Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All anti-viruses will not download.


  • This topic is locked This topic is locked
25 replies to this topic

#1 AlenNez

AlenNez

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 27 May 2016 - 08:37 PM

 Hello, I have been having issues with my computer for about half of a year now. No anti-virus will install no matter what I try, whether is be safe mode, TDSSKiller, Kapersky, et cetera. Here is my FRST logs.

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\MicrosoftWindows\Client.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\backupstartup.exe" [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\...\MountPoints2: {240e77d0-c077-11e3-bb32-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\...\Winlogon: [Shell] explorer.exe,"C:\Users\Alen\AppData\Roaming\backupstartup.exe" <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\Avira.ServiceHost.exe: [Debugger] nqij.exe
IFEO\Avira.Systray.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
Startup: C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-05-22]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3215385016-2064432561-392109973-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.116.137.64
Tcpip\..\Interfaces\{4B07A445-E511-49F3-8FFB-4925561DCADD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50812AF3-D917-4AA4-97E3-EAB65264A37B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68EAB88C-BB8A-4838-B592-75FB91FE9171}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF7952DC-BF0D-4B69-AF43-D2F02FFFA5F3}: [DhcpNameServer] 10.116.137.64
Tcpip\..\Interfaces\{E68E83AD-17CF-4598-BFE4-711E7683196A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130918758952513308&GUID=00212936-C7BF-4579-86F8-7C5700DAA0DA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130918758953563368&GUID=00212936-C7BF-4579-86F8-7C5700DAA0DA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.sxe-anticheat.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.sxe-anticheat.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.sxe-anticheat.com/
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\Software\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.sxe-anticheat.com/
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\Software\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.sxe-anticheat.com/
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130918758953563368&GUID=00212936-C7BF-4579-86F8-7C5700DAA0DA
URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScopeBefore {33BB0A4E-99AF-4226-BDF6-49120163DE86}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3215385016-2064432561-392109973-1000 -> DefaultScopeBefore {33D59858-89D9-4AC2-A956-93875EB02323}
SearchScopes: HKU\S-1-5-21-3215385016-2064432561-392109973-1000 -> {06C3E62F-4D7E-4BFA-A5AE-242A0B6641E0} URL = hxxp://search.sxe-anticheat.com/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Alen\AppData\Roaming\Mozilla\Firefox\Profiles\jj2e6svt.default-1463420533558
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2011-05-17] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Alen\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3215385016-2064432561-392109973-1000: @nsroblox.roblox.com/launcher -> C:\Users\Alen\AppData\Local\Roblox\Versions\version-c542e3639a5f40f9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3215385016-2064432561-392109973-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Alen\AppData\Local\Roblox\Versions\version-c542e3639a5f40f9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3215385016-2064432561-392109973-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Alen\AppData\Roaming\Mozilla\Firefox\Profiles\jj2e6svt.default-1463420533558\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-22]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-05]
CHR Extension: (Google Docs) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-05]
CHR Extension: (Google Drive) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-05]
CHR Extension: (YouTube) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-05]
CHR Extension: (Adblock Plus) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-20]
CHR Extension: (Google Search) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-05]
CHR Extension: (Google Sheets) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-28]
CHR Extension: (Google Docs Offline) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-24]
CHR Extension: (Gmail) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
S4 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96688 2015-03-30] ()
S4 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [589608 2015-03-30] ()
S4 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()
S4 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S4 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()
S2 Annoyed Wealth; C:\Users\Alen\AppData\Roaming\Annoyed Wealth\Annoyed Wealth.exe [X]
S2 Average Simple; "C:\Program Files (x86)\Average Simple\Average Simple.exe" [X]
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 Grieving Statement; "C:\Program Files (x86)\Grieving Statement\Grieving Statement.exe" [X]
S2 Harebrained Iron; "C:\Program Files (x86)\Harebrained Iron\Harebrained Iron.exe" [X]
S2 Melancholy Neat; "C:\Program Files (x86)\Melancholy Neat\Melancholy Neat.exe" [X]
S2 Nasty Walk; "C:\Program Files (x86)\Nasty Walk\Nasty Walk.exe" [X]
S2 Sour Ad; "C:\Program Files (x86)\Sour Ad\Sour Ad.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
S3 libwamf; C:\Windows\System32\DRIVERS\libwamf.sys [15664 2016-04-14] (Windows ® Win 7 DDK provider)
S3 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [28464 2016-04-14] ()
S1 nmjhmzr2nhnmbdv; C:\Windows\System32\drivers\nmjhmzr2nhnmbdv.sys [59736 2015-07-21] () [File not signed]
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [50688 2010-04-19] (Apple, Inc.) [File not signed]
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2013-05-06] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2013-05-06] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2013-10-14] (LG Electronics Inc.)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-26] (SplitmediaLabs Limited)
S1 bodrzdbh; \??\C:\Windows\system32\drivers\bodrzdbh.sys [X]
S3 BS4206670336; \??\C:\Users\Alen\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 mwiynzm4ndy1yjz; system32\drivers\mwiynzm4ndy1yjz.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 20:22 - 2016-05-27 20:23 - 00016441 _____ C:\Users\Alen\Downloads\FRST.txt
2016-05-27 20:21 - 2016-05-27 20:22 - 00000000 ____D C:\FRST
2016-05-27 20:21 - 2016-05-27 20:21 - 02383360 _____ (Farbar) C:\Users\Alen\Downloads\FRST64.exe
2016-05-22 19:34 - 2016-05-27 20:16 - 00000000 ____D C:\Users\Alen\AppData\LocalLow\RbxLogs
2016-05-22 19:33 - 2016-05-26 16:51 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-05-22 19:32 - 2016-05-22 19:39 - 00000150 _____ C:\Users\Alen\AppData\LocalLow\rbxcsettings.rbx
2016-05-22 19:32 - 2016-05-22 19:32 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(7).exe
2016-05-22 16:01 - 2016-05-22 16:01 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill(3).com
2016-05-22 15:58 - 2016-05-22 15:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill(2).exe
2016-05-22 15:58 - 2016-05-22 15:58 - 00000000 _RSHD C:\Program Files (x86)\MicrosoftWindows
2016-05-22 15:49 - 2016-05-22 15:49 - 57666112 _____ (Oracle Corporation) C:\Users\Alen\Downloads\jre-8u91-windows-x64.exe
2016-05-22 15:45 - 2016-05-22 15:45 - 00738880 _____ (Oracle Corporation) C:\Users\Alen\Downloads\jxpiinstall.exe
2016-05-20 20:38 - 2012-02-03 07:44 - 00846868 _____ C:\Users\Alen\Desktop\SaveData.dat
2016-05-20 20:36 - 2016-05-20 20:36 - 01992536 _____ C:\Users\Alen\Downloads\winrar-x64-531.exe
2016-05-20 20:36 - 2016-05-20 20:36 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-20 20:36 - 2016-05-20 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-20 20:34 - 2016-05-20 20:35 - 00011552 _____ C:\Users\Alen\Downloads\Resident Evil 4 PRO.rar
2016-05-18 17:25 - 2016-05-22 19:25 - 00000000 ____D C:\Users\Alen\AppData\Local\Roblox
2016-05-18 17:23 - 2016-05-19 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2016-05-18 17:23 - 2016-05-18 17:23 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher (2).exe
2016-05-18 17:16 - 2016-05-18 17:16 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(6).exe
2016-05-17 21:34 - 2016-05-17 21:35 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(5).exe
2016-05-17 21:13 - 2016-05-17 21:13 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(4).exe
2016-05-17 21:10 - 2016-05-17 21:10 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(3).exe
2016-05-17 19:36 - 2016-05-17 19:36 - 00002257 _____ C:\Users\Alen\Downloads\file9
2016-05-17 19:36 - 2016-05-17 19:36 - 00002257 _____ C:\Users\Alen\Downloads\file0(3)
2016-05-17 19:35 - 2016-05-17 19:36 - 00000295 _____ C:\Users\Alen\Downloads\undertale(3).ini
2016-05-16 15:32 - 2016-05-16 15:32 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(2).exe
2016-05-16 15:30 - 2016-05-16 15:30 - 00000000 _____ C:\Users\Alen\Desktop\New Text Document.txt
2016-05-16 15:25 - 2016-05-16 15:25 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher (1).exe
2016-05-16 15:18 - 2016-05-16 15:19 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(1).exe
2016-05-16 14:06 - 2016-05-16 14:06 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher.exe
2016-05-16 12:57 - 2016-05-16 12:57 - 00281952 _____ C:\Windows\Minidump\051616-51885-01.dmp
2016-05-15 23:13 - 2016-05-15 23:13 - 00281952 _____ C:\Windows\Minidump\051516-44195-01.dmp
2016-05-15 20:21 - 2016-05-15 20:21 - 00000000 ____D C:\Program Files (x86)\directx
2016-05-15 20:20 - 2016-05-15 20:20 - 00001192 _____ C:\Users\Alen\Desktop\CTU Marine Sharpshooter.lnk
2016-05-15 20:20 - 2016-05-15 20:20 - 00000072 _____ C:\sn.ist
2016-05-15 20:20 - 2016-05-15 20:20 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groove Games
2016-05-15 20:20 - 2016-05-15 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Groove Games
2016-05-15 20:16 - 2016-05-15 20:16 - 00000000 ____D C:\Program Files (x86)\Groove Games
2016-05-15 13:25 - 2016-05-15 13:25 - 00000000 ____H C:\Users\Alen\Documents\Default.rdp
2016-05-14 21:55 - 2016-05-14 21:55 - 22851472 _____ (Malwarebytes ) C:\Users\Alen\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-05-14 21:52 - 2016-05-14 21:34 - 22851472 _____ (Malwarebytes ) C:\Users\Alen\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-14 21:06 - 2016-05-14 21:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill(2).com
2016-05-14 21:06 - 2016-05-14 21:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill(1).exe
2016-05-14 20:11 - 2016-05-14 20:11 - 00281952 _____ C:\Windows\Minidump\051416-69670-01.dmp
2016-05-14 10:26 - 2016-05-14 10:27 - 00281952 _____ C:\Windows\Minidump\051416-40607-01.dmp
2016-05-11 19:11 - 2016-05-11 19:11 - 00281952 _____ C:\Windows\Minidump\051116-177201-01.dmp
2016-05-10 18:49 - 2016-05-10 18:49 - 00281952 _____ C:\Windows\Minidump\051016-64334-01.dmp
2016-05-09 21:08 - 2016-03-17 18:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-09 21:08 - 2016-03-17 18:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-09 21:08 - 2016-03-17 18:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-09 21:08 - 2016-03-17 18:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-09 21:08 - 2016-03-17 18:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-09 21:08 - 2016-03-17 18:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-09 21:08 - 2016-03-17 17:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-09 21:08 - 2016-03-17 17:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-09 21:08 - 2016-03-17 17:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-09 21:08 - 2016-03-17 17:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-09 21:08 - 2016-03-17 17:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-09 21:08 - 2016-03-17 17:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-09 21:08 - 2016-03-17 17:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-05-09 21:08 - 2016-03-17 17:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-09 21:08 - 2016-03-17 17:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-09 21:08 - 2016-03-17 17:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-09 21:08 - 2016-03-17 17:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-09 21:08 - 2016-03-17 17:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-09 21:08 - 2016-03-17 17:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-09 21:08 - 2016-03-17 17:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-09 21:08 - 2016-03-17 17:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-09 21:08 - 2016-03-17 17:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-09 21:08 - 2016-03-17 17:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-09 21:08 - 2016-03-17 17:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-09 21:08 - 2016-03-17 17:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-09 21:08 - 2016-03-17 17:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-09 21:08 - 2016-03-17 17:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-09 21:08 - 2016-03-17 17:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-09 21:08 - 2016-03-17 17:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-09 21:08 - 2016-03-17 17:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-09 21:08 - 2016-03-17 17:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-09 21:08 - 2016-03-17 17:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-09 21:08 - 2016-03-17 17:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-09 21:08 - 2016-03-17 17:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-09 21:08 - 2016-03-17 17:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-09 21:08 - 2016-03-17 17:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-05-09 21:08 - 2016-03-17 17:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-09 21:08 - 2016-03-17 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-09 21:08 - 2016-03-17 17:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-09 21:08 - 2016-03-17 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-09 21:08 - 2016-03-17 17:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-09 21:08 - 2016-03-17 17:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 16:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-09 21:08 - 2016-03-17 16:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-09 21:08 - 2016-03-17 16:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-09 21:08 - 2016-03-17 16:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-09 21:08 - 2016-03-17 16:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-09 21:08 - 2016-03-17 16:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-09 21:08 - 2016-03-17 16:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-09 21:08 - 2016-03-17 16:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-09 21:08 - 2016-03-17 16:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-09 21:08 - 2016-03-17 16:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-09 21:08 - 2016-03-17 16:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-09 21:08 - 2016-03-17 16:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-09 21:08 - 2016-03-17 16:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-09 21:08 - 2016-03-17 16:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-09 21:08 - 2016-03-17 16:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-09 21:08 - 2016-03-17 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-09 21:08 - 2016-03-17 16:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-09 21:08 - 2016-03-17 16:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 16:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 16:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 16:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-08 17:28 - 2016-05-13 18:51 - 00000000 ____D C:\Users\Alen\AppData\Local\NexonLauncher
2016-05-08 17:27 - 2016-05-08 17:27 - 10274904 _____ C:\Users\Alen\Downloads\NexonLauncherSetup(3).exe
2016-05-08 17:27 - 2016-05-08 17:27 - 00002079 _____ C:\Users\Alen\Desktop\Nexon Launcher.lnk
2016-05-08 17:27 - 2016-05-08 17:27 - 00000000 ____D C:\Program Files (x86)\Nexon
2016-05-08 17:25 - 2016-05-08 17:25 - 10274904 _____ C:\Users\Alen\Downloads\NexonLauncherSetup(2).exe
2016-05-08 16:44 - 2016-05-08 16:44 - 00668744 _____ C:\Users\Alen\Downloads\UnityDownloadAssistant-5.3.4f1(1).exe
2016-05-06 22:02 - 2016-05-06 22:02 - 00016384 _____ C:\Users\Alen\Desktop\loadasset.dll
2016-05-06 21:59 - 2016-04-07 13:13 - 00170496 _____ C:\Users\Alen\Desktop\HaruNee.dll
2016-05-06 21:44 - 2016-04-21 18:49 - 00495616 __RSH C:\Windows\SysWOW64\backupstartup.exe
2016-05-06 21:44 - 2016-04-21 18:49 - 00495616 __RSH C:\Users\Alen\AppData\Roaming\backupstartup.exe
2016-05-06 21:43 - 2016-05-06 21:43 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Monitor
2016-05-06 21:43 - 2016-05-06 21:43 - 00000000 ____D C:\ProgramData\Client
2016-05-06 21:40 - 2014-08-28 17:09 - 00015872 _____ C:\Users\Alen\Desktop\Seven.DLL
2016-05-06 21:39 - 2016-05-22 16:52 - 00000000 _RSHD C:\ProgramData\MicrosoftWindows
2016-05-06 21:39 - 2016-05-06 21:39 - 00001589 __RSH C:\ProgramData\windowsexplorer
2016-05-06 21:39 - 2016-05-06 21:39 - 00000000 _RSHD C:\Users\Alen\AppData\Roaming\Explorer
2016-05-06 20:26 - 2016-05-06 20:26 - 00113664 ____R C:\Users\Alen\Desktop\Project Activist.dll
2016-05-06 18:25 - 2016-05-06 18:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill(1).com
2016-05-06 18:25 - 2016-05-06 18:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\iExplore(1).exe
2016-05-06 18:24 - 2016-05-06 18:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill.exe
2016-05-06 17:57 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-06 17:57 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-06 17:57 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-05-06 17:57 - 2016-01-30 14:08 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-05-06 17:57 - 2016-01-20 19:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-05-05 21:40 - 2016-05-06 21:41 - 00000000 _____ C:\Users\Alen\AppData\Roaming\WindowsUpdate.exe
2016-05-05 21:40 - 2016-05-05 21:40 - 00575488 _____ C:\Users\Alen\AppData\Roaming\Windows Update.exe
2016-05-05 21:40 - 2016-05-05 21:40 - 00000043 _____ C:\Users\Alen\AppData\Roaming\pidloc.txt
2016-05-05 21:40 - 2016-05-05 21:40 - 00000004 _____ C:\Users\Alen\AppData\Roaming\pid.txt
2016-05-05 21:21 - 2016-03-11 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-05 21:21 - 2016-03-11 13:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-05 19:11 - 2016-05-05 19:11 - 00281952 _____ C:\Windows\Minidump\050516-35895-01.dmp
2016-05-05 16:40 - 2016-05-12 22:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-05 01:00 - 2016-01-08 14:20 - 01683904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-05-04 23:35 - 2016-03-29 12:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-04 20:50 - 2016-05-04 20:50 - 04734664 _____ () C:\Users\Alen\Downloads\TechnicLauncher(4).exe
2016-05-04 18:56 - 2016-05-16 12:42 - 00000000 ____D C:\Users\Alen\Desktop\Old Firefox Data
2016-05-04 18:34 - 2016-05-04 18:34 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-04 18:34 - 2016-05-04 18:34 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-04 18:34 - 2016-05-04 18:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-04 18:33 - 2016-05-04 18:33 - 00242120 _____ C:\Users\Alen\Downloads\Firefox Setup Stub 46.0.1.exe
2016-05-04 18:06 - 2016-05-04 18:06 - 00266200 _____ C:\Windows\Minidump\050416-16957-01.dmp
2016-05-03 21:52 - 2016-05-03 21:52 - 47116504 _____ (Microsoft Corporation) C:\Users\Alen\Downloads\Windows-KB890830-x64-V5.35.exe
2016-05-02 19:40 - 2016-05-02 19:40 - 09773895 _____ C:\Users\Alen\Downloads\Desert Ranger Reskin-43354-1-0.rar
2016-05-02 12:55 - 2016-05-02 12:55 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-05-02 12:55 - 2016-05-02 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-05-02 11:39 - 2016-05-02 11:39 - 00281952 _____ C:\Windows\Minidump\050216-23228-01.dmp
2016-05-01 18:03 - 2016-05-02 19:37 - 00000000 ____D C:\Users\Alen\Documents\Nexus Mod Manager
2016-05-01 18:03 - 2016-05-01 18:03 - 00000000 ____D C:\Users\Alen\AppData\Local\Black_Tree_Gaming
2016-05-01 18:02 - 2016-05-02 12:55 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-05-01 18:01 - 2016-05-01 18:01 - 06357632 _____ (Black Tree Gaming ) C:\Users\Alen\Downloads\Nexus Mod Manager-0.61.20.exe
2016-05-01 17:56 - 2016-05-01 17:56 - 00159552 _____ C:\Users\Alen\Downloads\UIO - User Interface Organizer-57174-1-31.zip
2016-05-01 17:56 - 2016-05-01 17:56 - 00047049 _____ C:\Users\Alen\Downloads\F4Quickloot 1.05b-61666-1-05b.7z
2016-05-01 17:53 - 2016-05-01 17:53 - 00693929 _____ C:\Users\Alen\Downloads\nvse_5_0_beta2.7z
2016-05-01 16:37 - 2016-05-01 16:46 - 506276620 _____ C:\Users\Alen\Downloads\Digital_Nightmare_Version_1-4-54916-1-4.rar
2016-05-01 10:10 - 2016-05-01 10:10 - 00000000 ____D C:\Users\Alen\Downloads\Digital_Nightmare_1-5-54916-1-5
2016-04-30 09:29 - 2016-04-30 09:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill (2).com
2016-04-30 09:14 - 2016-04-30 09:14 - 22851472 _____ (Malwarebytes ) C:\Users\Alen\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-30 09:10 - 2016-04-30 09:10 - 46436440 _____ C:\Users\Alen\Downloads\Firefox Setup 46.0.exe
2016-04-30 09:09 - 2016-04-30 09:09 - 00000000 ____D C:\ProgramData\SUPERSetup
2016-04-30 09:08 - 2016-04-30 09:09 - 25693144 _____ (SUPERAntiSpyware) C:\Users\Alen\Downloads\SAS_773932.EXE
2016-04-29 18:07 - 2016-04-29 18:14 - 190322846 _____ C:\Users\Alen\Downloads\SCP - Containment Breach v1.2.3.zip
2016-04-29 17:32 - 2016-04-29 17:32 - 00281952 _____ C:\Windows\Minidump\042916-107001-01.dmp
2016-04-29 17:28 - 2016-04-29 17:28 - 00013424 _____ C:\Users\Alen\Downloads\Grand.Theft.Auto.Vice.City - RELOADED.torrent
2016-04-28 21:33 - 2016-04-28 21:33 - 00000000 ____D C:\Windows\pss
2016-04-28 21:09 - 2016-04-28 21:09 - 00035824 _____ (Curio Laboratories) C:\Users\Alen\Downloads\RemoveOnRebootSetup.exe
2016-04-28 19:23 - 2016-04-28 20:25 - 00000000 ____D C:\Users\Alen\Desktop\CSS_Content_Addon-Jan2015
2016-04-27 12:21 - 2016-04-27 12:21 - 00281952 _____ C:\Windows\Minidump\042716-40279-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 20:23 - 2014-05-28 15:08 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Skype
2016-05-27 20:13 - 2014-05-23 13:38 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-27 14:31 - 2009-07-13 23:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 14:31 - 2009-07-13 23:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-26 21:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-26 17:05 - 2016-03-15 18:54 - 00917148 _____ C:\Users\Alen\Downloads\Extreme Injector v3.6.1 - by master131_mpgh.net.rar
2016-05-22 15:56 - 2016-03-13 20:49 - 00525282 _____ C:\Windows\ntbtlog.txt
2016-05-22 14:32 - 2009-07-13 21:34 - 00000532 _____ C:\Windows\win.ini
2016-05-20 20:44 - 2015-10-15 21:20 - 3355842377 _____ C:\Users\Alen\Downloads\Resident Evil 4 With Many Skin Mods.zip
2016-05-20 20:40 - 2016-04-17 16:05 - 00000677 _____ C:\Users\Alen\Desktop\Resident Evil 4 With Many Skin Mods.zip.lnk
2016-05-20 20:36 - 2014-06-03 17:00 - 00000000 ____D C:\Program Files\WinRAR
2016-05-17 19:52 - 2016-03-02 22:14 - 00000000 ____D C:\Users\Alen\AppData\Local\UNDERTALE
2016-05-17 19:35 - 2015-05-02 12:33 - 00000000 ____D C:\Users\Alen\AppData\Roaming\vlc
2016-05-16 12:57 - 2016-04-23 22:56 - 620137393 _____ C:\Windows\MEMORY.DMP
2016-05-16 12:57 - 2014-06-12 00:06 - 00000000 ____D C:\Windows\Minidump
2016-05-15 20:24 - 2015-07-10 19:32 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-05-14 21:44 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-14 21:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-14 20:38 - 2014-04-10 03:00 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-12 22:17 - 2014-04-11 15:58 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 22:17 - 2014-04-11 15:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 22:14 - 2015-03-09 11:11 - 00000000 ____D C:\Users\Alen\AppData\Local\Adobe
2016-05-09 14:16 - 2014-05-27 15:24 - 00000000 ____D C:\Users\Alen\AppData\Roaming\uTorrent
2016-05-08 17:49 - 2014-04-13 19:50 - 00000000 ____D C:\Users\Alen\AppData\Local\Unity
2016-05-08 17:28 - 2016-02-15 15:01 - 00000000 ____D C:\Users\Alen\AppData\Roaming\NexonLauncher
2016-05-06 20:26 - 2016-03-15 18:54 - 00000785 _____ C:\Users\Alen\Desktop\Extreme Injector v3.6.1 - by master131_mpgh.net.rar.lnk
2016-05-05 19:51 - 2015-12-23 12:37 - 00000000 ____D C:\Users\Alen\AppData\Roaming\.minecraft
2016-05-05 19:14 - 2015-12-11 17:06 - 00001130 _____ C:\Users\Alen\Desktop\nativelog.txt
2016-05-05 01:19 - 2009-07-13 23:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-04 18:34 - 2015-03-21 20:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 18:31 - 2015-04-22 23:14 - 00000000 ____D C:\Users\Alen\AppData\Roaming\3909
2016-05-04 18:31 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-04 09:41 - 2016-04-17 13:11 - 00000000 __SHD C:\Windows\SysWOW64\Application Services
2016-05-03 21:56 - 2016-04-17 13:11 - 00336600 _____ C:\Users\Alen\AppData\Roaming\msconfig.ini
2016-05-01 18:05 - 2015-07-15 13:03 - 00000000 ____D C:\Users\Alen\AppData\Local\FalloutNV
2016-05-01 18:05 - 2014-06-25 22:04 - 00000000 ____D C:\Games
2016-05-01 11:09 - 2016-04-16 08:39 - 00000000 ____D C:\Users\Alen\Documents\Visual Studio 2015
2016-05-01 09:55 - 2016-04-17 20:06 - 00000000 ____D C:\Users\Alen\Documents\FOMM
2016-04-29 22:29 - 2016-04-16 10:49 - 00000000 ____D C:\Program Files\Vice City
2016-04-29 20:52 - 2016-04-16 10:49 - 00000807 _____ C:\Users\Alen\Desktop\Vice City.lnk
2016-04-28 21:18 - 2014-06-23 03:29 - 00000000 ____D C:\Users\Alen\AppData\Roaming\GameTracker

==================== Files in the root of some directories =======

2015-08-10 08:29 - 2015-08-10 08:29 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-08-01 08:40 - 2015-08-01 10:47 - 0000020 _____ () C:\Users\Alen\AppData\Roaming\appdataFr2.bin
2015-07-13 18:00 - 2015-11-12 09:14 - 0000024 _____ () C:\Users\Alen\AppData\Roaming\appdataFr25.bin
2013-06-26 04:45 - 2013-06-26 04:45 - 0471241 _____ () C:\Users\Alen\AppData\Roaming\BackUp4206670336.exe
2016-05-06 21:44 - 2016-04-21 18:49 - 0495616 __RSH () C:\Users\Alen\AppData\Roaming\backupstartup.exe
2015-10-15 17:50 - 2015-10-15 17:50 - 0005120 _____ () C:\Users\Alen\AppData\Roaming\bixmfmf.exe
2015-11-02 18:06 - 2015-11-02 18:06 - 0381952 _____ (Microsoft Corporation) C:\Users\Alen\AppData\Roaming\dubojedu.exe
2016-04-17 13:11 - 2016-05-03 21:56 - 0336600 _____ () C:\Users\Alen\AppData\Roaming\msconfig.ini
2015-11-06 18:12 - 2015-11-06 18:12 - 0401408 _____ (Microsoft Corporation) C:\Users\Alen\AppData\Roaming\nkvqly.exe
2016-05-05 21:40 - 2016-05-05 21:40 - 0000004 _____ () C:\Users\Alen\AppData\Roaming\pid.txt
2016-05-05 21:40 - 2016-05-05 21:40 - 0000043 _____ () C:\Users\Alen\AppData\Roaming\pidloc.txt
2014-04-10 01:25 - 2015-07-15 12:32 - 0000363 _____ () C:\Users\Alen\AppData\Roaming\RecentPlaces.lnk
2015-12-15 23:48 - 2015-12-15 23:48 - 0086017 _____ () C:\Users\Alen\AppData\Roaming\tixahs.exe
2015-10-26 17:36 - 2015-10-26 17:36 - 0005120 _____ () C:\Users\Alen\AppData\Roaming\vaxizebw.exe
2014-05-21 17:01 - 2015-07-17 12:01 - 0000209 _____ () C:\Users\Alen\AppData\Roaming\WB.CFG
2016-05-05 21:40 - 2016-05-05 21:40 - 0575488 _____ () C:\Users\Alen\AppData\Roaming\Windows Update.exe
2016-05-05 21:40 - 2016-05-06 21:41 - 0000000 _____ () C:\Users\Alen\AppData\Roaming\WindowsUpdate.exe
2014-07-14 16:10 - 2014-08-03 22:08 - 0307200 _____ () C:\Users\Alen\AppData\Local\ChromeHitoryDB
2014-07-15 21:26 - 2014-07-15 21:26 - 0410624 _____ () C:\Users\Alen\AppData\Local\CompTmp.exe
2014-07-23 03:53 - 2014-07-23 03:53 - 0591112 _____ (ClickMeIn Limited) C:\Users\Alen\AppData\Local\nsbC0F1.tmp
2015-11-01 22:37 - 2015-11-01 22:37 - 0007602 _____ () C:\Users\Alen\AppData\Local\Resmon.ResmonCfg
2015-05-07 07:53 - 2015-05-07 08:06 - 0000804 _____ () C:\Users\Alen\AppData\Local\Temp-log.txt
2015-11-02 12:44 - 2015-11-02 12:44 - 0005120 _____ () C:\ProgramData\99A20262.EX
2015-11-02 12:45 - 2015-11-02 12:45 - 0004096 _____ () C:\ProgramData\perfmon.exe
2015-12-16 12:11 - 2015-12-16 12:11 - 0007680 _____ () C:\ProgramData\scheduler.exe
2015-10-15 17:54 - 2015-10-15 17:54 - 0005120 _____ () C:\ProgramData\taskhost.exe
2016-05-06 21:39 - 2016-05-06 21:39 - 0001589 __RSH () C:\ProgramData\windowsexplorer
2015-12-15 23:49 - 2015-12-15 23:49 - 0004096 _____ () C:\ProgramData\winhlp_86.exe

Files to move or delete:
====================
C:\Users\Alen\AppData\Roaming\msconfig.ini
C:\ProgramData\perfmon.exe
C:\ProgramData\scheduler.exe
C:\ProgramData\taskhost.exe
C:\ProgramData\winhlp_86.exe


Some files in TEMP:
====================
C:\Users\Alen\AppData\Local\Temp\cres.dll
C:\Users\Alen\AppData\Local\Temp\cshell.dll
C:\Users\Alen\AppData\Local\Temp\sres.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 00:37

My Addition.txt logs are also included in the file attachment.

Thanks for helping (or at least trying to).

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 27 May 2016 - 09:28 PM

Hi AlenNez :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Can you copy/paste the content of the FRST.txt log again? It seems like it's missing a few lines at the beginning (header, and the beginning of the running processes list).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 AlenNez

AlenNez
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 29 May 2016 - 02:16 PM

Okay, here is the start. I think i had cut that part out because I thought it was unnecessary.

can result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
Ran by Alen (administrator) on NEWUSER (27-05-2016 20:22:11)
Running from C:\Users\Alen\Downloads
Loaded Profiles: Alen (Available Profiles: Alen)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\MicrosoftWindows\Client.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Winlogon: [Userinit] userinit.exe,"C:\Windows\system32\backupstartup.exe" [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\...\MountPoints2: {240e77d0-c077-11e3-bb32-806e6f6e6963} - D:\autorun.exe
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\...\Winlogon: [Shell] explorer.exe,"C:\Users\Alen\AppData\Roaming\backupstartup.exe" <==== ATTENTION
IFEO\AvastSvc.exe: [Debugger] nqij.exe
IFEO\AvastUI.exe: [Debugger] nqij.exe
IFEO\avcenter.exe: [Debugger] nqij.exe
IFEO\avconfig.exe: [Debugger] nqij.exe
IFEO\avgcsrvx.exe: [Debugger] nqij.exe
IFEO\avgidsagent.exe: [Debugger] nqij.exe
IFEO\avgnt.exe: [Debugger] nqij.exe
IFEO\avgrsx.exe: [Debugger] nqij.exe
IFEO\avguard.exe: [Debugger] nqij.exe
IFEO\avgui.exe: [Debugger] nqij.exe
IFEO\avgwdsvc.exe: [Debugger] nqij.exe
IFEO\Avira.ServiceHost.exe: [Debugger] nqij.exe
IFEO\Avira.Systray.exe: [Debugger] nqij.exe
IFEO\avp.exe: [Debugger] nqij.exe
IFEO\avscan.exe: [Debugger] nqij.exe
IFEO\bdagent.exe: [Debugger] nqij.exe
IFEO\blindman.exe: [Debugger] nqij.exe
IFEO\ccuac.exe: [Debugger] nqij.exe
IFEO\ComboFix.exe: [Debugger] nqij.exe
IFEO\egui.exe: [Debugger] nqij.exe
IFEO\hijackthis.exe: [Debugger] nqij.exe
IFEO\instup.exe: [Debugger] nqij.exe
IFEO\keyscrambler.exe: [Debugger] nqij.exe
IFEO\mbam.exe: [Debugger] nqij.exe
IFEO\mbamgui.exe: [Debugger] nqij.exe
IFEO\mbampt.exe: [Debugger] nqij.exe
IFEO\mbamscheduler.exe: [Debugger] nqij.exe
IFEO\mbamservice.exe: [Debugger] nqij.exe
IFEO\MpCmdRun.exe: [Debugger] nqij.exe
IFEO\MSASCui.exe: [Debugger] nqij.exe
IFEO\MsMpEng.exe: [Debugger] nqij.exe
IFEO\msseces.exe: [Debugger] nqij.exe
IFEO\rstrui.exe: [Debugger] nqij.exe
IFEO\SDFiles.exe: [Debugger] nqij.exe
IFEO\SDMain.exe: [Debugger] nqij.exe
IFEO\SDWinSec.exe: [Debugger] nqij.exe
IFEO\spybotsd.exe: [Debugger] nqij.exe
IFEO\wireshark.exe: [Debugger] nqij.exe
IFEO\zlclient.exe: [Debugger] nqij.exe
Startup: C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-05-22]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3215385016-2064432561-392109973-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.116.137.64
Tcpip\..\Interfaces\{4B07A445-E511-49F3-8FFB-4925561DCADD}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{50812AF3-D917-4AA4-97E3-EAB65264A37B}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68EAB88C-BB8A-4838-B592-75FB91FE9171}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF7952DC-BF0D-4B69-AF43-D2F02FFFA5F3}: [DhcpNameServer] 10.116.137.64
Tcpip\..\Interfaces\{E68E83AD-17CF-4598-BFE4-711E7683196A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130918758952513308&GUID=00212936-C7BF-4579-86F8-7C5700DAA0DA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130918758953563368&GUID=00212936-C7BF-4579-86F8-7C5700DAA0DA
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.sxe-anticheat.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.sxe-anticheat.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.sxe-anticheat.com/
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\Software\Microsoft\Internet Explorer\Main,Start Page Before = hxxp://search.sxe-anticheat.com/
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\Software\Microsoft\Internet Explorer\Main,Search Page Before = hxxp://search.sxe-anticheat.com/
HKU\S-1-5-21-3215385016-2064432561-392109973-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=130918758953563368&GUID=00212936-C7BF-4579-86F8-7C5700DAA0DA
URLSearchHook: HKLM-x32 -> Default = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM -> DefaultScopeBefore {33BB0A4E-99AF-4226-BDF6-49120163DE86}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3215385016-2064432561-392109973-1000 -> DefaultScopeBefore {33D59858-89D9-4AC2-A956-93875EB02323}
SearchScopes: HKU\S-1-5-21-3215385016-2064432561-392109973-1000 -> {06C3E62F-4D7E-4BFA-A5AE-242A0B6641E0} URL = hxxp://search.sxe-anticheat.com/?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Alen\AppData\Roaming\Mozilla\Firefox\Profiles\jj2e6svt.default-1463420533558
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2011-05-17] (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Alen\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3215385016-2064432561-392109973-1000: @nsroblox.roblox.com/launcher -> C:\Users\Alen\AppData\Local\Roblox\Versions\version-c542e3639a5f40f9\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3215385016-2064432561-392109973-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Alen\AppData\Local\Roblox\Versions\version-c542e3639a5f40f9\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3215385016-2064432561-392109973-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-03-10] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Alen\AppData\Roaming\Mozilla\Firefox\Profiles\jj2e6svt.default-1463420533558\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-22]

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.avira.net/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.net/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-05]
CHR Extension: (Google Docs) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-05]
CHR Extension: (Google Drive) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-05]
CHR Extension: (YouTube) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-05]
CHR Extension: (Adblock Plus) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-20]
CHR Extension: (Google Search) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-05]
CHR Extension: (Google Sheets) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-04-28]
CHR Extension: (Google Docs Offline) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-24]
CHR Extension: (Gmail) - C:\Users\Alen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
S4 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96688 2015-03-30] ()
S4 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [589608 2015-03-30] ()
S4 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()
S4 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S4 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [272864 2010-08-19] ()
S2 Annoyed Wealth; C:\Users\Alen\AppData\Roaming\Annoyed Wealth\Annoyed Wealth.exe [X]
S2 Average Simple; "C:\Program Files (x86)\Average Simple\Average Simple.exe" [X]
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 Grieving Statement; "C:\Program Files (x86)\Grieving Statement\Grieving Statement.exe" [X]
S2 Harebrained Iron; "C:\Program Files (x86)\Harebrained Iron\Harebrained Iron.exe" [X]
S2 Melancholy Neat; "C:\Program Files (x86)\Melancholy Neat\Melancholy Neat.exe" [X]
S2 Nasty Walk; "C:\Program Files (x86)\Nasty Walk\Nasty Walk.exe" [X]
S2 Sour Ad; "C:\Program Files (x86)\Sour Ad\Sour Ad.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
S3 libwamf; C:\Windows\System32\DRIVERS\libwamf.sys [15664 2016-04-14] (Windows ® Win 7 DDK provider)
S3 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [28464 2016-04-14] ()
S1 nmjhmzr2nhnmbdv; C:\Windows\System32\drivers\nmjhmzr2nhnmbdv.sys [59736 2015-07-21] () [File not signed]
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [50688 2010-04-19] (Apple, Inc.) [File not signed]
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2013-05-06] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2013-05-06] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2013-10-14] (LG Electronics Inc.)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-26] (SplitmediaLabs Limited)
S1 bodrzdbh; \??\C:\Windows\system32\drivers\bodrzdbh.sys [X]
S3 BS4206670336; \??\C:\Users\Alen\AppData\Local\Temp\NTFS.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 mwiynzm4ndy1yjz; system32\drivers\mwiynzm4ndy1yjz.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 20:22 - 2016-05-27 20:23 - 00016441 _____ C:\Users\Alen\Downloads\FRST.txt
2016-05-27 20:21 - 2016-05-27 20:22 - 00000000 ____D C:\FRST
2016-05-27 20:21 - 2016-05-27 20:21 - 02383360 _____ (Farbar) C:\Users\Alen\Downloads\FRST64.exe
2016-05-22 19:34 - 2016-05-27 20:16 - 00000000 ____D C:\Users\Alen\AppData\LocalLow\RbxLogs
2016-05-22 19:33 - 2016-05-26 16:51 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-05-22 19:32 - 2016-05-22 19:39 - 00000150 _____ C:\Users\Alen\AppData\LocalLow\rbxcsettings.rbx
2016-05-22 19:32 - 2016-05-22 19:32 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(7).exe
2016-05-22 16:01 - 2016-05-22 16:01 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill(3).com
2016-05-22 15:58 - 2016-05-22 15:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill(2).exe
2016-05-22 15:58 - 2016-05-22 15:58 - 00000000 _RSHD C:\Program Files (x86)\MicrosoftWindows
2016-05-22 15:49 - 2016-05-22 15:49 - 57666112 _____ (Oracle Corporation) C:\Users\Alen\Downloads\jre-8u91-windows-x64.exe
2016-05-22 15:45 - 2016-05-22 15:45 - 00738880 _____ (Oracle Corporation) C:\Users\Alen\Downloads\jxpiinstall.exe
2016-05-20 20:38 - 2012-02-03 07:44 - 00846868 _____ C:\Users\Alen\Desktop\SaveData.dat
2016-05-20 20:36 - 2016-05-20 20:36 - 01992536 _____ C:\Users\Alen\Downloads\winrar-x64-531.exe
2016-05-20 20:36 - 2016-05-20 20:36 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-20 20:36 - 2016-05-20 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-20 20:34 - 2016-05-20 20:35 - 00011552 _____ C:\Users\Alen\Downloads\Resident Evil 4 PRO.rar
2016-05-18 17:25 - 2016-05-22 19:25 - 00000000 ____D C:\Users\Alen\AppData\Local\Roblox
2016-05-18 17:23 - 2016-05-19 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2016-05-18 17:23 - 2016-05-18 17:23 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher (2).exe
2016-05-18 17:16 - 2016-05-18 17:16 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(6).exe
2016-05-17 21:34 - 2016-05-17 21:35 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(5).exe
2016-05-17 21:13 - 2016-05-17 21:13 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(4).exe
2016-05-17 21:10 - 2016-05-17 21:10 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(3).exe
2016-05-17 19:36 - 2016-05-17 19:36 - 00002257 _____ C:\Users\Alen\Downloads\file9
2016-05-17 19:36 - 2016-05-17 19:36 - 00002257 _____ C:\Users\Alen\Downloads\file0(3)
2016-05-17 19:35 - 2016-05-17 19:36 - 00000295 _____ C:\Users\Alen\Downloads\undertale(3).ini
2016-05-16 15:32 - 2016-05-16 15:32 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(2).exe
2016-05-16 15:30 - 2016-05-16 15:30 - 00000000 _____ C:\Users\Alen\Desktop\New Text Document.txt
2016-05-16 15:25 - 2016-05-16 15:25 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher (1).exe
2016-05-16 15:18 - 2016-05-16 15:19 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher(1).exe
2016-05-16 14:06 - 2016-05-16 14:06 - 00969584 _____ (ROBLOX Corporation) C:\Users\Alen\Downloads\RobloxPlayerLauncher.exe
2016-05-16 12:57 - 2016-05-16 12:57 - 00281952 _____ C:\Windows\Minidump\051616-51885-01.dmp
2016-05-15 23:13 - 2016-05-15 23:13 - 00281952 _____ C:\Windows\Minidump\051516-44195-01.dmp
2016-05-15 20:21 - 2016-05-15 20:21 - 00000000 ____D C:\Program Files (x86)\directx
2016-05-15 20:20 - 2016-05-15 20:20 - 00001192 _____ C:\Users\Alen\Desktop\CTU Marine Sharpshooter.lnk
2016-05-15 20:20 - 2016-05-15 20:20 - 00000072 _____ C:\sn.ist
2016-05-15 20:20 - 2016-05-15 20:20 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Groove Games
2016-05-15 20:20 - 2016-05-15 20:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Groove Games
2016-05-15 20:16 - 2016-05-15 20:16 - 00000000 ____D C:\Program Files (x86)\Groove Games
2016-05-15 13:25 - 2016-05-15 13:25 - 00000000 ____H C:\Users\Alen\Documents\Default.rdp
2016-05-14 21:55 - 2016-05-14 21:55 - 22851472 _____ (Malwarebytes ) C:\Users\Alen\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-05-14 21:52 - 2016-05-14 21:34 - 22851472 _____ (Malwarebytes ) C:\Users\Alen\Desktop\mbam-setup-2.2.1.1043.exe
2016-05-14 21:06 - 2016-05-14 21:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill(2).com
2016-05-14 21:06 - 2016-05-14 21:06 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill(1).exe
2016-05-14 20:11 - 2016-05-14 20:11 - 00281952 _____ C:\Windows\Minidump\051416-69670-01.dmp
2016-05-14 10:26 - 2016-05-14 10:27 - 00281952 _____ C:\Windows\Minidump\051416-40607-01.dmp
2016-05-11 19:11 - 2016-05-11 19:11 - 00281952 _____ C:\Windows\Minidump\051116-177201-01.dmp
2016-05-10 18:49 - 2016-05-10 18:49 - 00281952 _____ C:\Windows\Minidump\051016-64334-01.dmp
2016-05-09 21:08 - 2016-03-17 18:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-09 21:08 - 2016-03-17 18:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-09 21:08 - 2016-03-17 18:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-09 21:08 - 2016-03-17 18:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-09 21:08 - 2016-03-17 18:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-09 21:08 - 2016-03-17 18:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-09 21:08 - 2016-03-17 17:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-09 21:08 - 2016-03-17 17:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-09 21:08 - 2016-03-17 17:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-09 21:08 - 2016-03-17 17:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-09 21:08 - 2016-03-17 17:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-09 21:08 - 2016-03-17 17:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-09 21:08 - 2016-03-17 17:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-09 21:08 - 2016-03-17 17:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-05-09 21:08 - 2016-03-17 17:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-09 21:08 - 2016-03-17 17:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-09 21:08 - 2016-03-17 17:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-09 21:08 - 2016-03-17 17:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-09 21:08 - 2016-03-17 17:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-09 21:08 - 2016-03-17 17:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-09 21:08 - 2016-03-17 17:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-09 21:08 - 2016-03-17 17:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-09 21:08 - 2016-03-17 17:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-09 21:08 - 2016-03-17 17:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-09 21:08 - 2016-03-17 17:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-09 21:08 - 2016-03-17 17:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-09 21:08 - 2016-03-17 17:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-09 21:08 - 2016-03-17 17:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-09 21:08 - 2016-03-17 17:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-09 21:08 - 2016-03-17 17:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-09 21:08 - 2016-03-17 17:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-09 21:08 - 2016-03-17 17:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-09 21:08 - 2016-03-17 17:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-09 21:08 - 2016-03-17 17:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-09 21:08 - 2016-03-17 17:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-09 21:08 - 2016-03-17 17:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-09 21:08 - 2016-03-17 17:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-05-09 21:08 - 2016-03-17 17:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-09 21:08 - 2016-03-17 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-09 21:08 - 2016-03-17 17:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-09 21:08 - 2016-03-17 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-09 21:08 - 2016-03-17 17:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-09 21:08 - 2016-03-17 17:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 17:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 16:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-09 21:08 - 2016-03-17 16:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-09 21:08 - 2016-03-17 16:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-09 21:08 - 2016-03-17 16:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-09 21:08 - 2016-03-17 16:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-09 21:08 - 2016-03-17 16:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-09 21:08 - 2016-03-17 16:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-09 21:08 - 2016-03-17 16:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-09 21:08 - 2016-03-17 16:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-09 21:08 - 2016-03-17 16:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-09 21:08 - 2016-03-17 16:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-09 21:08 - 2016-03-17 16:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-09 21:08 - 2016-03-17 16:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-09 21:08 - 2016-03-17 16:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-09 21:08 - 2016-03-17 16:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-09 21:08 - 2016-03-17 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-09 21:08 - 2016-03-17 16:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-09 21:08 - 2016-03-17 16:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 16:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 16:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-09 21:08 - 2016-03-17 16:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-08 17:28 - 2016-05-13 18:51 - 00000000 ____D C:\Users\Alen\AppData\Local\NexonLauncher
2016-05-08 17:27 - 2016-05-08 17:27 - 10274904 _____ C:\Users\Alen\Downloads\NexonLauncherSetup(3).exe
2016-05-08 17:27 - 2016-05-08 17:27 - 00002079 _____ C:\Users\Alen\Desktop\Nexon Launcher.lnk
2016-05-08 17:27 - 2016-05-08 17:27 - 00000000 ____D C:\Program Files (x86)\Nexon
2016-05-08 17:25 - 2016-05-08 17:25 - 10274904 _____ C:\Users\Alen\Downloads\NexonLauncherSetup(2).exe
2016-05-08 16:44 - 2016-05-08 16:44 - 00668744 _____ C:\Users\Alen\Downloads\UnityDownloadAssistant-5.3.4f1(1).exe
2016-05-06 22:02 - 2016-05-06 22:02 - 00016384 _____ C:\Users\Alen\Desktop\loadasset.dll
2016-05-06 21:59 - 2016-04-07 13:13 - 00170496 _____ C:\Users\Alen\Desktop\HaruNee.dll
2016-05-06 21:44 - 2016-04-21 18:49 - 00495616 __RSH C:\Windows\SysWOW64\backupstartup.exe
2016-05-06 21:44 - 2016-04-21 18:49 - 00495616 __RSH C:\Users\Alen\AppData\Roaming\backupstartup.exe
2016-05-06 21:43 - 2016-05-06 21:43 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Monitor
2016-05-06 21:43 - 2016-05-06 21:43 - 00000000 ____D C:\ProgramData\Client
2016-05-06 21:40 - 2014-08-28 17:09 - 00015872 _____ C:\Users\Alen\Desktop\Seven.DLL
2016-05-06 21:39 - 2016-05-22 16:52 - 00000000 _RSHD C:\ProgramData\MicrosoftWindows
2016-05-06 21:39 - 2016-05-06 21:39 - 00001589 __RSH C:\ProgramData\windowsexplorer
2016-05-06 21:39 - 2016-05-06 21:39 - 00000000 _RSHD C:\Users\Alen\AppData\Roaming\Explorer
2016-05-06 20:26 - 2016-05-06 20:26 - 00113664 ____R C:\Users\Alen\Desktop\Project Activist.dll
2016-05-06 18:25 - 2016-05-06 18:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill(1).com
2016-05-06 18:25 - 2016-05-06 18:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\iExplore(1).exe
2016-05-06 18:24 - 2016-05-06 18:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill.exe
2016-05-06 17:57 - 2016-03-15 19:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-05-06 17:57 - 2016-03-15 19:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-05-06 17:57 - 2016-03-15 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-05-06 17:57 - 2016-01-30 14:08 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-05-06 17:57 - 2016-01-20 19:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-05-05 21:40 - 2016-05-06 21:41 - 00000000 _____ C:\Users\Alen\AppData\Roaming\WindowsUpdate.exe
2016-05-05 21:40 - 2016-05-05 21:40 - 00575488 _____ C:\Users\Alen\AppData\Roaming\Windows Update.exe
2016-05-05 21:40 - 2016-05-05 21:40 - 00000043 _____ C:\Users\Alen\AppData\Roaming\pidloc.txt
2016-05-05 21:40 - 2016-05-05 21:40 - 00000004 _____ C:\Users\Alen\AppData\Roaming\pid.txt
2016-05-05 21:21 - 2016-03-11 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-05 21:21 - 2016-03-11 13:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-05 19:11 - 2016-05-05 19:11 - 00281952 _____ C:\Windows\Minidump\050516-35895-01.dmp
2016-05-05 16:40 - 2016-05-12 22:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-05 01:00 - 2016-01-08 14:20 - 01683904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-05-04 23:35 - 2016-03-29 12:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-04 20:50 - 2016-05-04 20:50 - 04734664 _____ () C:\Users\Alen\Downloads\TechnicLauncher(4).exe
2016-05-04 18:56 - 2016-05-16 12:42 - 00000000 ____D C:\Users\Alen\Desktop\Old Firefox Data
2016-05-04 18:34 - 2016-05-04 18:34 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-04 18:34 - 2016-05-04 18:34 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-04 18:34 - 2016-05-04 18:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-04 18:33 - 2016-05-04 18:33 - 00242120 _____ C:\Users\Alen\Downloads\Firefox Setup Stub 46.0.1.exe
2016-05-04 18:06 - 2016-05-04 18:06 - 00266200 _____ C:\Windows\Minidump\050416-16957-01.dmp
2016-05-03 21:52 - 2016-05-03 21:52 - 47116504 _____ (Microsoft Corporation) C:\Users\Alen\Downloads\Windows-KB890830-x64-V5.35.exe
2016-05-02 19:40 - 2016-05-02 19:40 - 09773895 _____ C:\Users\Alen\Downloads\Desert Ranger Reskin-43354-1-0.rar
2016-05-02 12:55 - 2016-05-02 12:55 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-05-02 12:55 - 2016-05-02 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-05-02 11:39 - 2016-05-02 11:39 - 00281952 _____ C:\Windows\Minidump\050216-23228-01.dmp
2016-05-01 18:03 - 2016-05-02 19:37 - 00000000 ____D C:\Users\Alen\Documents\Nexus Mod Manager
2016-05-01 18:03 - 2016-05-01 18:03 - 00000000 ____D C:\Users\Alen\AppData\Local\Black_Tree_Gaming
2016-05-01 18:02 - 2016-05-02 12:55 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-05-01 18:01 - 2016-05-01 18:01 - 06357632 _____ (Black Tree Gaming ) C:\Users\Alen\Downloads\Nexus Mod Manager-0.61.20.exe
2016-05-01 17:56 - 2016-05-01 17:56 - 00159552 _____ C:\Users\Alen\Downloads\UIO - User Interface Organizer-57174-1-31.zip
2016-05-01 17:56 - 2016-05-01 17:56 - 00047049 _____ C:\Users\Alen\Downloads\F4Quickloot 1.05b-61666-1-05b.7z
2016-05-01 17:53 - 2016-05-01 17:53 - 00693929 _____ C:\Users\Alen\Downloads\nvse_5_0_beta2.7z
2016-05-01 16:37 - 2016-05-01 16:46 - 506276620 _____ C:\Users\Alen\Downloads\Digital_Nightmare_Version_1-4-54916-1-4.rar
2016-05-01 10:10 - 2016-05-01 10:10 - 00000000 ____D C:\Users\Alen\Downloads\Digital_Nightmare_1-5-54916-1-5
2016-04-30 09:29 - 2016-04-30 09:29 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Alen\Downloads\rkill (2).com
2016-04-30 09:14 - 2016-04-30 09:14 - 22851472 _____ (Malwarebytes ) C:\Users\Alen\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-30 09:10 - 2016-04-30 09:10 - 46436440 _____ C:\Users\Alen\Downloads\Firefox Setup 46.0.exe
2016-04-30 09:09 - 2016-04-30 09:09 - 00000000 ____D C:\ProgramData\SUPERSetup
2016-04-30 09:08 - 2016-04-30 09:09 - 25693144 _____ (SUPERAntiSpyware) C:\Users\Alen\Downloads\SAS_773932.EXE
2016-04-29 18:07 - 2016-04-29 18:14 - 190322846 _____ C:\Users\Alen\Downloads\SCP - Containment Breach v1.2.3.zip
2016-04-29 17:32 - 2016-04-29 17:32 - 00281952 _____ C:\Windows\Minidump\042916-107001-01.dmp
2016-04-29 17:28 - 2016-04-29 17:28 - 00013424 _____ C:\Users\Alen\Downloads\Grand.Theft.Auto.Vice.City - RELOADED.torrent
2016-04-28 21:33 - 2016-04-28 21:33 - 00000000 ____D C:\Windows\pss
2016-04-28 21:09 - 2016-04-28 21:09 - 00035824 _____ (Curio Laboratories) C:\Users\Alen\Downloads\RemoveOnRebootSetup.exe
2016-04-28 19:23 - 2016-04-28 20:25 - 00000000 ____D C:\Users\Alen\Desktop\CSS_Content_Addon-Jan2015
2016-04-27 12:21 - 2016-04-27 12:21 - 00281952 _____ C:\Windows\Minidump\042716-40279-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-27 20:23 - 2014-05-28 15:08 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Skype
2016-05-27 20:13 - 2014-05-23 13:38 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-27 14:31 - 2009-07-13 23:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 14:31 - 2009-07-13 23:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-26 21:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-26 17:05 - 2016-03-15 18:54 - 00917148 _____ C:\Users\Alen\Downloads\Extreme Injector v3.6.1 - by master131_mpgh.net.rar
2016-05-22 15:56 - 2016-03-13 20:49 - 00525282 _____ C:\Windows\ntbtlog.txt
2016-05-22 14:32 - 2009-07-13 21:34 - 00000532 _____ C:\Windows\win.ini
2016-05-20 20:44 - 2015-10-15 21:20 - 3355842377 _____ C:\Users\Alen\Downloads\Resident Evil 4 With Many Skin Mods.zip
2016-05-20 20:40 - 2016-04-17 16:05 - 00000677 _____ C:\Users\Alen\Desktop\Resident Evil 4 With Many Skin Mods.zip.lnk
2016-05-20 20:36 - 2014-06-03 17:00 - 00000000 ____D C:\Program Files\WinRAR
2016-05-17 19:52 - 2016-03-02 22:14 - 00000000 ____D C:\Users\Alen\AppData\Local\UNDERTALE
2016-05-17 19:35 - 2015-05-02 12:33 - 00000000 ____D C:\Users\Alen\AppData\Roaming\vlc
2016-05-16 12:57 - 2016-04-23 22:56 - 620137393 _____ C:\Windows\MEMORY.DMP
2016-05-16 12:57 - 2014-06-12 00:06 - 00000000 ____D C:\Windows\Minidump
2016-05-15 20:24 - 2015-07-10 19:32 - 00000000 ____D C:\Users\Alen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-05-14 21:44 - 2009-07-14 00:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-14 21:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-05-14 20:38 - 2014-04-10 03:00 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-12 22:17 - 2014-04-11 15:58 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-12 22:17 - 2014-04-11 15:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-12 22:14 - 2015-03-09 11:11 - 00000000 ____D C:\Users\Alen\AppData\Local\Adobe
2016-05-09 14:16 - 2014-05-27 15:24 - 00000000 ____D C:\Users\Alen\AppData\Roaming\uTorrent
2016-05-08 17:49 - 2014-04-13 19:50 - 00000000 ____D C:\Users\Alen\AppData\Local\Unity
2016-05-08 17:28 - 2016-02-15 15:01 - 00000000 ____D C:\Users\Alen\AppData\Roaming\NexonLauncher
2016-05-06 20:26 - 2016-03-15 18:54 - 00000785 _____ C:\Users\Alen\Desktop\Extreme Injector v3.6.1 - by master131_mpgh.net.rar.lnk
2016-05-05 19:51 - 2015-12-23 12:37 - 00000000 ____D C:\Users\Alen\AppData\Roaming\.minecraft
2016-05-05 19:14 - 2015-12-11 17:06 - 00001130 _____ C:\Users\Alen\Desktop\nativelog.txt
2016-05-05 01:19 - 2009-07-13 23:45 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-04 18:34 - 2015-03-21 20:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-04 18:31 - 2015-04-22 23:14 - 00000000 ____D C:\Users\Alen\AppData\Roaming\3909
2016-05-04 18:31 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-04 09:41 - 2016-04-17 13:11 - 00000000 __SHD C:\Windows\SysWOW64\Application Services
2016-05-03 21:56 - 2016-04-17 13:11 - 00336600 _____ C:\Users\Alen\AppData\Roaming\msconfig.ini
2016-05-01 18:05 - 2015-07-15 13:03 - 00000000 ____D C:\Users\Alen\AppData\Local\FalloutNV
2016-05-01 18:05 - 2014-06-25 22:04 - 00000000 ____D C:\Games
2016-05-01 11:09 - 2016-04-16 08:39 - 00000000 ____D C:\Users\Alen\Documents\Visual Studio 2015
2016-05-01 09:55 - 2016-04-17 20:06 - 00000000 ____D C:\Users\Alen\Documents\FOMM
2016-04-29 22:29 - 2016-04-16 10:49 - 00000000 ____D C:\Program Files\Vice City
2016-04-29 20:52 - 2016-04-16 10:49 - 00000807 _____ C:\Users\Alen\Desktop\Vice City.lnk
2016-04-28 21:18 - 2014-06-23 03:29 - 00000000 ____D C:\Users\Alen\AppData\Roaming\GameTracker

==================== Files in the root of some directories =======

2015-08-10 08:29 - 2015-08-10 08:29 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-08-01 08:40 - 2015-08-01 10:47 - 0000020 _____ () C:\Users\Alen\AppData\Roaming\appdataFr2.bin
2015-07-13 18:00 - 2015-11-12 09:14 - 0000024 _____ () C:\Users\Alen\AppData\Roaming\appdataFr25.bin
2013-06-26 04:45 - 2013-06-26 04:45 - 0471241 _____ () C:\Users\Alen\AppData\Roaming\BackUp4206670336.exe
2016-05-06 21:44 - 2016-04-21 18:49 - 0495616 __RSH () C:\Users\Alen\AppData\Roaming\backupstartup.exe
2015-10-15 17:50 - 2015-10-15 17:50 - 0005120 _____ () C:\Users\Alen\AppData\Roaming\bixmfmf.exe
2015-11-02 18:06 - 2015-11-02 18:06 - 0381952 _____ (Microsoft Corporation) C:\Users\Alen\AppData\Roaming\dubojedu.exe
2016-04-17 13:11 - 2016-05-03 21:56 - 0336600 _____ () C:\Users\Alen\AppData\Roaming\msconfig.ini
2015-11-06 18:12 - 2015-11-06 18:12 - 0401408 _____ (Microsoft Corporation) C:\Users\Alen\AppData\Roaming\nkvqly.exe
2016-05-05 21:40 - 2016-05-05 21:40 - 0000004 _____ () C:\Users\Alen\AppData\Roaming\pid.txt
2016-05-05 21:40 - 2016-05-05 21:40 - 0000043 _____ () C:\Users\Alen\AppData\Roaming\pidloc.txt
2014-04-10 01:25 - 2015-07-15 12:32 - 0000363 _____ () C:\Users\Alen\AppData\Roaming\RecentPlaces.lnk
2015-12-15 23:48 - 2015-12-15 23:48 - 0086017 _____ () C:\Users\Alen\AppData\Roaming\tixahs.exe
2015-10-26 17:36 - 2015-10-26 17:36 - 0005120 _____ () C:\Users\Alen\AppData\Roaming\vaxizebw.exe
2014-05-21 17:01 - 2015-07-17 12:01 - 0000209 _____ () C:\Users\Alen\AppData\Roaming\WB.CFG
2016-05-05 21:40 - 2016-05-05 21:40 - 0575488 _____ () C:\Users\Alen\AppData\Roaming\Windows Update.exe
2016-05-05 21:40 - 2016-05-06 21:41 - 0000000 _____ () C:\Users\Alen\AppData\Roaming\WindowsUpdate.exe
2014-07-14 16:10 - 2014-08-03 22:08 - 0307200 _____ () C:\Users\Alen\AppData\Local\ChromeHitoryDB
2014-07-15 21:26 - 2014-07-15 21:26 - 0410624 _____ () C:\Users\Alen\AppData\Local\CompTmp.exe
2014-07-23 03:53 - 2014-07-23 03:53 - 0591112 _____ (ClickMeIn Limited) C:\Users\Alen\AppData\Local\nsbC0F1.tmp
2015-11-01 22:37 - 2015-11-01 22:37 - 0007602 _____ () C:\Users\Alen\AppData\Local\Resmon.ResmonCfg
2015-05-07 07:53 - 2015-05-07 08:06 - 0000804 _____ () C:\Users\Alen\AppData\Local\Temp-log.txt
2015-11-02 12:44 - 2015-11-02 12:44 - 0005120 _____ () C:\ProgramData\99A20262.EX
2015-11-02 12:45 - 2015-11-02 12:45 - 0004096 _____ () C:\ProgramData\perfmon.exe
2015-12-16 12:11 - 2015-12-16 12:11 - 0007680 _____ () C:\ProgramData\scheduler.exe
2015-10-15 17:54 - 2015-10-15 17:54 - 0005120 _____ () C:\ProgramData\taskhost.exe
2016-05-06 21:39 - 2016-05-06 21:39 - 0001589 __RSH () C:\ProgramData\windowsexplorer
2015-12-15 23:49 - 2015-12-15 23:49 - 0004096 _____ () C:\ProgramData\winhlp_86.exe

Files to move or delete:
====================
C:\Users\Alen\AppData\Roaming\msconfig.ini
C:\ProgramData\perfmon.exe
C:\ProgramData\scheduler.exe
C:\ProgramData\taskhost.exe
C:\ProgramData\winhlp_86.exe


Some files in TEMP:
====================
C:\Users\Alen\AppData\Local\Temp\cres.dll
C:\Users\Alen\AppData\Local\Temp\cshell.dll
C:\Users\Alen\AppData\Local\Temp\sres.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-18 00:37

==================== End of FRST.txt ============================



#4 AlenNez

AlenNez
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 29 May 2016 - 03:29 PM

I have also deleted the pirated files that i suspect to be causing the problem, including uTorrent and some other malicious .dll files.



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 31 May 2016 - 06:49 AM

Okay, here is the start. I think i had cut that part out because I thought it was unnecessary.


In the future, please copy/paste the whole log as it is, since all the information it contains is necessary for us during the clean-up :)

Now, I would like you to upload some of these files to VirusTotal, and post their results URL here so we can have a better idea of what we're dealing with. Follow the instructions below please.

5KB3EXa.pngFollow the instructions below and upload 5 of these files (of your choosing, one at the time) on VirusTotal
C:\Users\Alen\AppData\Roaming\backupstartup.exe
C:\Windows\SysWOW64\backupstartup.exe
C:\ProgramData\windowsexplorer
C:\Users\Alen\AppData\Roaming\WindowsUpdate.exe
C:\Users\Alen\AppData\Roaming\Windows Update.exe
C:\Users\Alen\AppData\Roaming\BackUp4206670336.exe
C:\Users\Alen\AppData\Roaming\bixmfmf.exe
C:\Users\Alen\AppData\Roaming\dubojedu.exe
C:\Users\Alen\AppData\Roaming\nkvqly.exe
C:\ProgramData\perfmon.exe
C:\ProgramData\scheduler.exe
C:\ProgramData\taskhost.exe
c:\programdata\{f3a2ffbd-bfd6-9977-f3a2-2ffbdbfdfef6}\2631574608991324226e.exe
c:\programdata\{08684146-22b9-eb84-0868-8414622b0518}\7048147182222038118b.exe
c:\programdata\{d619c80b-327b-b7ab-d619-9c80b327202c}\3623792269822682742b.exe
c:\programdata\{c2b41ea4-cb47-d473-c2b4-41ea4cb47a93}\4587728555550119486b.exe
C:\Program Files (x86)\Smwyyntm1ndi1zdz\nmjhmzr2nhnmbdv.exe
  • Open your favorite web browser, and go on virustotal.com;
  • From there, click on the Select a file button and wait for the Windows Explorer to open;
  • Browse to the file you want to upload, then click on Open;
  • Once it's done, click on the Analyze button;
  • If you get a message that the file was already analyzed, click on the Re-analyze button;
  • At the end of the analysis, copy and paste the VirusTotal report URL in your next reply (I need the report URL of every file you uploaded);
IMPORTANT NOTE: One or more of the identified infections is a backdoor Trojan.

Backdoor Trojans, Botnets, and IRCBots are very dangerous because they compromise system integrity by making changes that allow it to be used by the attacker for malicious purposes. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is then sent back to the hacker. Read Danger: Remote Access Trojans.

You should disconnect the computer from the Internet and from any networked computers until it is cleaned. If your computer was used for online banking, paying bills, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for taxes, email, eBay, paypal and any other online activities. You should consider them to be compromised and change passwords from a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach. Failure to notify your financial institution and local law enforcement can result in refusal to reimburse funds lost due to fraud or similar criminal activity. If using a router, you need to reset it with a strong logon/password before connecting again.

Although the infection has been identified and may be removed, your machine has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be successfully cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:

  • Reimaging the system
  • Restoring the entire system using a full system backup from before the backdoor infection
  • Reformatting and reinstalling the system
Backdoors and What They Mean to You

This is what Jesper M. Johansson, Security Program Manager at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. Thats right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


Please let me know what you want to do: continue with the clean-up (even though there's no guarantee that we'll be able to remove the backdoor at 100%), or format and reinstall Windows. In both cases, I shall assist you.

Your next reply(ies) should contain:
  • 5 VirusTotal URLs to the 5 files you chose to upload;
  • If you want to continue with the clean-up, or format and reinstall Windows;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 AlenNez

AlenNez
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 02 June 2016 - 05:03 PM

This was a very difficult choice to make, but I wish to attempt the reinstallation//reformatting of Windows. I was very confused on the VirusTotal option, and I figured that redoing windows would clean the whole system and let me do the things I love again.

Will this require a reinstallation disk? I ask because I do not currently have one, and as I can see here, my System Restore points have been deleted, probably due to the malware infecting me.

EDIT: The items you have told me to remove (i.e the files like uTorrent) have been removed from my system, so I can unfortunately not bring them back as that is an extremely complicated process (for me, at least.)

I still will not assume my system is clean, so as before I shall continue with the reinstallation.


Edited by AlenNez, 02 June 2016 - 05:05 PM.


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 03 June 2016 - 05:22 AM

I was very confused on the VirusTotal option, and I figured that redoing windows would clean the whole system and let me do the things I love again.


Don't worry. Instead, we'll use FRST to collect these files and put them in a .zip file on your desktop called Upload.zip.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    Zip: C:\Users\Alen\AppData\Roaming\backupstartup.exe;C:\ProgramData\windowsexplorer;C:\Users\Alen\AppData\Roaming\WindowsUpdate.exe;C:\Users\Alen\AppData\Roaming\Windows Update.exe;C:\Users\Alen\AppData\Roaming\BackUp4206670336.exe;C:\Users\Alen\AppData\Roaming\bixmfmf.exe;C:\Users\Alen\AppData\Roaming\dubojedu.exe;C:\Users\Alen\AppData\Roaming\nkvqly.exe;C:\ProgramData\perfmon.exe;C:\ProgramData\scheduler.exe;C:\ProgramData\taskhost.exe;c:\programdata\{f3a2ffbd-bfd6-9977-f3a2-2ffbdbfdfef6}\2631574608991324226e.exe;c:\programdata\{08684146-22b9-eb84-0868-8414622b0518}\7048147182222038118b.exe;c:\programdata\{d619c80b-327b-b7ab-d619-9c80b327202c}\3623792269822682742b.exe;c:\programdata\{c2b41ea4-cb47-d473-c2b4-41ea4cb47a93}\4587728555550119486b.exe;C:\Program Files (x86)\Smwyyntm1ndi1zdz\nmjhmzr2nhnmbdv.exe
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
After that, you can upload the Upload.zip file on your desktop on BleepingComputer, using the link below.

http://www.bleepingcomputer.com/submit-malware.php?channel=105

If it tells you that the file is too big to be uploaded, please upload it on SendSpace instead, and post the download URL for it here.

https://www.sendspace.com/
 

Will this require a reinstallation disk? I ask because I do not currently have one, and as I can see here, my System Restore points have been deleted, probably due to the malware infecting me.


To reinstall Windows, you need an installation media, yes. If you have a retail product key, you can enter it on the Microsoft Software Recovery Center to download an .iso for your version of Windows, and either create a bootable USB with it, or burn it to a CD/DVD. You can use ProduKey to find your Windows product key.

ProduKey: http://www.nirsoft.net/utils/product_cd_key_viewer.html
Microsoft Software Recovery Center: https://www.microsoft.com/en-us/software-download/windows7

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 07 June 2016 - 05:27 AM

Hi Alen,

Are you still with me? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:58 PM

Posted 09 June 2016 - 07:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:58 PM

Posted 30 June 2016 - 03:33 PM

This topic has been re-opened at the request of the person who originally posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 AlenNez

AlenNez
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 30 June 2016 - 04:29 PM

Thank you.

Aura, I have tried the FRST log alternative as well but it  does not work. I have followed the instructions being to create a new text document on the desktop, put the aforementioned computer logs and have it scanned with the fix button and having it named fixlist.txt.

EDIT: I may have a period span of which I may not reply for a few days. This is due to family issues. I simply need time to reply.


Edited by AlenNez, 30 June 2016 - 04:32 PM.


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 01 July 2016 - 07:15 AM

Hi again Alen :)

Just to confirm, are you trying to follow the instructions in this post?

http://www.bleepingcomputer.com/forums/t/615591/all-anti-viruses-will-not-download/#entry4013965

When you say it doesn't work, what doesn't work exactly? I understand that you're creating the fixlist.txt file on your Desktop (where the FRST executable is), copy/pasting the content I gave you in it, saved it and then you run FRST and click on the Fix button. Once done, two new files should appear on your desktop: fixlog.txt and Upload.zip. If that's not the case, where in the process are you encountering an issue exactly?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 AlenNez

AlenNez
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 03 July 2016 - 04:45 AM

I dragged the FRST64 folder to the desktop and I did fix. It finally worked. After the process though, it said "file not read or no permission". How would I fix this?



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:58 AM

Posted 03 July 2016 - 02:47 PM

What FRST64 folder are you talking about? There's only FRST64.exe, which is the executable file that launches FRST, and fixlist.txt, which is the text document I asked you to create and copy/paste the content indicated above.

Since you clicked on "Fix", you should have two new files on your desktop: fixlog.txt, and Upload.zip, can you confirm that these files are indeed present?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 AlenNez

AlenNez
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 04 July 2016 - 12:53 AM

Found it, submitted it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users