Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer has slowed down massively recently, with some suspicious activity


  • This topic is locked This topic is locked
2 replies to this topic

#1 flg33

flg33

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:05 AM

Posted 21 May 2016 - 04:30 PM

Hi guys, I've used this site once before and you where thoroughly helpful, so here I am again on a new account hoping for the same, so thanks for before and thanks in advance for the following:

 

I use computers for electronic music production, my main machine died and I bought a second hand, temporary laptop (this one), used it for 2-3 months no problem, until I installed the software I need, at which point it slowed down to the point of being almost unusable. AVG detected some trojan horses and removed them, but I get the feeling some may have slipped under the radar. Attached are the FRST scans, thanks again.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-05-2016
Ran by Harrison (administrator) on HARRISON-HP (21-05-2016 22:16:17)
Running from C:\Users\Harrison\Downloads
Loaded Profiles: Harrison (Available Profiles: Harrison)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7466600 2011-09-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2821416 2011-08-19] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-09-29] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3820440 2016-04-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [1941064 2016-05-15] ()
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1444880 2015-11-22] (Easybits)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3926091713-4250183637-3170476386-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-12] (Disc Soft Ltd)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-10-17] (EasyBits Software Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4D758C87-603F-4435-BBF6-8A35222FA66D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{CFB97795-8068-4E8E-A356-CADDCD55D1CA}: [DhcpNameServer] 192.168.56.2
 
Internet Explorer:
==================
HKU\S-1-5-21-3926091713-4250183637-3170476386-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6DE2C2C1-4F7B-4BA6-98F9-A5F6B70068F0}&mid=734f1ab9f56b47cdb39a35581d18e75d-7e3565b687a912de93916e4d11abd224492a9cfb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215av&pr=fr&d=2015-03-16 15:26:59&v=4.2.4.155&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-3926091713-4250183637-3170476386-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/2
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {83EB4F9F-917F-4D0E-AC1F-A6924B6A259A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {83EB4F9F-917F-4D0E-AC1F-A6924B6A259A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6DE2C2C1-4F7B-4BA6-98F9-A5F6B70068F0}&mid=734f1ab9f56b47cdb39a35581d18e75d-7e3565b687a912de93916e4d11abd224492a9cfb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-03-16 15:26:59&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {83EB4F9F-917F-4D0E-AC1F-A6924B6A259A} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6DE2C2C1-4F7B-4BA6-98F9-A5F6B70068F0}&mid=734f1ab9f56b47cdb39a35581d18e75d-7e3565b687a912de93916e4d11abd224492a9cfb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-03-16 15:26:59&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=hxxp://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-15] (AVG)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-05]
CHR Extension: (Google Docs) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-05]
CHR Extension: (Google Drive) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-06]
CHR Extension: (Rapport) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-31]
CHR Extension: (YouTube) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-06]
CHR Extension: (Google Sheets) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-05]
CHR Extension: (Google Docs Offline) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKU\S-1-5-21-3926091713-4250183637-3170476386-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3647384 2016-04-21] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [336152 2016-04-21] (AVG Technologies CZ, s.r.o.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2382832 2016-05-17] (IBM Corp.)
R2 vToolbarUpdater40.3.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-05-15] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [972872 2016-05-15] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [299440 2016-01-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [296368 2015-12-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255920 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [300464 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-05-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-05-21] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 RapportCerberus_1609040; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609040.sys [1157160 2016-05-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-17] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-17] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-17] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-17] (IBM Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-21 22:20 - 2016-05-21 22:20 - 00085721 _____ C:\Users\Harrison\Downloads\5493.tmp
2016-05-21 21:08 - 2016-05-21 21:27 - 00024581 _____ C:\Users\Harrison\Downloads\Addition.txt
2016-05-21 20:49 - 2016-05-21 22:16 - 00020476 _____ C:\Users\Harrison\Downloads\FRST.txt
2016-05-21 20:48 - 2016-05-21 21:36 - 00000000 ____D C:\FRST
2016-05-21 20:47 - 2016-05-21 20:47 - 02382336 _____ (Farbar) C:\Users\Harrison\Downloads\FRST64.exe
2016-05-21 18:13 - 2016-05-21 18:13 - 00000809 _____ C:\Users\Harrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 8.lnk
2016-05-21 18:13 - 2016-05-21 18:13 - 00000000 ____D C:\ProgramData\Ableton
2016-05-21 17:54 - 2012-08-31 03:32 - 1382830080 _____ C:\Users\Harrison\Desktop\ableton_suite__834.msi
2016-05-21 17:36 - 2016-05-21 17:45 - 00000000 ____D C:\Users\Harrison\Desktop\Ableton Suite 8 v8.3.4 with Live 8.4b8 x86 x64 Cracked
2016-05-21 17:33 - 2016-05-21 17:34 - 00017945 _____ C:\Users\Harrison\Downloads\[kat.cr]ableton.suite.8.v8.3.4.with.live.8.4b8.win.x86.x64.cracked.deepstatus.torrent
2016-05-21 11:32 - 2016-05-21 11:32 - 00000000 ____D C:\ProgramData\Propellerhead Software
2016-05-21 11:31 - 2016-05-21 11:31 - 00000000 ____D C:\Users\Harrison\AppData\Roaming\Propellerhead Software
2016-05-21 11:27 - 2015-08-04 18:25 - 00503834 _____ C:\Users\Harrison\Desktop\Patch io.rar
2016-05-21 11:18 - 2016-05-21 11:18 - 00001061 _____ C:\Users\Public\Desktop\Reason.lnk
2016-05-21 11:18 - 2016-05-21 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
2016-05-21 11:07 - 2016-05-21 11:07 - 00000000 ____D C:\Program Files (x86)\Propellerhead
2016-05-21 11:04 - 2016-05-21 11:04 - 00000000 ____D C:\Users\Harrison\Desktop\Samples
2016-05-21 11:00 - 2016-05-21 11:03 - 00000000 ____D C:\Users\Harrison\Documents\Ableton
2016-05-21 02:40 - 2016-05-21 18:20 - 00000000 ____D C:\Users\Harrison\AppData\Roaming\Ableton
2016-05-21 02:40 - 2016-05-21 02:41 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-21 02:23 - 2016-05-21 11:38 - 00000000 ____D C:\Users\Harrison\Desktop\Reason 5
2016-05-21 02:12 - 2016-05-21 11:04 - 00000000 ____D C:\Program Files (x86)\Ableton
2016-05-21 02:07 - 2016-05-21 02:07 - 00000954 _____ C:\Users\Harrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Suite.lnk
2016-05-21 02:07 - 2014-01-21 16:29 - 00000187 _____ C:\Users\Harrison\Desktop\PASSWORD HELP!!.txt
2016-05-21 02:00 - 2014-01-21 16:32 - 2685879260 _____ C:\Users\Harrison\Desktop\Reason 5.rar
2016-05-21 01:36 - 2016-05-21 01:56 - 00000000 ____D C:\Users\Harrison\Desktop\Propellerhead Reason 5 Cracked Version
2016-05-21 01:33 - 2016-05-21 01:33 - 00013505 _____ C:\Users\Harrison\Downloads\[kat.cr]propellerhead.reason.5.cracked.version.torrent
2016-05-21 01:32 - 2015-07-27 18:30 - 741371904 _____ C:\Users\Harrison\Desktop\ableton_live_suite_9.2.1_64.msi
2016-05-21 01:29 - 2015-07-27 19:25 - 727187456 _____ C:\Users\Harrison\Desktop\ableton_live_suite_9.2.1_32.msi
2016-05-21 01:26 - 2016-05-21 01:26 - 00000000 ____D C:\Users\Harrison\AppData\Local\Disc_Soft_Ltd
2016-05-21 01:22 - 2016-05-21 01:22 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-05-21 00:59 - 2016-05-21 00:59 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2016-05-21 00:53 - 2016-05-21 01:28 - 00000000 ____D C:\Users\Harrison\AppData\Roaming\DAEMON Tools Lite
2016-05-21 00:53 - 2016-05-21 00:53 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2016-05-21 00:53 - 2016-05-21 00:53 - 00001773 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-05-21 00:53 - 2016-05-21 00:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-05-21 00:52 - 2016-05-21 00:59 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2016-05-21 00:25 - 2016-05-21 00:25 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-05-20 20:48 - 2016-05-20 20:48 - 00052323 _____ C:\Users\Harrison\Downloads\Freaky_Loops_Dark_Heavy_Neuro_DnB.torrent
2016-05-20 20:47 - 2016-05-20 20:47 - 00081533 _____ C:\Users\Harrison\Downloads\Black_Octopus_Sound_Kulture_Neuro_Bass.torrent
2016-05-20 20:47 - 2016-05-20 20:47 - 00035673 _____ C:\Users\Harrison\Downloads\Industrial_Strength_Neuro.torrent
2016-05-20 20:43 - 2016-05-20 20:43 - 00040382 _____ C:\Users\Harrison\Downloads\WA_Production_Acoustic_Percussion_For_EDM_and_Trap.torrent
2016-05-20 20:42 - 2016-05-20 20:42 - 00080486 _____ C:\Users\Harrison\Downloads\Future_Sounds_Of_Ambient.torrent
2016-05-20 20:39 - 2016-05-20 20:39 - 00690448 _____ (Disc Soft Ltd.) C:\Users\Harrison\Downloads\DTLiteInstaller (1).exe
2016-05-20 20:33 - 2016-05-20 20:33 - 00200213 _____ C:\Users\Harrison\Downloads\Vengeance_Electroshock_Vol_2.torrent
2016-05-20 20:29 - 2016-05-20 20:29 - 00018203 _____ C:\Users\Harrison\Downloads\DrumkitSupply_Megatron_Drum_Kit_2.torrent
2016-05-20 20:26 - 2016-05-20 20:27 - 00123092 _____ C:\Users\Harrison\Downloads\Greatest_Drum_Hits-Hip-Hop.torrent
2016-05-20 19:27 - 2016-05-20 19:27 - 00692072 _____ (Disc Soft Ltd.) C:\Users\Harrison\Downloads\DTLiteInstaller.exe
2016-05-20 19:24 - 2016-05-20 19:24 - 00000000 ____D C:\Users\Harrison\AppData\Roaming\WinRAR
2016-05-20 19:07 - 2016-05-20 19:07 - 00000000 ____D C:\Users\Harrison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-20 19:07 - 2016-05-20 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-20 19:05 - 2016-05-20 19:07 - 00000000 ____D C:\Program Files\WinRAR
2016-05-20 18:57 - 2016-05-20 18:57 - 00040381 _____ C:\Users\Harrison\Downloads\[kat.cr]propellerheads.reason.v5.0.hybrid.dvdr.airiso (1).torrent
2016-05-20 18:56 - 2016-05-20 18:57 - 00040556 _____ C:\Users\Harrison\Downloads\[kat.cr]propellerheads.reason.v5.0.hybrid.dvdr.airiso.torrent
2016-05-20 18:54 - 2016-05-20 18:57 - 00000000 ____D C:\Users\Harrison\Desktop\Native Instruments Massive STANDALONE VSTi RTAS v1.3.0 x86 x64 - ASSiGN
2016-05-20 18:51 - 2016-05-20 18:52 - 02181680 _____ C:\Users\Harrison\Downloads\winrar-x64-54b1.exe
2016-05-20 18:51 - 2016-05-20 18:51 - 00015789 _____ C:\Users\Harrison\Downloads\[kat.cr]native.instruments.massive.standalone.vsti.rtas.v1.3.0.x86.x64.assign.deepstatus.torrent
2016-05-20 18:50 - 2016-05-20 18:50 - 00000000 ____D C:\Users\Harrison\Desktop\Ableton Live 9 Suite v9.2.1 x64x86 Incl.Patch-iO [deepstatus]
2016-05-20 18:48 - 2016-05-20 18:48 - 00014845 _____ C:\Users\Harrison\Downloads\[kat.cr]ableton.live.9.suite.v9.2.1.x64x86.incl.patch.io.deepstatus.torrent
2016-05-14 13:31 - 2016-05-14 13:31 - 00340687 _____ C:\Users\Harrison\Downloads\88063 (1).pdf
2016-05-14 13:30 - 2016-05-14 13:30 - 00340687 _____ C:\Users\Harrison\Downloads\88063.pdf
2016-05-11 22:57 - 2016-04-14 14:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-11 22:57 - 2016-04-14 14:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-11 22:57 - 2016-04-09 08:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-11 22:57 - 2016-04-09 08:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-11 22:57 - 2016-04-09 07:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-11 22:57 - 2016-04-09 07:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-11 22:57 - 2016-04-09 07:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-11 22:57 - 2016-04-09 07:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-11 22:57 - 2016-04-09 07:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-11 22:57 - 2016-04-09 06:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-11 22:56 - 2016-03-09 19:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-05-11 22:56 - 2016-03-09 19:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-05-11 22:55 - 2016-04-23 18:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-11 22:55 - 2016-04-23 17:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-11 22:55 - 2016-04-23 06:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-11 22:55 - 2016-04-23 06:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-11 22:55 - 2016-04-23 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-11 22:55 - 2016-04-23 06:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-11 22:55 - 2016-04-23 06:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-11 22:55 - 2016-04-23 06:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-11 22:55 - 2016-04-23 06:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-11 22:55 - 2016-04-23 06:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-11 22:55 - 2016-04-23 06:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-11 22:55 - 2016-04-23 05:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-11 22:55 - 2016-04-23 05:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-11 22:55 - 2016-04-23 05:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-11 22:55 - 2016-04-23 05:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-11 22:55 - 2016-04-23 05:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-11 22:55 - 2016-04-23 05:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-11 22:55 - 2016-04-23 05:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-11 22:55 - 2016-04-23 05:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-11 22:55 - 2016-04-23 05:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-11 22:55 - 2016-04-23 05:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-11 22:55 - 2016-04-23 05:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-11 22:55 - 2016-04-23 05:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-11 22:55 - 2016-04-23 05:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-11 22:55 - 2016-04-23 05:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-11 22:55 - 2016-04-23 05:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-11 22:55 - 2016-04-23 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-11 22:55 - 2016-04-23 05:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-11 22:55 - 2016-04-23 05:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-11 22:55 - 2016-04-23 05:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-11 22:55 - 2016-04-23 05:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-11 22:55 - 2016-04-23 05:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-11 22:55 - 2016-04-23 05:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-11 22:55 - 2016-04-23 05:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-11 22:55 - 2016-04-23 05:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-11 22:55 - 2016-04-23 05:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-11 22:55 - 2016-04-23 05:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-11 22:55 - 2016-04-23 05:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-11 22:55 - 2016-04-23 05:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-11 22:55 - 2016-04-23 05:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-11 22:55 - 2016-04-23 05:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-11 22:55 - 2016-04-23 05:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-11 22:55 - 2016-04-23 05:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-11 22:55 - 2016-04-23 04:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-11 22:55 - 2016-04-23 04:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-11 22:55 - 2016-04-23 04:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-11 22:55 - 2016-04-23 04:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-11 22:55 - 2016-04-23 04:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-11 22:55 - 2016-04-23 04:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-11 22:55 - 2016-04-23 04:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-11 22:55 - 2016-04-23 04:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-11 22:55 - 2016-04-23 04:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-11 22:55 - 2016-04-23 04:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-11 22:55 - 2016-04-23 04:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-11 22:55 - 2016-04-23 04:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-11 22:55 - 2016-04-23 04:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-11 22:55 - 2016-04-23 04:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-11 22:55 - 2016-04-23 04:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-11 22:55 - 2016-04-23 04:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-11 22:55 - 2016-04-23 04:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-11 22:55 - 2016-04-23 04:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-11 22:55 - 2016-04-23 04:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-11 22:55 - 2016-04-23 04:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-11 22:55 - 2016-04-23 04:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-11 22:55 - 2016-04-23 04:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-11 22:55 - 2016-04-23 04:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-11 22:52 - 2016-04-09 08:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-11 22:52 - 2016-04-09 08:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-11 22:52 - 2016-04-09 08:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-11 22:52 - 2016-04-09 08:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-11 22:52 - 2016-04-09 08:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-11 22:52 - 2016-04-09 07:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-11 22:52 - 2016-04-09 07:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-11 22:52 - 2016-04-09 07:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-11 22:52 - 2016-04-09 07:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-11 22:52 - 2016-04-09 07:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-11 22:52 - 2016-04-09 07:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-11 22:52 - 2016-04-09 07:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-11 22:52 - 2016-04-09 07:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-11 22:52 - 2016-04-09 07:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-11 22:52 - 2016-04-09 07:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-11 22:52 - 2016-04-09 07:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-11 22:52 - 2016-04-09 07:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-11 22:52 - 2016-04-09 07:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-11 22:52 - 2016-04-09 07:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-11 22:52 - 2016-04-09 07:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-11 22:52 - 2016-04-09 07:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-11 22:52 - 2016-04-09 07:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-11 22:52 - 2016-04-09 07:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-11 22:52 - 2016-04-09 07:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-11 22:52 - 2016-04-09 07:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-11 22:52 - 2016-04-09 07:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-11 22:52 - 2016-04-09 07:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-11 22:52 - 2016-04-09 06:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-11 22:52 - 2016-04-09 06:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-11 22:52 - 2016-04-09 06:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-11 22:51 - 2016-04-09 07:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-11 22:51 - 2016-04-09 07:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-11 22:51 - 2016-04-09 07:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-11 22:51 - 2016-04-09 07:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-11 22:51 - 2016-04-09 07:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-11 22:51 - 2016-04-09 07:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-11 22:51 - 2016-04-09 07:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-11 22:51 - 2016-04-09 07:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-11 22:51 - 2016-04-09 07:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 07:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 06:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-11 22:51 - 2016-04-09 06:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-11 22:51 - 2016-04-09 06:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-11 22:51 - 2016-04-09 06:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-11 22:51 - 2016-04-09 06:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-11 22:51 - 2016-04-09 06:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-11 22:51 - 2016-04-09 06:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-11 22:51 - 2016-04-09 06:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-11 22:51 - 2016-04-09 06:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-11 22:51 - 2016-04-09 06:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-11 22:51 - 2016-04-09 06:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-11 22:51 - 2016-04-09 06:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-11 22:51 - 2016-04-09 06:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-11 22:51 - 2016-04-09 06:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-11 22:51 - 2016-04-09 06:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 06:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 06:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-11 22:51 - 2016-04-09 06:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-11 22:50 - 2016-04-09 05:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-11 22:50 - 2016-04-09 04:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-05-08 00:30 - 2016-05-08 00:31 - 109612549 _____ C:\Users\Harrison\Downloads\for sam.MP4
2016-05-07 22:54 - 2016-05-07 22:54 - 02612957 _____ C:\Users\Harrison\Desktop\7-05-2016 parser capture 1.cap
2016-05-07 22:30 - 2016-05-07 22:54 - 00000000 ____D C:\Users\Harrison\Documents\Network Monitor 3
2016-05-07 22:27 - 2016-05-07 22:27 - 00001016 _____ C:\Users\Public\Desktop\Microsoft Network Monitor 3.4.lnk
2016-05-07 22:27 - 2016-05-07 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
2016-05-07 22:27 - 2016-05-07 22:27 - 00000000 ____D C:\Program Files\Microsoft Network Monitor 3
2016-05-07 22:25 - 2016-05-07 22:25 - 06837560 _____ (Microsoft Corporation) C:\Users\Harrison\Downloads\NM34_x64.exe
2016-05-07 22:22 - 2016-05-07 22:22 - 06407992 _____ (Microsoft Corporation) C:\Users\Harrison\Downloads\NM34_x86 (1).exe
2016-05-07 21:15 - 2016-05-07 21:15 - 06407992 _____ (Microsoft Corporation) C:\Users\Harrison\Downloads\NM34_x86.exe
2016-05-06 17:55 - 2016-05-20 17:25 - 00003204 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHarrison
2016-05-06 17:55 - 2016-05-20 17:25 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForHarrison.job
2016-05-04 03:34 - 2016-05-04 04:52 - 365624216 _____ C:\Users\Harrison\Downloads\adrian chechik.mp4
2016-05-04 03:28 - 2016-05-04 03:57 - 146987419 _____ C:\Users\Harrison\Downloads\bonnie rotten.flv
2016-05-04 03:06 - 2016-05-04 03:07 - 00000000 ____D C:\Users\Harrison\Downloads\Asa.Akira.Is.Insatiable.3.DVDRip.XxX
2016-05-03 19:07 - 2016-02-05 19:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-03 19:07 - 2016-02-05 19:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-03 19:07 - 2016-02-05 18:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-05-03 19:07 - 2015-06-03 21:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-02 17:35 - 2016-05-19 16:54 - 00000000 ____D C:\Users\Harrison\AppData\Roaming\vlc
2016-05-02 17:28 - 2016-05-02 17:28 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-02 17:28 - 2016-05-02 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-05-02 17:25 - 2016-05-02 17:25 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-05-02 16:22 - 2016-05-02 16:23 - 00000000 ____D C:\ProgramData\CyberLink
2016-05-02 16:04 - 2016-05-02 16:05 - 30510920 _____ C:\Users\Harrison\Downloads\vlc-2.2.2-win32.exe
2016-05-02 16:03 - 2016-05-02 16:27 - 121200322 _____ C:\Users\Harrison\Downloads\considered.flv
2016-04-27 10:37 - 2016-03-17 23:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-27 10:37 - 2016-03-17 23:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-27 10:31 - 2016-03-16 01:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-27 10:31 - 2016-03-16 01:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-27 10:31 - 2016-03-16 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-27 10:28 - 2016-03-16 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-27 10:28 - 2016-03-16 19:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-27 10:28 - 2016-03-16 19:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-27 10:25 - 2016-03-06 19:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-27 10:25 - 2016-03-06 19:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-27 10:25 - 2016-03-06 19:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-27 10:25 - 2016-03-06 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-27 10:25 - 2016-02-02 19:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-27 10:23 - 2016-01-21 01:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-27 10:19 - 2016-04-04 19:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-27 10:19 - 2016-04-04 19:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-27 10:19 - 2016-04-02 14:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-27 10:19 - 2016-03-23 15:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-27 10:19 - 2016-03-17 19:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-27 10:19 - 2016-03-17 19:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-27 10:19 - 2016-03-17 19:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-27 10:19 - 2016-03-17 19:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-05-21 21:43 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-21 21:43 - 2009-07-14 05:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-21 21:38 - 2016-03-29 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-05-21 21:36 - 2015-03-05 17:56 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-21 21:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-21 20:34 - 2015-03-05 17:50 - 00003950 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{18ACCA31-41D4-494E-9BCC-70F707BDDC85}
2016-05-21 20:14 - 2015-04-12 15:44 - 00000000 ____D C:\Users\Harrison\AppData\Roaming\uTorrent
2016-05-21 11:06 - 2015-03-05 18:00 - 00000000 ____D C:\ProgramData\MFAData
2016-05-21 03:45 - 2007-01-02 02:25 - 00000000 ____D C:\Windows\Panther
2016-05-21 03:18 - 2016-02-13 15:21 - 00000000 ___HD C:\$WINDOWS.~BT
2016-05-21 01:22 - 2015-07-08 22:43 - 00000000 ____D C:\Users\Harrison\AppData\Local\CrashDumps
2016-05-21 01:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-05-17 22:23 - 2016-03-29 21:38 - 00470056 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-05-17 22:23 - 2016-03-29 21:38 - 00215560 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-05-16 21:49 - 2015-03-05 19:26 - 00000000 ____D C:\Users\Harrison\Documents\Youcam
2016-05-15 19:53 - 2015-03-16 16:26 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-05-15 19:53 - 2015-03-16 16:25 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-05-14 11:39 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-13 22:50 - 2015-03-05 17:57 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-13 22:50 - 2015-03-05 17:57 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-12 11:31 - 2009-07-14 06:13 - 00782010 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-12 11:26 - 2009-07-14 05:45 - 00421128 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-12 11:20 - 2015-03-08 14:36 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-12 10:43 - 2015-03-05 20:57 - 00000000 ____D C:\Windows\system32\MRT
2016-05-12 10:07 - 2015-03-05 20:57 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-11 20:03 - 2015-03-05 18:06 - 00000965 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2016-05-11 20:03 - 2015-03-05 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-05-10 22:31 - 2015-03-05 17:56 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 22:31 - 2015-03-05 17:56 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 22:31 - 2015-03-05 17:56 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-08 20:35 - 2015-09-25 21:39 - 00000000 ____D C:\Users\Harrison\AppData\Local\PokerStars.UK
2016-05-06 23:23 - 2015-04-05 22:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-06 23:23 - 2015-04-05 22:52 - 00000000 ___SD C:\Windows\system32\GWX
 
Some files in TEMP:
====================
C:\Users\Harrison\AppData\Local\Temp\bitool.dll
C:\Users\Harrison\AppData\Local\Temp\Extract.exe
C:\Users\Harrison\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Harrison\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Harrison\AppData\Local\Temp\SP56942.exe
C:\Users\Harrison\AppData\Local\Temp\SP59202.exe
C:\Users\Harrison\AppData\Local\Temp\sp64126.exe
C:\Users\Harrison\AppData\Local\Temp\sphpsa.exe
C:\Users\Harrison\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-05-07 21:58
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:05 AM

Posted 22 May 2016 - 08:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe
HKU\S-1-5-21-3926091713-4250183637-3170476386-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={6DE2C2C1-4F7B-4BA6-98F9-A5F6B70068F0}&mid=734f1ab9f56b47cdb39a35581d18e75d-7e3565b687a912de93916e4d11abd224492a9cfb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0215av&pr=fr&d=2015-03-16 15:26:59&v=4.2.4.155&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6DE2C2C1-4F7B-4BA6-98F9-A5F6B70068F0}&mid=734f1ab9f56b47cdb39a35581d18e75d-7e3565b687a912de93916e4d11abd224492a9cfb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-03-16 15:26:59&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6DE2C2C1-4F7B-4BA6-98F9-A5F6B70068F0}&mid=734f1ab9f56b47cdb39a35581d18e75d-7e3565b687a912de93916e4d11abd224492a9cfb&lang=en&ds=AVG&coid=avgtbavg&cmpid=0116tb&pr=fr&d=2015-03-16 15:26:59&v=4.2.4.155&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
Toolbar: HKU\S-1-5-21-3926091713-4250183637-3170476386-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
R2 vToolbarUpdater40.3.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-05-15] (AVG Secure Search)
C:\Users\Harrison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Pleasepost the logs and let me know what problem persists with this computer.

p.s.
I also need to see the content of the Addition.txt file created by the Farbar tool.
Please post it in your next reply.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:05 AM

Posted 28 May 2016 - 07:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users