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-12 14:01 - 2016-03-17 16:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-12 14:01 - 2016-03-17 16:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-12 14:01 - 2016-03-17 16:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-12 14:01 - 2016-03-17 16:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-12 14:01 - 2016-03-17 16:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-12 14:01 - 2016-03-17 16:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-12 14:01 - 2016-03-17 16:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-12 14:01 - 2016-03-17 16:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-12 14:01 - 2016-03-17 16:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-12 14:01 - 2016-03-17 16:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-12 14:01 - 2016-03-17 16:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-12 14:01 - 2016-03-17 16:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-12 14:01 - 2016-03-17 16:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-12 14:01 - 2016-03-17 16:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-12 14:01 - 2016-03-17 16:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-12 14:01 - 2016-03-17 16:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-12 14:01 - 2016-03-17 16:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-12 14:01 - 2016-03-17 16:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-12 14:01 - 2016-03-17 16:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-12 14:01 - 2016-03-17 16:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-12 14:01 - 2016-03-17 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-12 14:01 - 2016-03-17 16:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-12 14:01 - 2016-03-17 16:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-12 14:01 - 2016-03-17 16:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-12 14:01 - 2016-03-17 16:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-12 14:01 - 2016-03-17 16:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-12 14:01 - 2016-03-17 16:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-12 14:01 - 2016-03-17 16:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-12 14:01 - 2016-03-17 16:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-12 14:01 - 2016-03-17 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-12 14:01 - 2016-03-17 16:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-12 14:01 - 2016-03-17 16:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 15:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-12 14:01 - 2016-03-17 15:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-12 14:01 - 2016-03-17 15:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-12 14:01 - 2016-03-17 15:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-12 14:01 - 2016-03-17 15:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-12 14:01 - 2016-03-17 15:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-12 14:01 - 2016-03-17 15:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-12 14:01 - 2016-03-17 15:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-12 14:01 - 2016-03-17 15:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-12 14:01 - 2016-03-17 15:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-12 14:01 - 2016-03-17 15:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-12 14:01 - 2016-03-17 15:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-12 14:01 - 2016-03-17 15:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-12 14:01 - 2016-03-17 15:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-12 14:01 - 2016-03-17 15:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-12 14:01 - 2016-03-17 15:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-12 14:01 - 2016-03-17 15:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-12 14:01 - 2016-03-17 15:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 15:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 15:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-12 14:01 - 2016-03-17 15:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-12 14:01 - 2016-03-16 12:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-12 14:01 - 2016-03-16 12:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-12 14:01 - 2016-03-16 12:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-12 14:01 - 2016-03-15 18:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-12 14:01 - 2016-03-15 18:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-12 14:01 - 2016-03-15 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-12 14:00 - 2016-03-29 11:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-12 14:00 - 2016-03-11 12:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-12 14:00 - 2016-03-11 12:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-12 02:10 - 2016-04-12 02:12 - 2723695953 _____ C:\Users\Reginald\Downloads\2016-04-04-1902-17.zip
2016-04-10 02:46 - 2016-04-10 02:54 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\obs-studio
2016-04-10 02:44 - 2016-04-10 02:44 - 00001198 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-04-10 02:44 - 2016-04-10 02:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-04-10 02:44 - 2016-04-10 02:44 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-04-10 02:26 - 2016-04-14 00:31 - 00000000 ____D C:\ProgramData\Temp
2016-04-10 02:26 - 2012-10-10 21:08 - 00044928 _____ (ManyCam LLC) C:\Windows\system32\Drivers\mcvidrv_x64.sys
2016-04-10 00:04 - 2016-04-10 00:12 - 193937904 _____ C:\Users\Reginald\Downloads\animo3.mp4
2016-04-10 00:04 - 2016-04-10 00:11 - 100804996 _____ C:\Users\Reginald\Downloads\animo2.mp4
2016-04-10 00:03 - 2016-04-10 00:03 - 42505511 _____ C:\Users\Reginald\Downloads\animo1.mp4
2016-04-03 14:28 - 2016-04-03 14:28 - 00131072 _____ C:\Users\Reginald\Desktop\Pokemon - Emerald Version (USA, Europe).SaveRAM.bak
2016-04-03 14:25 - 2016-04-03 14:25 - 00131072 _____ C:\Users\Reginald\Downloads\Pspjunkie420PokemonEmerald(1).sav
2016-04-03 14:24 - 2016-04-04 14:01 - 00131072 _____ C:\Users\Reginald\Desktop\Pokemon - Emerald Version (USA, Europe).SaveRAM
2016-04-02 23:19 - 2016-04-02 23:20 - 00000000 ____D C:\Users\Reginald\Downloads\AdvanceMap
2016-04-02 23:19 - 2016-04-02 23:19 - 00961473 _____ C:\Users\Reginald\Downloads\am1.95.zip
2016-04-02 03:44 - 2016-04-02 03:46 - 00000000 ____D C:\Users\Reginald\Downloads\GilvaSunner - GilvaSunner's Highest Quality Video Game Rips- Volume 1 (FLAC)
2016-04-02 02:36 - 2016-04-02 02:38 - 546687274 _____ C:\Users\Reginald\Downloads\GilvaSunner - GilvaSunner's Highest Quality Video Game Rips- Volume 1 (FLAC).zip
2016-04-01 22:09 - 2016-04-01 23:05 - 00000000 ____D C:\Users\Reginald\Downloads\BizHawk-1.11.6
2016-04-01 22:08 - 2016-04-01 22:09 - 23261066 _____ C:\Users\Reginald\Downloads\BizHawk-1.11.6.zip
2016-04-01 22:00 - 2016-04-01 22:00 - 00039423 _____ C:\Users\Reginald\Downloads\PokeBot-GenerationIII-master.zip
2016-03-31 00:14 - 2016-03-31 00:15 - 2788916038 _____ C:\Users\Reginald\Downloads\ANIME NITE 2016-03-28-1902-36.zip
2016-03-29 12:12 - 2016-03-29 12:12 - 00032583 _____ C:\Users\Reginald\Downloads\gccx137.torrent
2016-03-29 01:36 - 2016-03-29 01:36 - 00027248 _____ C:\Users\Reginald\Downloads\Game Center CX - The People In My Head.torrent
2016-03-29 01:34 - 2016-03-29 01:34 - 00042373 _____ C:\Users\Reginald\Downloads\gccx vietnam special.torrent
2016-03-29 01:32 - 2016-03-29 01:32 - 00016589 _____ C:\Users\Reginald\Downloads\Game Center CX DVD Bonus Episodes.torrent
2016-03-29 01:31 - 2016-03-29 01:31 - 00013705 _____ C:\Users\Reginald\Downloads\Game Center CX - 178 - Mega Man X (Part 1) 60fps [SAGCCX].mp4.torrent
2016-03-29 01:31 - 2016-03-29 01:31 - 00011625 _____ C:\Users\Reginald\Downloads\Game Center CX - 179 - Mega Man X (Part 2) 60fps [SAGCCX].mp4.torrent
2016-03-29 01:30 - 2016-03-29 01:30 - 00039822 _____ C:\Users\Reginald\Downloads\Game Center CX 175 - Nosferatu.torrent
2016-03-29 01:30 - 2016-03-29 01:30 - 00022002 _____ C:\Users\Reginald\Downloads\Game Center CX 176 - Nosferatu.torrent
2016-03-29 01:29 - 2016-03-29 01:29 - 00021192 _____ C:\Users\Reginald\Downloads\Game Center CX Season 13.torrent
2016-03-29 01:29 - 2016-03-29 01:29 - 00016420 _____ C:\Users\Reginald\Downloads\Game Center CX Season 14.torrent
2016-03-29 01:28 - 2016-03-29 01:28 - 00033706 _____ C:\Users\Reginald\Downloads\golgo.torrent
2016-03-29 01:28 - 2016-03-29 01:28 - 00014049 _____ C:\Users\Reginald\Downloads\Game Center CX Season 12.torrent
2016-03-29 01:27 - 2016-03-29 01:27 - 00019051 _____ C:\Users\Reginald\Downloads\Game Center CX Season 02.torrent
2016-03-29 01:27 - 2016-03-29 01:27 - 00017654 _____ C:\Users\Reginald\Downloads\Game Center CX Season 06.torrent
2016-03-29 01:26 - 2016-03-29 01:26 - 00014308 _____ C:\Users\Reginald\Downloads\Game Center CX Season 05.torrent
2016-03-29 01:25 - 2016-03-29 01:25 - 00020622 _____ C:\Users\Reginald\Downloads\Game Center CX Season 08.torrent
2016-03-29 01:25 - 2016-03-29 01:25 - 00013118 _____ C:\Users\Reginald\Downloads\Game Center CX Season 07.torrent
2016-03-29 01:25 - 2016-03-29 01:25 - 00012045 _____ C:\Users\Reginald\Downloads\[Clover]_Game_Center_CX_-_80_[B38F6AF1].mkv.torrent
2016-03-29 01:24 - 2016-03-29 01:24 - 00013115 _____ C:\Users\Reginald\Downloads\Game Center CX - 184 - Super Mario Land [SAGCCX].mp4.torrent
2016-03-29 01:22 - 2016-03-29 01:22 - 00013705 _____ C:\Users\Reginald\Downloads\Game Center CX Season 16.torrent
2016-03-29 01:20 - 2016-03-29 01:20 - 00029125 _____ C:\Users\Reginald\Downloads\198.torrent
2016-03-29 01:19 - 2016-03-29 01:19 - 00031125 _____ C:\Users\Reginald\Downloads\gccx197.torrent
2016-03-27 14:53 - 2016-03-27 14:55 - 00000839 _____ C:\Users\Reginald\Desktop\lemmings.txt
2016-03-27 10:31 - 2016-02-02 12:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-03-27 10:31 - 2016-02-01 13:08 - 00114624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-27 10:31 - 2016-02-01 12:59 - 03243008 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-03-27 10:31 - 2016-02-01 12:59 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-03-27 10:31 - 2016-02-01 12:59 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-03-27 10:31 - 2016-02-01 12:56 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-27 10:31 - 2016-02-01 12:56 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-27 10:31 - 2016-02-01 12:49 - 02364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-03-27 10:31 - 2016-02-01 12:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-03-27 10:31 - 2016-02-01 12:49 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-03-27 10:31 - 2016-02-01 12:45 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-03-27 10:31 - 2016-01-20 18:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-03-27 10:29 - 2016-02-05 12:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-03-27 10:29 - 2016-02-05 12:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-03-27 10:29 - 2016-02-05 11:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-03-27 10:29 - 2015-06-03 14:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-03-27 01:41 - 2016-03-27 01:41 - 00012599 _____ C:\Users\Reginald\Downloads\Game Center CX Nintendo Channel Episodes.torrent
2016-03-26 00:13 - 2016-03-26 00:13 - 00019880 _____ C:\Users\Reginald\Downloads\Game Center CX - 181 - Gunstar Heroes [SAGCCX].mp4.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-25 22:10 - 2014-12-06 20:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-25 20:20 - 2009-07-13 22:45 - 00034608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-25 20:20 - 2009-07-13 22:45 - 00034608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-25 19:26 - 2015-01-09 21:58 - 00000000 ____D C:\Users\Reginald\AppData\Local\Apps\2.0
2016-04-25 19:23 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2016-04-25 19:04 - 2014-12-06 21:40 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-25 19:03 - 2014-12-07 15:26 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\uTorrent
2016-04-25 11:10 - 2014-12-06 20:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-24 12:14 - 2016-01-14 14:14 - 00000000 ___RD C:\Users\Reginald\Verizon Cloud Sync
2016-04-24 12:14 - 2015-04-16 15:15 - 00000000 ____D C:\Users\Reginald\AppData\Local\HTC MediaHub
2016-04-24 12:10 - 2014-12-09 20:27 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-24 12:10 - 2014-12-06 20:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-24 12:10 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-24 11:57 - 2014-12-11 10:02 - 00000000 ____D C:\Users\Reginald\AppData\LocalLow\Temp
2016-04-24 11:49 - 2015-04-16 11:51 - 00000000 ____D C:\Temp
2016-04-24 11:49 - 2014-12-06 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-04-24 11:49 - 2014-12-06 20:37 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-04-24 11:49 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-04-24 11:48 - 2016-03-10 17:08 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-04-24 11:48 - 2014-12-06 20:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-04-24 11:46 - 2014-12-09 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-24 11:46 - 2014-12-09 20:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-24 11:45 - 2014-12-09 20:17 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-23 14:35 - 2014-12-06 19:44 - 00000000 ____D C:\Users\Reginald
2016-04-23 13:04 - 2016-01-15 01:20 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\discord
2016-04-22 15:03 - 2016-01-15 01:20 - 00002176 _____ C:\Users\Reginald\Desktop\Discord.lnk
2016-04-22 15:03 - 2016-01-15 01:20 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-04-22 15:03 - 2016-01-15 01:20 - 00000000 ____D C:\Users\Reginald\AppData\Local\SquirrelTemp
2016-04-22 15:03 - 2016-01-15 01:20 - 00000000 ____D C:\Users\Reginald\AppData\Local\Discord
2016-04-19 15:58 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-04-18 03:04 - 2016-03-24 12:31 - 00001534 _____ C:\Users\Reginald\Desktop\flint stones.txt
2016-04-17 00:12 - 2014-12-06 20:40 - 00001377 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-04-17 00:10 - 2014-12-10 11:37 - 00000000 ____D C:\Users\Reginald\AppData\Local\CrashDumps
2016-04-14 01:18 - 2015-06-09 12:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-14 01:18 - 2014-12-07 20:05 - 00000000 ____D C:\Users\Reginald\AppData\Local\Adobe
2016-04-13 05:57 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-04-13 04:58 - 2014-12-11 15:39 - 00000000 ____D C:\Users\Reginald\AppData\Local\ElevatedDiagnostics
2016-04-13 03:49 - 2014-12-11 19:26 - 00502590 _____ C:\Windows\system32\perfh006.dat
2016-04-13 03:49 - 2014-12-11 19:26 - 00099898 _____ C:\Windows\system32\perfc006.dat
2016-04-13 03:49 - 2014-12-11 18:56 - 00391518 _____ C:\Windows\system32\prfh0404.dat
2016-04-13 03:49 - 2014-12-11 18:56 - 00116330 _____ C:\Windows\system32\prfc0404.dat
2016-04-13 03:49 - 2014-12-11 18:35 - 00707056 _____ C:\Windows\system32\prfh0416.dat
2016-04-13 03:49 - 2014-12-11 18:35 - 00148896 _____ C:\Windows\system32\prfc0416.dat
2016-04-13 03:49 - 2014-12-11 18:20 - 00722194 _____ C:\Windows\system32\prfh0816.dat
2016-04-13 03:49 - 2014-12-11 18:20 - 00154146 _____ C:\Windows\system32\prfc0816.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00733534 _____ C:\Windows\system32\perfh015.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00717776 _____ C:\Windows\system32\perfh019.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00649858 _____ C:\Windows\system32\perfh01F.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00600164 _____ C:\Windows\system32\perfh008.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00487690 _____ C:\Windows\system32\perfh014.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00374346 _____ C:\Windows\system32\prfh0804.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00157112 _____ C:\Windows\system32\perfc015.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00152082 _____ C:\Windows\system32\perfc019.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00141240 _____ C:\Windows\system32\perfc01F.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00120832 _____ C:\Windows\system32\prfc0804.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00112368 _____ C:\Windows\system32\perfc008.dat
2016-04-13 03:49 - 2014-12-11 10:38 - 00096644 _____ C:\Windows\system32\perfc014.dat
2016-04-13 03:49 - 2014-12-11 08:17 - 00656896 _____ C:\Windows\system32\perfh01D.dat
2016-04-13 03:49 - 2014-12-11 08:17 - 00143714 _____ C:\Windows\system32\perfc01D.dat
2016-04-13 03:49 - 2014-12-11 08:10 - 00421600 _____ C:\Windows\system32\perfh012.dat
2016-04-13 03:49 - 2014-12-11 08:10 - 00121624 _____ C:\Windows\system32\perfc012.dat
2016-04-13 03:49 - 2014-12-11 08:03 - 00662016 _____ C:\Windows\system32\perfh005.dat
2016-04-13 03:49 - 2014-12-11 08:03 - 00142666 _____ C:\Windows\system32\perfc005.dat
2016-04-13 03:49 - 2014-12-11 07:44 - 00736674 _____ C:\Windows\system32\perfh013.dat
2016-04-13 03:49 - 2014-12-11 07:44 - 00154342 _____ C:\Windows\system32\perfc013.dat
2016-04-13 03:49 - 2014-12-11 07:33 - 00474678 _____ C:\Windows\system32\perfh00B.dat
2016-04-13 03:49 - 2014-12-11 07:33 - 00102760 _____ C:\Windows\system32\perfc00B.dat
2016-04-13 03:49 - 2014-12-11 07:27 - 00676930 _____ C:\Windows\system32\perfh00E.dat
2016-04-13 03:49 - 2014-12-11 07:27 - 00172514 _____ C:\Windows\system32\perfc00E.dat
2016-04-13 03:49 - 2014-12-11 07:17 - 00738632 _____ C:\Windows\system32\perfh00A.dat
2016-04-13 03:49 - 2014-12-11 07:17 - 00159714 _____ C:\Windows\system32\perfc00A.dat
2016-04-13 03:49 - 2014-12-11 07:11 - 00385520 _____ C:\Windows\system32\perfh00D.dat
2016-04-13 03:49 - 2014-12-11 07:11 - 00085998 _____ C:\Windows\system32\perfc00D.dat
2016-04-13 03:49 - 2014-12-11 07:00 - 00733222 _____ C:\Windows\system32\perfh010.dat
2016-04-13 03:49 - 2014-12-11 07:00 - 00148086 _____ C:\Windows\system32\perfc010.dat
2016-04-13 03:49 - 2014-12-11 06:55 - 00738892 _____ C:\Windows\system32\perfh00C.dat
2016-04-13 03:49 - 2014-12-11 06:55 - 00472190 _____ C:\Windows\system32\perfh001.dat
2016-04-13 03:49 - 2014-12-11 06:55 - 00150820 _____ C:\Windows\system32\perfc00C.dat
2016-04-13 03:49 - 2014-12-11 06:55 - 00096012 _____ C:\Windows\system32\perfc001.dat
2016-04-13 03:49 - 2014-12-09 11:53 - 00690384 _____ C:\Windows\system32\perfh007.dat
2016-04-13 03:49 - 2014-12-09 11:53 - 00150356 _____ C:\Windows\system32\perfc007.dat
2016-04-13 03:49 - 2014-12-07 01:05 - 00420140 _____ C:\Windows\system32\perfh011.dat
2016-04-13 03:49 - 2014-12-07 01:05 - 00123552 _____ C:\Windows\system32\perfc011.dat
2016-04-13 03:49 - 2009-07-13 23:13 - 17444788 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-13 03:40 - 2009-07-13 22:45 - 00295792 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-13 03:35 - 2015-04-15 03:28 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-04-13 03:35 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-04-13 03:15 - 2014-12-06 22:17 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 03:06 - 2014-12-06 22:17 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-11 18:16 - 2014-12-06 20:01 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-11 18:16 - 2014-12-06 20:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-06 10:18 - 2010-11-20 21:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-05 23:23 - 2014-12-15 17:45 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\MusicBee
2016-04-05 21:58 - 2015-03-19 13:08 - 00000000 ____D C:\Users\Reginald\AppData\Roaming\MPC-HC
2016-04-03 12:58 - 2015-09-17 05:53 - 00000000 ____D C:\Users\Reginald\Documents\Visual Studio 2015
2016-04-02 22:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\ModemLogs
2016-04-01 01:58 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-29 19:06 - 2014-12-11 20:08 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-03-29 19:06 - 2014-12-06 20:39 - 01373680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-03-29 19:05 - 2015-11-30 12:18 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-03-29 19:05 - 2014-12-11 20:08 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-03-29 19:05 - 2014-12-06 20:39 - 01767248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-03-27 02:13 - 2014-12-23 12:00 - 00000000 ____D C:\Users\Reginald\Desktop\Torrent Temp
2016-03-26 21:43 - 2016-01-12 13:18 - 00000000 ____D C:\Users\Reginald\Desktop\SNES9x v1.53-1240
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-18 00:44
 
==================== End of FRST.txt ============================

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 26 April 2016 - 09:57 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ProxyServer: [S-1-5-21-131321474-2350475203-3552042591-1000] => 127.0.0.1:9666
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Search Engage) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc [2016-04-24]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
RemoveProxy:
C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists then the router may be infected.

Reset your router. It may be infected.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

====
How to tell if my Wireless is secure.
http://www.ehow.com/how_6775466_tell-wireless-secure_.html

Please let me know what problem persists with this computer.

#7 metalsonic88

metalsonic88
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 28 April 2016 - 02:36 PM

The Search Engage extension seems mostly inert as it was in my last post, however it is still present in the list of extensions and unable to be removed.

I am unwilling to reset my router back to factor defaults except as a last resort. I doubt that it is infected due to the fact that there are multiple computers running Chrome using it that are not infected with Search Engage. If there is no other option I will reset it, but doing so would necessitate resetting far too many wireless devices that use the WiFi to be worth it if I'm not certain it will even help.

Is there a way to remove the Chrome "policy" that this extension cites when I try to remove it? I suspect that that is the only working remnant of this extension that is preventing it from being totally eradicated.

Below is the Fixlog generated by FRST after running the previous fixlist.

--
 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Reginald (2016-04-28 13:17:41) Run:5
Running from C:\Users\Reginald\Downloads
Loaded Profiles: Reginald (Available Profiles: Reginald)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ProxyServer: [S-1-5-21-131321474-2350475203-3552042591-1000] => 127.0.0.1:9666
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Search Engage) - C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc [2016-04-24]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
RemoveProxy:
C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-131321474-2350475203-3552042591-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc => moved successfully
catchme => service not found.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-131321474-2350475203-3552042591-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
"C:\Users\Reginald\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaehjjlljhmigellkdidoapcgkjblhoc" => not found.
EmptyTemp: => 147.1 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:19:52 ====


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 29 April 2016 - 07:31 AM

I did see that type of infection before. I should have been more alert to it.

Google Chrome extension "Installed by enterprise policy" - how to remove?
https://www.pcrisk.com/computer-technician-blog/general-information/7734-remove-chrome-extension-installed-by-enterprise-policy

and this article.

How to Uninstall Extension with "Installed by Enterprise Policy" from Google?
http://forums.anvisoft.com/viewtopic-51-8494-0.html

This fix entails the removal of an item in the registry.

If you are not at ease with this let me know the extensions ID that should be removed.

I suspect that it will be aaehjjlljhmigellkdidoapcgkjblhoc


If this is the case and you want me to give you a fix for it run this tool and post the log.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :regfind
    aaehjjlljhmigellkdidoapcgkjblhoc
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===

If the ID is not the same substitute the ID in the Search above.

Wait for further instructions.

#9 metalsonic88

metalsonic88
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 29 April 2016 - 03:47 PM

How bizarre. The first link you posted, from PCRisk, was the guide I mentioned in my initial post that I attempted to follow to no avail. This time however, it worked like a charm. After I deleted Registy.pol from C:\Windows\System32\GroupPolicy\UserSearch Engage seems to have finally disappeared.

 

I don't know if their guide was insufficient and at some point during your troubleshooting you removed a critical component that kept Search Engage on my pc, or if I simply made some mistake in my initial attempt to follow the guide. Regardless, my issue seems to be resolved.

Thank you very much nasdaq, and thanks to the Bleeping Computer site as a whole.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:23 AM

Posted 30 April 2016 - 06:29 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users