Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Untrusted certificate" Pop-uP; "Internet Widgits Pty Ltd" inside.


  • This topic is locked This topic is locked
7 replies to this topic

#1 Radgost

Radgost

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 29 August 2016 - 08:10 PM

So i went on a trip during the weekend and left my PC unattended in the hands of my family. Nasty surprise when i got back; explorer.exe wasn't working during start up, i figured they installed some virus so i proceed to remove most of the infections i've found and also to fix the Registry files affecting the explorer.exe malfunction. After several hours of passing a couple of malware removal tools and stuff i think i got most of the infection cleaned but im getting this message:

 

1yGg9S7.png

 

 

Sorry for the spanish OS but basically when i open League of Legends a system pop-up says that there is an untrusted certificate running and if i want to proceed or not, after looking into the info provided i googled "Internet Widgits Pty Ltd" and found that is related to a Dyre Banking Malware. I got into work and tried to find the Origin of the problem but no success so far. Im posting here hoping to get a bit of a more skilled person to help me. Thanks in advance.



BC AdBot (Login to Remove)

 


#2 Radgost

Radgost
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 30 August 2016 - 10:48 AM

No luck so far using SuperAntiSpyware, i can't find anything but i still get the same pop-up.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:31 PM

Posted 03 September 2016 - 06:10 PM

Greetings Radgost and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Right click the icon and rename it Englishfrst(64).exe
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:31 PM

Posted 06 September 2016 - 08:29 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Radgost

Radgost
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 06 September 2016 - 02:02 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Jonathan (administrator) on RADGOST-PC (06-09-2016 15:53:18)
Running from C:\Users\Jonathan\Desktop
Loaded Profiles: Jonathan (Available Profiles: Jonathan)
Platform: Windows 8.1 Pro (Update) (X64) Language: Inglés (Estados Unidos)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Trend Corp.) C:\Users\Jonathan\AppData\Roaming\setup1\TSvr.exe
() C:\Program Files (x86)\WinSaber\WinSaber.exe
() C:\Program Files (x86)\qksee\qkseeSvc.exe
(ExWzp Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLL.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHLL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Jonathan\Desktop\Englishfrst(64).exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [12935168 2012-08-27] (C-Media Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2013-09-05] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-06-07] (Power Software Ltd)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-07-20] (LogMeIn Inc.)
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Run: [Spotify Web Helper] => C:\Users\Jonathan\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-19] (Spotify Ltd)
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-30] (SUPERAntiSpyware)
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Run: [Epson Stylus TX230] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLL.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Run: [Epson Stylus TX230(Red)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLL.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLL.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLL.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\MountPoints2: D - "D:\setup.exe" 
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\MountPoints2: E - "E:\setup.exe" 
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\MountPoints2: F - "F:\setup.exe" 
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\MountPoints2: {29807652-b2ec-11e4-8262-bcaec5714585} - "F:\Setup.exe" 
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\MountPoints2: {529b0b6c-dae3-11e4-8296-bcaec5714585} - "D:\LGAutoRun.exe" 
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\MountPoints2: {56b63278-6cb0-11e6-8418-806e6f6e6963} - "D:\SETUP.EXE" 
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\MountPoints2: {84efa32d-0a34-11e6-83a4-bcaec5714585} - "F:\iStudio.exe" 
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Winlogon: [Shell] c:\windows\EXPLORER.EXE [2757616 2016-02-08] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 200.49.130.44 200.42.4.198
Tcpip\..\Interfaces\{4CFB7D0F-3FCA-4462-B7A0-53DE50F672F3}: [DhcpNameServer] 200.49.130.44 200.42.4.198
Tcpip\..\Interfaces\{AF7DDADF-DEC3-4F19-BDB1-B56751D4A456}: [NameServer] 188.120.239.115,8.8.8.8
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2016-05-11] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-03-10] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-03] (Oracle Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Jonathan\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\Jonathan\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1783979284-4136890468-1634349905-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
 
Chrome: 
=======
CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (uBlock) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-02-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-09-05]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Transcribe: transcribe audio/interviews fast!) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm [2016-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1860616 2016-04-12] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [243984 2016-03-06] (EasyAntiCheat Ltd)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-03-02] (Macrovision Europe Ltd.) [File not signed]
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2554376 2016-07-20] (LogMeIn Inc.)
R2 IhPul; C:\Users\Jonathan\AppData\Roaming\setup1\TSvr.exe [205520 2016-09-05] (Trend Corp.)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-07-20] (LogMeIn, Inc.)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S4 NmdReportsnqg.exe; C:\Program Files (x86)\Clsuyvertoph\NmdReportsnqg.exe [370776 2016-08-26] ()
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-31] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2016-03-25] ()
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [749848 2016-09-05] ()
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [743616 2015-12-01] (@ByELDI) [File not signed]
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 winsaber; C:\Program Files (x86)\WinSaber\WinSaber.exe [536312 2016-09-04] ()
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [1290864 2016-09-06] (ExWzp Pvt Ltd.) <==== ATTENTION
S2 Mobizen plugin; C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe [X]
S4 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-02-26] (Advanced Micro Devices, Inc.)
S3 ampa; C:\Windows\system32\ampa.sys [19568 2015-11-10] () [File not signed]
S3 ampa; C:\Windows\SysWOW64\ampa.sys [19568 2015-11-10] () [File not signed]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [102400 2016-02-26] (Advanced Micro Devices)
R3 cmuda3; C:\Windows\system32\drivers\cmudax3.sys [3848192 2012-09-04] (C-Media Inc)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-07-20] (LogMeIn Inc.)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [163644 2016-03-25] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-10-13] (DEVGURU Co., LTD.(www.devguru.co.kr))
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-08-30] (Seiko Epson Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2015-09-16] (BigNox Corporation)
S2 AODDriver4.3; \??\C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 cpuz138; \??\C:\Users\Jonathan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [X]
S1 MpKsl416f5a76; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D797D390-2AAA-417F-80E2-71666A5C8F49}\MpKsl416f5a76.sys [X]
S1 MpKslacd76069; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D797D390-2AAA-417F-80E2-71666A5C8F49}\MpKslacd76069.sys [X]
S1 MpKslaf540f0c; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D797D390-2AAA-417F-80E2-71666A5C8F49}\MpKslaf540f0c.sys [X]
S1 UCGuard; system32\DRIVERS\ucguard.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-06 15:53 - 2016-09-06 15:53 - 00017712 _____ C:\Users\Jonathan\Desktop\FRST.txt
2016-09-06 15:49 - 2016-09-06 15:53 - 00000000 ____D C:\FRST
2016-09-06 15:47 - 2016-09-06 15:47 - 02397696 _____ (Farbar) C:\Users\Jonathan\Desktop\Englishfrst(64).exe
2016-09-06 04:13 - 2016-09-06 04:13 - 00003446 _____ C:\Windows\System32\Tasks\ChelfNotify Task
2016-09-06 04:13 - 2016-09-06 04:13 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\setup1
2016-09-06 04:13 - 2016-09-06 04:13 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\qksee
2016-09-06 04:13 - 2016-09-06 04:13 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\eCyber
2016-09-06 04:13 - 2016-09-06 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-09-06 04:13 - 2016-09-06 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
2016-09-06 04:13 - 2016-09-06 04:13 - 00000000 ____D C:\ProgramData\ChelfNotify
2016-09-06 04:13 - 2016-09-06 04:13 - 00000000 ____D C:\Program Files (x86)\8ipgr1sm
2016-09-06 03:37 - 2007-09-07 17:33 - 00135168 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBAPI.dll
2016-09-06 03:37 - 2007-03-28 18:26 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBUtil.dll
2016-09-06 03:37 - 2006-12-19 18:31 - 00110592 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBDSCVR.dll
2016-09-06 03:37 - 2006-12-19 18:20 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EBAPI.dll
2016-09-06 03:37 - 2003-12-17 01:01 - 00055808 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBSDKIF.dll
2016-09-06 03:36 - 2016-09-06 03:36 - 00000000 ____D C:\Program Files\EpsonNet
2016-09-06 03:36 - 2010-09-13 15:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll
2016-09-06 03:36 - 2010-09-13 15:01 - 00538112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll
2016-09-06 03:36 - 2010-09-13 15:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll
2016-09-06 03:36 - 2010-09-13 15:00 - 00558592 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll
2016-09-06 03:36 - 2008-05-14 19:22 - 00252416 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll
2016-09-06 03:36 - 2008-05-14 19:22 - 00252416 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll
2016-09-06 03:35 - 2008-11-11 13:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\SETC317.tmp
2016-09-06 03:35 - 2008-11-11 13:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\SET2B3.tmp
2016-09-06 03:27 - 2016-09-06 03:32 - 102811936 _____ C:\Users\Jonathan\Desktop\TX235W_Lite_Installer_Win_3.0APS_GM.exe
2016-09-06 03:23 - 2013-08-30 05:26 - 00063096 _____ (Seiko Epson Corporation) C:\Windows\system32\Drivers\TMUSB64.sys
2016-09-06 03:22 - 2016-09-06 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpsonNet
2016-09-06 03:22 - 2016-09-06 03:22 - 00000000 ____D C:\Program Files (x86)\EpsonNet
2016-09-06 03:21 - 2016-09-06 03:21 - 16825945 _____ C:\Users\Jonathan\Desktop\ENC_v440APS.zip
2016-09-01 18:33 - 2016-09-01 18:35 - 00001028 _____ C:\Users\Jonathan\Desktop\PING TEST.lnk
2016-09-01 18:24 - 2016-09-05 01:06 - 00000040 _____ C:\Windows\system32\null
2016-09-01 18:14 - 2016-09-01 18:25 - 00000191 ____R C:\ping.bat
2016-09-01 12:42 - 2016-09-01 12:42 - 00000000 ____D C:\Users\Jonathan\Documents\KoeiTecmo
2016-09-01 12:31 - 2016-09-01 12:31 - 00000861 _____ C:\Users\Jonathan\Desktop\Attack on Titan Wings of Freedom.lnk
2016-09-01 12:31 - 2016-09-01 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attack on Titan Wings of Freedom
2016-09-01 10:14 - 2016-09-01 10:14 - 00201277 ____T C:\Users\Jonathan\Documents\tejido.oxps
2016-08-31 14:05 - 2016-08-31 14:05 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\ATI
2016-08-31 14:05 - 2016-08-31 14:05 - 00000000 ____D C:\Users\Jonathan\AppData\Local\ATI
2016-08-31 14:05 - 2016-08-31 14:05 - 00000000 ____D C:\ProgramData\ATI
2016-08-31 14:04 - 2016-08-31 14:52 - 00000000 ____D C:\Users\Jonathan\AppData\Local\CrashDumps
2016-08-31 14:01 - 2016-08-31 14:01 - 00000000 ____D C:\Users\Jonathan\AppData\Local\AMD
2016-08-31 14:01 - 2016-08-31 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-08-31 14:01 - 2016-08-31 14:01 - 00000000 _____ C:\Windows\ativpsrm.bin
2016-08-31 13:57 - 2016-09-05 15:18 - 00000000 ____D C:\Program Files\AMD
2016-08-31 13:57 - 2016-08-31 13:57 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-08-31 13:27 - 2016-08-31 13:28 - 00004238 _____ C:\Windows\System32\Tasks\AMD Updater
2016-08-31 13:15 - 2016-08-31 14:51 - 00000000 ____D C:\Users\Jonathan\Documents\Battlefield 1 Open Beta
2016-08-31 13:13 - 2016-08-31 13:13 - 00001260 _____ C:\Users\Public\Desktop\Battlefield 1 Open Beta.lnk
2016-08-31 13:13 - 2016-08-31 13:13 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2016-08-31 13:13 - 2016-08-31 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 1 Open Beta
2016-08-30 00:01 - 2016-08-31 13:57 - 00000000 ____D C:\Windows\LastGood
2016-08-29 23:50 - 2012-09-04 15:30 - 03848192 _____ (C-Media Inc) C:\Windows\system32\Drivers\cmudax3.sys
2016-08-29 20:58 - 2016-09-06 04:58 - 00000538 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4d24c97f-33d4-477c-a7a4-4d2b711cbd4c.job
2016-08-29 20:58 - 2016-09-05 02:00 - 00000538 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task db2dacf0-c823-4099-a8ff-28d69074bd87.job
2016-08-29 20:58 - 2016-08-30 15:32 - 00001864 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2016-08-29 20:58 - 2016-08-29 20:58 - 00003602 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task db2dacf0-c823-4099-a8ff-28d69074bd87
2016-08-29 20:58 - 2016-08-29 20:58 - 00003520 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 4d24c97f-33d4-477c-a7a4-4d2b711cbd4c
2016-08-29 20:58 - 2016-08-29 20:58 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\SUPERAntiSpyware.com
2016-08-29 20:58 - 2016-08-29 20:58 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-08-29 20:58 - 2016-08-29 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-08-27 22:52 - 2016-08-27 22:52 - 00001908 _____ C:\Windows\diagwrn.xml
2016-08-27 22:52 - 2016-08-27 22:52 - 00001908 _____ C:\Windows\diagerr.xml
2016-08-27 22:52 - 2016-08-27 22:52 - 00000000 ___HD C:\$WINDOWS.~BT
2016-08-27 22:14 - 2016-09-06 15:44 - 00003032 _____ C:\Windows\System32\Tasks\MSIAfterburner
2016-08-27 21:16 - 2016-08-27 21:16 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-08-27 20:39 - 2016-08-27 22:27 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2016-08-27 20:39 - 2016-08-27 22:09 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-08-27 20:39 - 2016-08-27 20:39 - 00001102 _____ C:\Users\Jonathan\Desktop\MSI Afterburner.lnk
2016-08-27 20:39 - 2016-08-27 20:39 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2016-08-27 20:39 - 2016-08-27 20:39 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2016-08-27 20:15 - 2016-08-27 20:15 - 00000000 ____D C:\NVIDIA
2016-08-27 20:11 - 2016-08-27 20:08 - 00189112 _____ (Power Admin LLC) C:\Windows\PAExec.exe
2016-08-27 20:07 - 2016-08-27 20:08 - 00000000 ____D C:\Users\Jonathan\Desktop\DDU
2016-08-27 13:28 - 2016-08-27 21:13 - 00649010 _____ C:\Windows\ntbtlog.txt
2016-08-27 03:26 - 2016-02-05 07:11 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Windows\procexp.exe
2016-08-27 03:26 - 2016-02-05 07:03 - 00072154 _____ C:\Windows\procexp.chm
2016-08-27 03:26 - 2015-10-27 07:32 - 00007490 _____ C:\Windows\Eula.txt
2016-08-26 10:15 - 2016-08-27 15:50 - 00000484 _____ C:\Windows\Tasks\UCBrowserUpdater.job
2016-08-26 10:15 - 2016-08-27 15:37 - 00003442 _____ C:\Windows\System32\Tasks\UCBrowserUpdater
2016-08-26 10:15 - 2016-08-26 10:15 - 00000000 ____D C:\Users\Jonathan\AppData\Local\UCBrowser
2016-08-26 10:15 - 2016-08-26 10:13 - 00000364 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-08-26 10:13 - 2016-09-06 04:13 - 00000000 ____D C:\Program Files (x86)\Clsuyvertoph
2016-08-26 10:13 - 2016-08-26 10:13 - 00008962 _____ C:\Windows\System32\Tasks\Namudomvinerght Reports
2016-08-26 10:13 - 2016-08-26 10:13 - 00000000 ___HD C:\Program Files (x86)\r132DBD
2016-08-26 10:13 - 2016-08-26 10:13 - 00000000 ____D C:\Users\Jonathan\AppData\Local\hidughtarijugecoerjoch
2016-08-26 10:13 - 2016-08-26 10:13 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-26 10:13 - 2016-08-26 10:13 - 00000000 ____D C:\Program Files (x86)\sbqh
2016-08-26 10:12 - 2016-08-26 10:15 - 00000000 ____D C:\Windows\system32\SSL
2016-08-25 23:12 - 2016-08-25 23:12 - 00000000 ____D C:\Users\Jonathan\AppData\Local\GlimpseGame
2016-08-25 23:08 - 2016-08-25 23:08 - 00000000 ____D C:\Users\Jonathan\AppData\Local\SKIDROW
2016-08-25 21:34 - 2016-08-25 21:34 - 00000927 _____ C:\Users\Jonathan\Desktop\State of Decay YOSE - Day One Edition.lnk
2016-08-25 21:34 - 2016-08-25 21:34 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\State of Decay YOSE - Day One Edition
2016-08-24 17:00 - 2016-08-24 17:03 - 00000000 ____D C:\Users\Jonathan\Documents\Mount&Blade With Fire and Sword
2016-08-24 17:00 - 2016-08-24 17:00 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Mount&Blade With Fire and Sword
2016-08-24 16:59 - 2016-08-24 16:59 - 00000000 ____D C:\Users\Jonathan\Documents\Mount&Blade Savegames
2016-08-23 15:35 - 2016-08-23 17:28 - 00000000 ____D C:\Users\Jonathan\Documents\Mount&Blade Warband Savegames
2016-08-23 15:33 - 2016-08-23 15:35 - 00000000 ____D C:\Users\Jonathan\Documents\Mount&Blade Warband
2016-08-23 15:33 - 2016-08-23 15:34 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Mount&Blade Warband
2016-08-23 15:32 - 2016-08-23 15:32 - 00001890 _____ C:\Users\Public\Desktop\Mount and Blade - With Fire and Sword.lnk
2016-08-23 15:32 - 2016-08-23 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount and Blade - With Fire and Sword [GOG.com]
2016-08-23 15:24 - 2016-08-23 15:24 - 00001799 _____ C:\Users\Public\Desktop\Mount and Blade - Warband.lnk
2016-08-23 15:24 - 2016-08-23 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount and Blade - Warband [GOG.com]
2016-08-23 15:22 - 2016-08-24 16:59 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Mount&Blade
2016-08-23 14:22 - 2016-08-23 14:22 - 00001714 _____ C:\Users\Public\Desktop\Mount and Blade.lnk
2016-08-23 14:22 - 2016-08-23 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount and Blade [GOG.com]
2016-08-21 15:26 - 2016-08-21 15:26 - 00000000 ____D C:\dev
2016-08-21 15:07 - 2016-08-25 19:16 - 00002142 _____ C:\Users\Public\Desktop\We Happy Few.lnk
2016-08-21 15:07 - 2016-08-25 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\We Happy Few [GOG.com]
2016-08-19 08:33 - 2016-08-19 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-08-18 14:07 - 2016-08-18 14:07 - 00000000 ____D C:\Users\Jonathan\Documents\Command and Conquer Generals Zero Hour Data
2016-08-18 14:05 - 2016-08-18 14:05 - 00000000 ____D C:\Users\Jonathan\Documents\Command and Conquer Generals Data
2016-08-10 08:24 - 2016-06-18 17:06 - 00590688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-08-10 08:24 - 2016-06-18 17:06 - 00072408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2016-08-10 08:24 - 2016-06-11 16:52 - 00379232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-08-10 08:24 - 2016-06-11 16:52 - 00057184 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2016-08-10 08:24 - 2016-06-11 15:05 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\gpresult.exe
2016-08-10 08:24 - 2016-06-11 14:14 - 00192512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpresult.exe
2016-08-10 08:24 - 2016-06-11 13:50 - 00987136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 08:24 - 2016-06-11 13:46 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2016-08-10 08:24 - 2016-06-11 13:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-08-10 08:24 - 2016-06-11 13:37 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-08-10 08:24 - 2016-06-11 13:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 08:24 - 2016-06-11 13:20 - 00413184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-08-10 08:24 - 2016-06-11 13:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-08-10 08:24 - 2016-06-11 00:44 - 00107984 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-08-10 08:24 - 2016-06-11 00:44 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-08-10 08:24 - 2016-06-10 18:34 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2016-08-10 08:24 - 2016-06-10 17:07 - 03820544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2016-08-10 08:24 - 2016-06-10 17:03 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 08:24 - 2016-06-10 16:04 - 03547136 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-08-10 08:24 - 2016-06-10 15:11 - 06521800 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-08-10 08:24 - 2016-06-10 15:11 - 01487992 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-10 08:24 - 2016-06-10 15:11 - 00261376 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-10 08:24 - 2016-06-10 15:11 - 00125024 _____ (Microsoft Corporation) C:\Windows\system32\cryptxml.dll
2016-08-10 08:24 - 2016-06-10 15:10 - 00099136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptxml.dll
2016-08-10 08:24 - 2016-06-10 15:07 - 03273728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2016-08-10 08:24 - 2016-06-10 15:04 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 08:24 - 2016-06-09 16:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-08-10 08:24 - 2016-06-09 15:18 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-08-10 08:24 - 2016-06-07 15:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\hbaapi.dll
2016-08-10 08:24 - 2016-06-07 14:13 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hbaapi.dll
2016-08-10 08:24 - 2016-06-03 21:38 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-08-10 08:24 - 2016-06-03 21:37 - 01970968 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-08-10 08:24 - 2016-05-29 04:08 - 22361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-08-10 08:24 - 2016-05-28 15:31 - 19788688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-08-10 08:24 - 2016-05-18 18:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2016-08-10 08:24 - 2016-05-18 18:15 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2016-08-10 08:24 - 2016-05-18 17:56 - 01291776 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2016-08-10 08:24 - 2016-05-18 17:33 - 01060352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2016-08-10 08:24 - 2016-05-18 17:28 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-08-10 08:24 - 2016-05-18 17:16 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-08-10 08:24 - 2016-05-14 17:26 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-10 08:24 - 2016-05-14 02:19 - 07446360 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-10 08:24 - 2016-05-14 02:19 - 01134768 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-08-10 08:24 - 2016-05-13 20:08 - 00111616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-08-10 08:24 - 2016-05-13 20:08 - 00032768 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2016-08-10 08:24 - 2016-05-13 20:08 - 00032512 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2016-08-10 08:24 - 2016-05-13 19:24 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-08-10 08:24 - 2016-05-13 18:42 - 03667968 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-10 08:24 - 2016-05-13 18:30 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-08-10 08:24 - 2016-05-13 18:29 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-08-10 08:24 - 2016-05-13 18:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-08-10 08:24 - 2016-05-13 18:27 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-08-10 08:24 - 2016-05-13 18:26 - 02230784 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-08-10 08:24 - 2016-05-13 18:26 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-10 08:24 - 2016-05-13 18:18 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-08-10 08:24 - 2016-05-13 18:18 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-08-10 08:24 - 2016-05-13 18:16 - 00727040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-10 08:24 - 2016-05-13 18:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-08-10 08:24 - 2016-05-12 15:36 - 00034600 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountBroker.exe
2016-08-10 08:24 - 2016-05-12 14:39 - 00030984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe
2016-08-10 08:24 - 2016-05-06 18:59 - 00331608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2016-08-10 08:24 - 2016-05-06 14:13 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-08-10 08:24 - 2016-05-05 15:28 - 01661072 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-08-10 08:24 - 2016-05-05 14:39 - 01212256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-08-10 08:24 - 2016-05-05 14:18 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-08-10 08:24 - 2016-05-05 14:02 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-08-10 08:24 - 2016-05-05 13:37 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-08-10 08:24 - 2016-05-05 13:34 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-08-10 08:24 - 2016-05-05 13:29 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-08-10 08:24 - 2016-05-05 12:28 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-08-10 08:24 - 2016-05-05 12:16 - 02464768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-08-10 08:24 - 2016-04-16 10:56 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-08-10 08:24 - 2016-04-12 12:46 - 14467584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-08-10 08:24 - 2016-04-12 12:30 - 12879872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-08-10 08:24 - 2016-04-10 02:35 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-08-10 08:24 - 2016-04-09 19:15 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-08-10 08:24 - 2016-04-09 19:14 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Geolocation.dll
2016-08-10 08:24 - 2016-04-09 19:10 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-08-10 08:24 - 2016-04-09 19:09 - 00754176 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-08-10 08:24 - 2016-04-09 19:02 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2016-08-10 08:24 - 2016-04-09 18:59 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Geolocation.dll
2016-08-10 08:24 - 2016-04-09 18:59 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-08-10 08:24 - 2016-04-09 18:56 - 00543232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-08-10 08:24 - 2016-04-09 18:55 - 00881152 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-08-10 08:24 - 2016-04-09 18:52 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2016-08-10 08:24 - 2016-04-07 13:06 - 00927744 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-08-10 08:24 - 2016-04-06 18:21 - 00114528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2016-08-10 08:24 - 2016-04-06 15:20 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2016-08-10 08:24 - 2016-04-06 15:20 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-08-10 08:24 - 2016-04-06 15:17 - 18825216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-08-10 08:24 - 2016-04-06 13:25 - 15158272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 08:24 - 2016-04-05 19:37 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndiswan.sys
2016-08-10 08:24 - 2016-04-02 11:09 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2016-08-10 08:24 - 2016-04-02 10:58 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2016-08-10 08:24 - 2016-04-01 14:40 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-08-10 08:24 - 2016-04-01 13:53 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-08-10 08:24 - 2016-04-01 13:50 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-08-10 08:24 - 2016-04-01 13:42 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-08-10 08:24 - 2016-04-01 13:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-08-10 08:24 - 2016-02-04 13:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-08-10 08:24 - 2016-02-04 13:49 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-08-10 08:24 - 2016-02-04 13:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-08-10 08:24 - 2016-01-31 16:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-08-10 08:24 - 2016-01-31 15:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-08-10 08:21 - 2016-08-02 03:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 08:21 - 2016-08-02 03:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 08:21 - 2016-08-02 03:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 08:21 - 2016-08-02 03:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 08:21 - 2016-08-02 03:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 08:21 - 2016-08-02 03:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 08:21 - 2016-08-02 02:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 08:21 - 2016-08-02 02:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 08:21 - 2016-08-02 02:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 08:21 - 2016-08-02 02:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 08:21 - 2016-08-02 02:46 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-08-10 08:21 - 2016-08-02 02:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 08:21 - 2016-08-02 02:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 08:21 - 2016-08-02 02:39 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 08:21 - 2016-08-02 02:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 08:21 - 2016-08-02 02:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 08:21 - 2016-08-02 02:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 08:21 - 2016-08-02 02:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 08:21 - 2016-08-02 02:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 08:21 - 2016-08-02 02:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 08:21 - 2016-08-02 02:20 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-08-10 08:21 - 2016-08-02 02:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 08:21 - 2016-08-02 02:15 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 08:21 - 2016-08-02 02:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 08:21 - 2016-08-02 02:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 08:21 - 2016-08-02 02:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 08:21 - 2016-08-02 01:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 08:21 - 2016-08-02 01:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 08:21 - 2016-08-02 01:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 08:21 - 2016-08-02 01:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 08:21 - 2016-07-08 11:18 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 08:21 - 2016-06-11 14:22 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-08-10 08:21 - 2016-06-11 14:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 08:21 - 2016-06-11 14:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 08:21 - 2016-06-11 13:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-08-10 08:21 - 2016-06-11 13:43 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 08:21 - 2016-06-11 13:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 08:19 - 2016-07-08 21:09 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 08:19 - 2016-07-08 21:08 - 00332632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 08:19 - 2016-07-08 11:32 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-10 08:19 - 2016-07-08 11:25 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-08-10 08:19 - 2016-07-08 11:22 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 08:19 - 2016-07-08 11:19 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-08-10 08:19 - 2016-07-08 11:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-08-10 08:19 - 2016-07-07 19:33 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 08:19 - 2016-07-07 18:53 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 08:19 - 2016-07-07 17:06 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 08:19 - 2016-07-06 11:26 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-08-10 08:19 - 2016-07-06 11:26 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-08-10 08:19 - 2016-07-06 11:23 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-08-10 08:19 - 2016-07-06 11:21 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 08:19 - 2016-06-21 15:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-08-10 08:19 - 2016-06-21 11:12 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-08-10 08:19 - 2016-05-18 20:18 - 00563024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-10 08:19 - 2016-05-18 20:18 - 00397232 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-08-10 08:19 - 2016-05-18 20:16 - 00178016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 08:19 - 2016-05-18 19:28 - 00340880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-06 15:49 - 2015-01-26 16:25 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1783979284-4136890468-1634349905-1001
2016-09-06 15:44 - 2015-01-26 16:22 - 00001062 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-06 15:44 - 2015-01-26 16:19 - 00000000 __RDO C:\Users\Jonathan\SkyDrive
2016-09-06 04:01 - 2015-01-26 16:22 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-06 03:46 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\spool
2016-09-06 03:46 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\Inf
2016-09-06 03:36 - 2015-06-03 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-09-06 03:36 - 2015-06-02 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2016-09-06 03:36 - 2015-06-02 23:17 - 00000000 ____D C:\Program Files (x86)\Epson Software
2016-09-06 03:36 - 2015-01-26 21:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-06 03:35 - 2015-06-03 00:57 - 00000950 _____ C:\Users\Public\Desktop\EPSON Scan.lnk
2016-09-06 03:25 - 2015-06-02 23:17 - 00000000 ____D C:\ProgramData\EPSON
2016-09-06 03:11 - 2015-03-14 20:52 - 00000000 ____D C:\Users\Jonathan\AppData\Local\ElevatedDiagnostics
2016-09-06 03:10 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\NDF
2016-09-06 00:58 - 2015-01-26 18:25 - 00000000 ____D C:\Users\Jonathan\Documents\My Games
2016-09-06 00:36 - 2015-01-26 16:54 - 00000000 ____D C:\Back up Jony
2016-09-06 00:28 - 2013-08-22 11:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-06 00:27 - 2013-08-22 10:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-09-06 00:12 - 2016-06-23 01:01 - 00000000 ____D C:\IGG-Hearts.of.Iron.IV.Field.Marshal.Edition
2016-09-05 23:33 - 2015-01-26 18:53 - 00807752 _____ C:\Windows\system32\perfh00A.dat
2016-09-05 23:33 - 2015-01-26 18:53 - 00166140 _____ C:\Windows\system32\perfc00A.dat
2016-09-05 23:33 - 2015-01-26 16:14 - 01829802 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-05 17:32 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-09-05 15:18 - 2015-01-26 17:35 - 00000000 ____D C:\AMD
2016-09-05 02:40 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\AppReadiness
2016-09-04 03:58 - 2015-01-26 16:13 - 00000000 ____D C:\Users\Jonathan
2016-09-02 03:56 - 2015-02-06 02:07 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Spotify
2016-09-02 01:32 - 2015-02-06 02:12 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Spotify
2016-09-01 12:34 - 2015-01-26 17:50 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-01 12:22 - 2015-01-26 16:38 - 00000000 ____D C:\Games
2016-09-01 07:58 - 2016-01-29 20:40 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\qBittorrent
2016-09-01 02:26 - 2015-01-26 20:48 - 00000000 ____D C:\ProgramData\Origin
2016-08-31 14:01 - 2015-10-13 21:23 - 00000000 ____D C:\Program Files (x86)\AMD
2016-08-31 13:13 - 2015-01-26 17:40 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-31 10:10 - 2015-01-26 16:28 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-08-31 09:56 - 2015-01-26 20:48 - 00000000 ____D C:\Program Files (x86)\Origin
2016-08-31 08:33 - 2015-03-16 00:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-08-30 12:04 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\rescache
2016-08-30 00:08 - 2016-03-23 01:55 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\discord
2016-08-30 00:04 - 2015-01-26 20:37 - 00000405 _____ C:\Windows\Cmicnfg3.ini.cfl
2016-08-30 00:04 - 2015-01-26 20:37 - 00000260 _____ C:\Windows\Cmicnfg3.ini.imi
2016-08-30 00:04 - 2015-01-26 20:37 - 00000130 _____ C:\Windows\system\Dlap.pfx
2016-08-30 00:01 - 2015-01-26 20:37 - 00000199 _____ C:\Windows\system\Cmicnfg3.ini
2016-08-30 00:01 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\System
2016-08-29 20:48 - 2015-02-18 14:07 - 00000824 _____ C:\Windows\system32\Drivers\etc\host.txt
2016-08-27 21:57 - 2015-01-27 12:16 - 00000000 ____D C:\Temp
2016-08-27 21:57 - 2013-08-22 12:36 - 00000000 ____D C:\Windows\Help
2016-08-27 21:16 - 2015-01-26 21:47 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-08-27 20:40 - 2015-01-26 19:08 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-08-27 20:39 - 2015-01-27 12:59 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-08-27 16:00 - 2013-08-22 12:20 - 00000000 ____D C:\Windows\CbsTemp
2016-08-27 15:50 - 2013-08-22 11:44 - 02315936 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-27 15:43 - 2013-08-22 12:36 - 00000000 ___RD C:\Windows\ToastData
2016-08-27 15:40 - 2015-01-29 04:03 - 00000000 ____D C:\Windows\system32\MRT
2016-08-27 15:35 - 2015-01-29 04:03 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-27 02:41 - 2015-01-29 22:56 - 00000000 ____D C:\Users\Jonathan\AppData\Local\LogMeIn Hamachi
2016-08-26 10:34 - 2015-02-12 16:18 - 00000000 ____D C:\AdwCleaner
2016-08-25 21:34 - 2015-04-08 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-08-23 15:31 - 2016-04-06 02:09 - 00000000 ____D C:\GOG Games
2016-08-22 17:10 - 2015-02-02 00:30 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\Skype
2016-08-22 14:05 - 2016-07-09 18:49 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-08-22 14:04 - 2015-01-26 18:11 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Battle.net
2016-08-22 14:04 - 2015-01-26 18:11 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-19 08:33 - 2016-03-30 02:08 - 00001059 _____ C:\Users\Public\Desktop\qBittorrent.lnk
2016-08-19 08:33 - 2016-01-29 20:40 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-08-19 08:15 - 2016-08-06 21:47 - 00000000 ____D C:\Users\Jonathan\AppData\Local\Nox
2016-08-19 08:14 - 2015-10-20 05:13 - 00000000 ____D C:\Users\Jonathan\.android
2016-08-19 08:13 - 2016-08-06 21:47 - 00000000 ____D C:\Users\Jonathan\vmlogs
2016-08-19 08:13 - 2016-08-06 21:47 - 00000000 ____D C:\Users\Jonathan\.BigNox
2016-08-18 11:39 - 2015-02-02 11:25 - 00000000 ____D C:\Users\Jonathan\AppData\Roaming\vlc
2016-08-10 06:42 - 2013-08-22 12:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-08 20:22 - 2016-08-06 21:33 - 00000000 ___RD C:\Users\Jonathan\Desktop\POKEMON GO
2016-08-08 05:53 - 2015-02-02 00:30 - 00000000 ___RD C:\Program Files (x86)\Skype
 
==================== Files in the root of some directories =======
 
2016-01-13 18:48 - 2016-01-13 18:48 - 0001157 _____ () C:\Users\Jonathan\AppData\Roaming\20-unhint-small-vera.conf
2016-03-02 17:55 - 2016-03-02 17:55 - 0065536 _____ (Embarcadero Technologies, Inc.) C:\Users\Jonathan\AppData\Roaming\bat.dll
2016-03-04 19:30 - 2016-03-04 19:30 - 0049717 _____ () C:\Users\Jonathan\AppData\Roaming\biblioentry.item.separator.xml
2016-03-05 20:34 - 2016-03-05 20:34 - 0049730 _____ () C:\Users\Jonathan\AppData\Roaming\callout.unicode.xml
2016-03-04 19:30 - 2016-03-04 19:30 - 0001426 _____ () C:\Users\Jonathan\AppData\Roaming\CarryallRatline
2016-03-02 18:34 - 2016-03-02 18:34 - 0061440 _____ (MainConcept AG) C:\Users\Jonathan\AppData\Roaming\counterplot.dll
2013-10-01 23:56 - 2013-10-01 23:56 - 0000998 _____ () C:\Users\Jonathan\AppData\Roaming\css.stylesheet.xml
2016-02-26 19:42 - 2016-02-26 19:42 - 0069632 _____ (Adobe Systems Inc.) C:\Users\Jonathan\AppData\Roaming\debauchee.dll
2016-02-23 23:41 - 2016-02-23 23:41 - 0036864 _____ () C:\Users\Jonathan\AppData\Roaming\engulfments.dll
2016-02-26 20:21 - 2016-02-26 20:21 - 0049870 _____ () C:\Users\Jonathan\AppData\Roaming\f21.png
2016-01-24 23:21 - 2016-01-24 23:21 - 0005120 _____ () C:\Users\Jonathan\AppData\Roaming\GiftBag.db
2016-02-24 15:38 - 2016-02-24 15:38 - 0049708 _____ () C:\Users\Jonathan\AppData\Roaming\Godthab
2016-02-24 15:38 - 2016-02-24 15:38 - 0002278 _____ () C:\Users\Jonathan\AppData\Roaming\IncreaseSayso
2016-02-20 09:17 - 2016-02-20 09:17 - 240397312 _____ () C:\Users\Jonathan\AppData\Roaming\Launcher.dat
2016-03-05 20:34 - 2016-03-05 20:34 - 0001387 _____ () C:\Users\Jonathan\AppData\Roaming\LiturgyNone
2013-10-01 23:54 - 2013-10-01 23:54 - 0002991 _____ () C:\Users\Jonathan\AppData\Roaming\messages_pt_BR.properties
2016-02-26 20:21 - 2016-02-26 20:21 - 0001377 _____ () C:\Users\Jonathan\AppData\Roaming\SemenCaraculNapa
2013-10-01 23:56 - 2013-10-01 23:56 - 0002008 _____ () C:\Users\Jonathan\AppData\Roaming\side.float.properties.xml
2014-10-07 01:39 - 2014-10-07 01:39 - 0011264 _____ () C:\Users\Jonathan\AppData\Roaming\System.dll
2015-05-19 22:14 - 2015-05-19 22:14 - 0000570 _____ () C:\Users\Jonathan\AppData\Roaming\tweakBIOSDriversFirmwareUpdate_zh-cn.p5p
2016-02-20 09:17 - 2016-02-20 09:17 - 0000009 _____ () C:\Users\Jonathan\AppData\Roaming\update.dat
2016-02-20 09:18 - 2016-02-20 23:58 - 0000004 _____ () C:\Users\Jonathan\AppData\Roaming\Microsoft\notaut.txt
2015-03-17 02:44 - 2015-03-17 02:44 - 0000000 ___SH () C:\Users\Jonathan\AppData\Local\LumaEmu
2016-01-24 23:19 - 2016-01-24 23:19 - 0333506 _____ (AnySend.com) C:\Users\Jonathan\AppData\Local\nsqB0ED.tmp
2015-12-30 13:50 - 2016-01-19 17:10 - 0007602 _____ () C:\Users\Jonathan\AppData\Local\Resmon.ResmonCfg
2015-01-26 21:47 - 2015-01-26 21:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-29 19:54
 
==================== End of FRST.txt ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Jonathan (06-09-2016 15:54:17)
Running from C:\Users\Jonathan\Desktop
Windows 8.1 Pro (Update) (X64) (2015-01-26 19:15:42)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1783979284-4136890468-1634349905-500 - Administrator - Disabled)
Guest (S-1-5-21-1783979284-4136890468-1634349905-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1783979284-4136890468-1634349905-1007 - Limited - Enabled)
Jonathan (S-1-5-21-1783979284-4136890468-1634349905-1001 - Administrator - Enabled) => C:\Users\Jonathan
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.20.2 - Mirillis)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.90 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_53a35a181eeb50486a0e091bd67ae62) (Version: 10.0 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AOMEI Partition Assistant Pro Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF300}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Attack on Titan Wings of Freedom (HKLM-x32\...\Attack on Titan Wings of Freedom_is1) (Version:  - )
aTube Catcher versión 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield™ 1 Open Beta (HKLM-x32\...\{F9E19363-7B10-4F8A-8640-945C36D4B504}) (Version: 1.0.8.10777 - Electronic Arts)
Call Of Duty Modern Warfare 2 version 1.0 (HKLM-x32\...\{A773F6D4-60C1-4748-BBC5-01ABC804B968}_is1) (Version: 1.0 - DigitalZone)
Catalyst Control Center Next Localization BR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )
C-Media PCI Audio Device (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008738}) (Version: 1.00.0003 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor Pro 1.24 (HKLM\...\CPUID HWMonitorPro_is1) (Version:  - )
CrystalDiskInfo 6.8.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.8.2 - Crystal Dew World)
Dark Souls III, âåðñèÿ 2.0 (HKLM-x32\...\Dark Souls III_is1) (Version: 2.0 - Bandai Namco)
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
Discord (HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Discord) (Version: 0.0.294 - Hammer & Chisel, Inc.)
DiskCheckup v3.3 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.3.1000 - PassMark Software)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON TX230 Series Printer Uninstall (HKLM\...\EPSON TX230 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM-x32\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.4.0 - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
FIFA 15 (HKLM-x32\...\FIFA 15_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
FM Genie Scout 16 version 1.0 16.3.1 (HKLM-x32\...\FM Genie Scout 16_is1) (Version: 1.0 16.3.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software)
iNFekt NFO Viewer (HKLM\...\{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1) (Version: 0.9.5 - syndicode)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
K-Lite Mega Codec Pack 10.9.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
L2 Crest Maker (HKLM-x32\...\L2 Crest Maker1.0) (Version: 1.0 - Wan Soft)
Lineage II (HKLM-x32\...\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}) (Version: 90.7.2281 - NCSoft)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.493 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.493 - LogMeIn, Inc.) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x64 8.0.61000 (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{57660847-B1F7-35BD-9118-F62EB863A598}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Mount and Blade - Warband  - Napoleonic Wars (HKLM-x32\...\Mount and Blade: Warband  - Napoleonic Wars_is1) (Version: 2.2.0.13 - GOG.com)
Mount and Blade - Warband  - Viking Conquest (HKLM-x32\...\Mount and Blade: Warband  - Viking Conquest_is1) (Version: 2.7.0.18 - GOG.com)
Mount and Blade - Warband (HKLM-x32\...\1207666913_is1) (Version: 2.5.0.15 - GOG.com)
Mount and Blade - With Fire and Sword (HKLM-x32\...\1207666903_is1) (Version: 2.1.0.5 - GOG.com)
Mount and Blade (HKLM-x32\...\1207666893_is1) (Version: 2.0.0.4 - GOG.com)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{4F0E15EA-F64C-11E5-9992-E717EA7DB0C8}) (Version: 2.0.3 - Werner Schweer and Others)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
Nox APP Player (HKLM-x32\...\Nox) (Version: 3.7.1.0 - Duodian Technology Co. Ltd.)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
qBittorrent 3.3.6 (HKLM-x32\...\qBittorrent) (Version: 3.3.6 - The qBittorrent project)
qksee (HKLM-x32\...\qksee) (Version:  - Taiwan Shui Mu Chih Ching Technology Limited) <==== ATTENTION
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Sapphire TRIXX (HKLM-x32\...\Sapphire TRIXX) (Version:  - )
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Spotify (HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
Stardew Valley (HKLM-x32\...\1453375253_is1) (Version: 2.2.0.4 - GOG.com)
State of Decay YOSE - Day One Edition (HKLM-x32\...\State of Decay YOSE - Day One Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1222 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
The Culling (HKLM-x32\...\Steam App 437220) (Version:  - Xaviant)
The Witcher 3 Wild Hunt v.1.0.4 (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version:  - )
Vegas Pro 12.0 (64-bit) (HKLM\...\{A8582A9E-FE98-11E1-B899-F04DA23A5C58}) (Version: 12.0.367 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
We Happy Few (HKLM-x32\...\1296814897_is1) (Version: 2.2.0.4 - GOG.com)
Windows Driver Package - BigNox Corporation (VBoxUSB) USB  (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation)
WinGrub (HKLM-x32\...\WinGrub) (Version:  - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinZip (HKLM-x32\...\WinZip) (Version: 2.3.9 - Winzipper Pvt Ltd.) <==== ATTENTION
XCOM 2 v.1.0.0.2893 (HKLM-x32\...\XCOM 2_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1783979284-4136890468-1634349905-1001_Classes\CLSID\{B3F5EDE0-4267-49eb-A775-799895476453}\InprocServer32 -> C:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-1783979284-4136890468-1634349905-1001_Classes\CLSID\{B8D080EE-9541-460f-A1AE-7C43CDA96C0F}\InprocServer32 -> C:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AD83F60-BF67-4FE1-9FFB-39C5A6E4F3DD} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1D6D371F-4807-4BE8-AE9D-A4F919AA4F35} - System32\Tasks\{3FA5B162-8027-4B19-8B52-E13E204262DB} => pcalua.exe -a "C:\Users\Jonathan\Downloads\Age of Empires 2 Age of Kings + The Conquerors by sielxm3d\SETUPREG.EXE" -d "C:\Users\Jonathan\Downloads\Age of Empires 2 Age of Kings + The Conquerors by sielxm3d"
Task: {22B0150C-6A93-4050-9BF5-B3B9DE94FA67} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.)
Task: {23D0858F-1AA9-49F1-AC19-ACA4BE721BE1} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-12-09] ()
Task: {26259646-29D9-46C1-95A1-E9B82D2D332D} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
Task: {2BBBCBDE-3FE3-4FC5-AAD2-2F428AD43AFB} - System32\Tasks\SUPERAntiSpyware Scheduled Task db2dacf0-c823-4099-a8ff-28d69074bd87 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {2E82F0C7-A8FF-4A91-A91E-91805E723818} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1783979284-4136890468-1634349905-1001
Task: {352FCED0-3165-44EA-AC5E-A77E22849DF6} - System32\Tasks\{89BFCA2E-B615-4CB1-951D-EAB6A51AF9DA} => Chrome.exe hxxp://ui.skype.com/ui/0/7.18.85.109/es/abandoninstall?page=tsMain
Task: {45EEA3A1-40B4-4288-8985-F70CEEA85979} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {583EC2BC-5A9B-4CDE-998F-71188D24BA54} - System32\Tasks\{4CD4276D-BABB-47EA-A675-2BFD7CB5C1FF} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.80.102/es/abandoninstall?page=tsProgressBar
Task: {616D187A-7410-42CB-AFC1-E08943C6D429} - System32\Tasks\{24444B29-5993-40ED-A777-75CD4BD33280} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.80.102/es/abandoninstall?page=tsProgressBar
Task: {8450D1E3-ED10-4390-A1C6-7469377F734D} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {8487E4FA-4C35-439B-A407-B599FCE69584} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {85E80E6F-4FC5-4A6A-8AB0-C2C6CEA87900} - System32\Tasks\Namudomvinerght Reports => C:\Program Files (x86)\Clsuyvertoph\NmdReportsvrq.exe [2016-08-26] ()
Task: {94C10B37-6284-4079-A6A4-80B626357E81} - System32\Tasks\{D283CAB9-8606-4B9D-A2E0-475FC976876A} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {A425AE88-5C2B-48B7-80E8-0A706494C243} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B13E2C89-F1C0-431C-8D81-7FCA0AA93454} - System32\Tasks\IntelMemoryDiagnostic => C:\Users\Jonathan\AppData\Local\Temp\d3dx10.exe <==== ATTENTION
Task: {B5263437-0CE1-45C8-872E-1E3AD3ACF873} - System32\Tasks\ChelfNotify Task => C:\ProgramData\ChelfNotify\BrowserUpdate.exe [2016-06-29] (Tencent) <==== ATTENTION
Task: {B79AFFC5-AC2C-4F59-9F99-6754A38137C0} - System32\Tasks\{BCBB694D-32D6-417C-93FE-71ED897C31CB} => pcalua.exe -a "C:\Program Files (x86)\Activision\Call of Duty 2\cod2sp_s.exe" -d "C:\Program Files (x86)\Activision\Call of Duty 2\"
Task: {B7A54312-4F2B-4FD8-9954-500ABC957D97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {C54361BE-CFB6-4365-97D8-99D6B23ADDE1} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-12-01] (@ByELDI)
Task: {CC0D7BF0-5A1E-4EF7-A98B-8B0CBBF0AC28} - System32\Tasks\RunAsStdUser_MyComGames => C:\Users\Jonathan\AppData\Local\MyComGames\MyComGames.exe
Task: {CC8617D8-DBDF-4B79-AC3E-8CCD229E1CAF} - System32\Tasks\{AD6BCCFF-4F2E-4B05-B67A-0D90CCD69295} => Chrome.exe hxxp://ui.skype.com/ui/0/7.4.80.102/es/abandoninstall?page=tsProgressBar
Task: {D255A0E2-98C7-42A8-A0DA-ED17F2234309} - System32\Tasks\SUPERAntiSpyware Scheduled Task 4d24c97f-33d4-477c-a7a4-4d2b711cbd4c => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {D8145D47-68F5-4EBE-BD27-D30185D4E795} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {DF527D83-5C6E-41D9-B5B0-CEAF5742C962} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {EF4525A3-FAB5-4DED-A6DB-D33E09FC378F} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4d24c97f-33d4-477c-a7a4-4d2b711cbd4c.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task db2dacf0-c823-4099-a8ff-28d69074bd87.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Jonathan\Desktop\PING TEST.lnk -> C:\ping.bat ()
 
ShortcutWithArgument: C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-26 21:17 - 2016-03-25 11:55 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-09-06 04:13 - 2016-09-04 23:37 - 00536312 _____ () C:\Program Files (x86)\WinSaber\WinSaber.exe
2016-09-06 04:13 - 2016-09-05 23:12 - 00749848 _____ () C:\Program Files (x86)\qksee\qkseeSvc.exe
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-06 04:13 - 2016-02-14 23:21 - 00582144 _____ () C:\Program Files (x86)\qksee\curlpp.dll
2016-09-06 04:13 - 2015-09-01 22:43 - 00068432 _____ () C:\Program Files (x86)\qksee\zlib1.dll
2016-09-06 04:13 - 2016-09-06 04:13 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
2016-09-06 04:13 - 2016-09-06 04:13 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
2016-08-03 19:02 - 2016-08-02 21:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-03 19:02 - 2016-08-02 21:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\72094409.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\72094409.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-08-26 10:13 - 2016-08-29 20:59 - 00000894 ____A C:\Windows\system32\Drivers\etc\hosts
 
Should Look Like This Code&#58;
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jonathan\Desktop\Dark Souls Crossovers - Imgur\05 - paOhyzh.jpg
DNS Servers: 200.49.130.44 - 200.42.4.198
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: EpsonCustomerParticipation => 2
MSCONFIG\Services: EPSON_PM_RPCV4_04 => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: Motorola Device Manager => 2
MSCONFIG\Services: NmdReportsnqg.exe => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: PST Service => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Service KMSELDI => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
HKLM\...\StartupApproved\Run: => "CmPCIaudio"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run: => "!XBStart"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "RazerCortex"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Erbtion"
HKLM\...\StartupApproved\Run32: => "AZMworks"
HKLM\...\StartupApproved\Run32: => "amd_dc_opt"
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\StartupApproved\Run: => "Gyazo"
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\StartupApproved\Run: => "AZMworks"
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\StartupApproved\Run: => "Erbtion"
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\StartupApproved\Run: => "YdPack"
HKU\S-1-5-21-1783979284-4136890468-1634349905-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{81E5AFB0-3F13-45A2-8311-174A6DB37162}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4A72FAE7-1ADE-4A0E-8F23-35FEA6C9978B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4EC19C76-AB9A-48AF-99FF-47F5CEB705DD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C1657804-F101-449F-920A-F42A79C65D0D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{95C772A3-8087-442B-9DEF-B61EA1DF767E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{BCC631E0-BDE2-4CB3-A189-067944F6DDBC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{857FD14A-C13E-4599-9843-5CF336727F3A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9343A8D3-E021-4DA0-B376-E6E82C9F4484}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C9156871-60A9-4723-A1D8-4BD3D34A5CCD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A819ADD0-D14D-4064-B602-C6CBDF4E211D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{80CD6FFA-B525-4D27-8B22-F59317E3CE9C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{6C0D29FE-54A9-4048-BF2F-38EEC0FA9223}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{53A8F4D1-D034-44FE-8668-746F35B098D2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{BAE61F40-F293-4A95-8D67-CF9284A145BF}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{BC5516C0-67FE-4398-8127-616C8DC91390}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{C9574768-0BDC-450E-A02B-C53A64CB5B32}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{386D2808-E542-43D9-81D0-DC226EB4750E}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{D13C9879-03ED-4E40-A758-BDB97DAD2586}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{F840811B-4EA4-4064-BEFD-024193C97DC3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B1358274-6F25-4223-ADB8-5B1DD54EED4E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7DB43845-474A-4753-86B1-54F667A05542}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{C3ECBCE4-9A6B-4ABB-8EFF-4F76C330C19C}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{6EB9C35F-8C83-4BFE-91D8-CB1439ACA57D}C:\users\jonathan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jonathan\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{154A5535-D1DF-4267-8768-413A366A0627}C:\users\jonathan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jonathan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{929298B8-F90D-4C71-9FAC-C584852198C5}] => (Block) C:\users\jonathan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{ABCEF16C-7380-41D4-9AF9-4F9696C990A9}] => (Block) C:\users\jonathan\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DDD5FCFB-A86F-471E-BD46-24EAE02F0CFF}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{738556C6-BC0A-439D-9916-2AC37936AED9}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{A5CC248B-5460-44A5-8110-4F509C8D1329}] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{F490B1C1-8457-446E-B31E-C513B6A926D2}] => (Block) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{F1060CE8-6D4D-4CA8-A13D-CFC2F0A7186F}] => (Allow) LPort=1689
FirewallRules: [TCP Query User{02DE855B-1915-4C35-A888-5780B33A8EDE}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{2AEB7470-4617-405A-8E77-87B5BDECC844}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{C2F1303C-C89F-4AC0-9DDA-356726C467C5}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{E0817070-19B6-4686-8234-FFA1DC29A23E}] => (Block) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{EAFD2044-393A-4880-A309-4885517E5EF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{EDA4CEC2-ABFC-40F1-89AF-97703CC75A49}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{CE0902B9-42DF-4A68-991D-D564DA6173EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7693DB43-FD4B-4E0D-B882-E25FA630F760}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{18CF4AC0-1262-4BEC-87CB-DC95529CBB56}C:\program files (x86)\raidcall\raidcall.exe] => (Allow) C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [UDP Query User{B50D70E1-577E-415B-BC49-16711063AE68}C:\program files (x86)\raidcall\raidcall.exe] => (Allow) C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [{E21EACD7-FCD7-48D8-A75D-AEB86072CA6D}] => (Block) C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [{2694F060-F152-40FE-869B-008E9DA18019}] => (Block) C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [TCP Query User{D9A90336-F599-4855-998D-284971CEBDAA}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3F209DF9-72CD-44CD-B775-FBA02F56297E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{E39881ED-7808-4694-9C7E-B859A2242BA8}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{88A6AE1B-2C89-4AC5-8B64-EC2F883FD405}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{388A2A69-8137-4D15-9CDE-7191EC5C0AE5}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{DF2827BA-8675-4AF5-9714-F6F377A8D751}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{A4B243B0-CB2D-4211-B195-FBE549F31768}] => (Allow) C:\Program Files (x86)\RaidCall\rcplugin.exe
FirewallRules: [{DA883511-68AD-43C5-AC67-F713780536FD}] => (Allow) C:\Program Files (x86)\RaidCall\rcplugin.exe
FirewallRules: [TCP Query User{F8D6F17B-E058-4B1C-A11F-5D2A3A44763E}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [UDP Query User{B4D1E1E5-8AD5-4292-A8F5-D07FC251457E}C:\program files (x86)\origin games\battlefield 3\bf3.exe] => (Allow) C:\program files (x86)\origin games\battlefield 3\bf3.exe
FirewallRules: [{10DC5E6E-E006-4C31-ABBD-74FF12B3E0D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{7BFEF04E-B131-44CC-9F0C-9F8945A023EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [TCP Query User{A03F9E88-0D93-42E8-92C1-90602936B37A}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [UDP Query User{A77A49E4-27ED-48E7-91C4-2ECD94C6E30E}C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\theculling\victory\binaries\win64\victory.exe
FirewallRules: [{7DE9CD58-40EE-4925-AA55-8EF924A4406B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{4BB2628C-2645-4308-948D-2C96D42F2DC5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{797CD6E2-D009-4C26-B03F-228C0A153E06}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B1DA894F-4A26-4BA3-8FA6-CB6BBF84300F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7A956B0E-582F-41E2-B387-BBCE58965854}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E8C29256-DE85-4F12-80F0-DA5CE157D4D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{97F5CBBA-CE2F-4F46-A643-14BA2324A3C4}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9DBCF0FF-BFBF-4A89-A563-E2EB79E5B361}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{762BF32E-6B98-4F2D-A033-257682763060}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A29A5369-E53F-4436-AAD8-BF6D67E7B525}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{87BC6521-A478-44A6-8A87-22D645D6B99B}C:\games\call of duty modern warfare 2\iw4m.exe] => (Allow) C:\games\call of duty modern warfare 2\iw4m.exe
FirewallRules: [UDP Query User{61932CCE-7C33-4C7A-8336-7D876B7E94D3}C:\games\call of duty modern warfare 2\iw4m.exe] => (Allow) C:\games\call of duty modern warfare 2\iw4m.exe
FirewallRules: [TCP Query User{B5641F4E-52C5-42FC-A571-3FE5F16713D9}C:\games\call of duty modern warfare 2\iw4mp.exe] => (Allow) C:\games\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{68FA4403-BAC7-40BB-AC94-0A15903B3579}C:\games\call of duty modern warfare 2\iw4mp.exe] => (Allow) C:\games\call of duty modern warfare 2\iw4mp.exe
FirewallRules: [TCP Query User{7385E889-6836-445F-9676-EDC15CB7CA4F}C:\games\call of duty modern warfare 2 server\iw4m_server.exe] => (Allow) C:\games\call of duty modern warfare 2 server\iw4m_server.exe
FirewallRules: [UDP Query User{4373424C-37DD-4943-9041-8B4072A9F021}C:\games\call of duty modern warfare 2 server\iw4m_server.exe] => (Allow) C:\games\call of duty modern warfare 2 server\iw4m_server.exe
FirewallRules: [{1A29E06E-638D-485D-A546-95D2AF77C6C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{FA0172F7-945E-4A9E-8542-E6545124AFEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [TCP Query User{45650937-C55B-402D-9148-F61EF3B8FB16}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{54AE24BB-E0DF-497D-A805-9E9AF813BD5D}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{53360C83-029C-4D49-9DCE-EB631FFBCFB6}C:\games\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [UDP Query User{63B12111-94B8-454E-AE2A-B63A8D688B15}C:\games\xcom 2\binaries\win64\xcom2.exe] => (Allow) C:\games\xcom 2\binaries\win64\xcom2.exe
FirewallRules: [TCP Query User{53D326DC-E9F5-40FC-B9D8-3AF29073C717}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{10EB3806-2D0D-47EB-A3B3-E106BBED4EA9}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{27319376-5D44-4185-B41C-C1844ADB5F6C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5D937851-6CBD-4E1E-B08A-C68E83D29D43}] => (Allow) C:\Users\Jonathan\Desktop\POKEMON GO\Nox\bin\Nox.exe
FirewallRules: [{76B23E82-8C24-4667-9818-A5E091471739}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{2269E949-4293-4E6D-9A3D-4085B774D1F4}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{E2EB59F6-42D5-4A6C-B125-C4DBEAFF1BDB}C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Block) C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [UDP Query User{D316A40F-8F6E-4427-9777-066A9E8716FA}C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe] => (Block) C:\gog games\we happy few\glimpsegame\binaries\win64\glimpsegame.exe
FirewallRules: [{55D122CE-9119-4BC4-9ABC-C5A3FD396DCE}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{715C957A-D964-4F7A-BFE6-4B7A14104776}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
FirewallRules: [{2319AB99-3679-4941-8817-D4209BA29898}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{22A39B25-C628-4A4A-ACE9-F91338C454E2}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Config V4\ENConfig.exe
FirewallRules: [{6B5325EF-D238-4F98-BECF-F407184795A3}] => (Allow) C:\Users\Jonathan\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{BF89E1F9-973E-454A-8472-BC037CEF4953}] => (Allow) C:\Users\Jonathan\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
 
==================== Restore Points =========================
 
31-08-2016 13:11:16 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
31-08-2016 13:12:33 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
31-08-2016 13:31:43 DDU Restore Point
31-08-2016 13:49:20 DDU Restore Point
06-09-2016 03:22:07 Installed EpsonNet Config V4
 
==================== Faulty Device Manager Devices =============
 
Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/06/2016 03:46:50 AM) (Source: RpcNs) (EventID: 2) (User: )
Description: Event-ID 2
 
Error: (09/06/2016 03:36:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: svchost.exe_PcaSvc, versión: 6.3.9600.17415, marca de tiempo: 0x54504177
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.18233, marca de tiempo: 0x56bb4ebb
Código de excepción: 0xc0000008
Desplazamiento de errores: 0x00000000000925fa
Identificador del proceso con errores: 0x1bc
Hora de inicio de la aplicación con errores: 0x01d207eebb22d82d
Ruta de acceso de la aplicación con errores: C:\Windows\System32\svchost.exe
Ruta de acceso del módulo con errores: C:\Windows\SYSTEM32\ntdll.dll
Identificador del informe: 4731f2be-73fc-11e6-8438-bcaec5714585
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
 
Error: (09/06/2016 03:22:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (09/05/2016 11:37:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa WINWORD.EXE, versión 12.0.4518.1014, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 648
 
Hora de inicio: 01d207e776344af0
 
Hora de finalización: 3
 
Ruta de acceso de la aplicación: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
 
Identificador de informe: d021b95b-73da-11e6-8436-bcaec5714585
 
Nombre completo de paquete con errores: 
 
Identificador de aplicación relativa del paquete con errores:
 
Error: (08/31/2016 02:51:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: bf1.exe, versión: 1.0.8.10777, marca de tiempo: 0x57b48c95
Nombre del módulo con errores: JavaScriptCore64.dll_unloaded, versión: 1.0.0.73, marca de tiempo: 0x57ab2b93
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x000000000001c1e0
Identificador del proceso con errores: 0x1344
Hora de inicio de la aplicación con errores: 0x01d203b02e09213c
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Origin Games\Battlefield 1 Open Beta\bf1.exe
Ruta de acceso del módulo con errores: JavaScriptCore64.dll
Identificador del informe: 9bdf155b-6fa3-11e6-8431-bcaec5714585
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
 
Error: (08/31/2016 02:04:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: cnext.exe, versión: 10.1.1.1522, marca de tiempo: 0x56d0b595
Nombre del módulo con errores: cnext.exe, versión: 10.1.1.1522, marca de tiempo: 0x56d0b595
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0000000000019977
Identificador del proceso con errores: 0xe90
Hora de inicio de la aplicación con errores: 0x01d203a9873a7842
Ruta de acceso de la aplicación con errores: C:\Program Files\AMD\CNext\CNext\cnext.exe
Ruta de acceso del módulo con errores: C:\Program Files\AMD\CNext\CNext\cnext.exe
Identificador del informe: 09705111-6f9d-11e6-8431-bcaec5714585
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
 
Error: (08/31/2016 01:49:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/31/2016 01:49:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Access is denied.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7edbfce9-41fb-41c3-865d-80596b871df8}
 
Error: (08/31/2016 01:31:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Error en Servicios de cifrado mientras se procesaba el objeto "System Writer" de la llamada OnIdentity().
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/31/2016 01:31:42 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Access is denied.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e0b9dc36-a1f2-48df-82c3-f8771af3192a}
 
 
System errors:
=============
Error: (09/06/2016 03:38:00 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: El Administrador de control de servicios intentó realizar una acción correctora (Restart the service) después de la terminación inesperada del servicio Program Compatibility Assistant Service, pero ocurrió el siguiente error: 
Ya se está ejecutando una instancia de este servicio.
 
Error: (09/06/2016 03:38:00 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: El Administrador de control de servicios intentó realizar una acción correctora (Restart the service) después de la terminación inesperada del servicio Device Association Service, pero ocurrió el siguiente error: 
Ya se está ejecutando una instancia de este servicio.
 
Error: (09/06/2016 03:37:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Windows Driver Foundation - User-mode Driver Framework terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Restart the service.
 
Error: (09/06/2016 03:37:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Diagnostic System Host se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
Error: (09/06/2016 03:37:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Remote Desktop Services UserMode Port Redirector terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Restart the service.
 
Error: (09/06/2016 03:37:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Distributed Link Tracking Client terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 120000 milisegundos: Restart the service.
 
Error: (09/06/2016 03:37:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Superfetch terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Restart the service.
 
Error: (09/06/2016 03:37:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Program Compatibility Assistant Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Restart the service.
 
Error: (09/06/2016 03:37:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Network Connections terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 100 milisegundos: Restart the service.
 
Error: (09/06/2016 03:37:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Network Connection Broker terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 5000 milisegundos: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-06-30 14:39:10.620
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-28 14:48:48.757
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-27 17:22:39.365
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-26 19:53:52.065
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\NTGLM7X.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-06-26 19:53:47.618
  Description: Windows is unable to verify the image integrity of the file \Device\CdRom0\Install\GMSIPCI.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-06-25 17:38:41.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-24 16:22:52.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-23 14:23:53.313
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-20 18:29:14.785
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-06-17 14:49:01.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 20%
Total physical RAM: 8191.11 MB
Available physical RAM: 6499.69 MB
Total Virtual: 9471.11 MB
Available Virtual: 7587.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.17 GB) (Free:534.74 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A6991ECF)
Partition 1: (Not Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=931.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 
 
---------------------------------------------------------------------------------------------------------------------------
 
Sorry for the late reply, i didn't had time before. Hopefully this helps.

Attached Files


Edited by Oh My!, 06 September 2016 - 02:47 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:31 PM

Posted 06 September 2016 - 02:56 PM

Thanks for the information.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Standard 2007 and all other products for which you do not have a valid Product Key. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please do so and then run this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:31 PM

Posted 09 September 2016 - 08:42 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:31 PM

Posted 11 September 2016 - 09:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users