Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iskysoft helper compact on startup??!


  • This topic is locked This topic is locked
10 replies to this topic

#1 UKScorpion

UKScorpion

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 September 2016 - 03:32 AM

Hi everyone!

 

I think looking around a few people have had this issue. I downloaded some video editing software which I didn't like (was free) and uninstalled it. However ever since then on startup I keep getting a pop up Do you want to allow ISkySoft Helper Compact to make changes to this computer? I also click no but I cannot seem to get it removed?

 

Can anyone help?



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:10 PM

Posted 16 September 2016 - 07:32 AM

Hello UKScorpion and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

================================================

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 UKScorpion

UKScorpion
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 September 2016 - 08:04 AM

Hi thank you I will do thank now and get back to you :)



#4 UKScorpion

UKScorpion
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 September 2016 - 08:19 AM

AdwCleaner log as follows;

 

# AdwCleaner v6.020 - Logfile created 16/09/2016 at 14:07:11

# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-15.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Gaming - GAMING-PC
# Running from : C:\Users\Gaming\Downloads\adwcleaner_6.020 (1).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_wax.en.softonic.com_0.localstorage
[-] File deleted: C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\hxxp_wax.en.softonic.com_0.localstorage-journal
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1048 Bytes] - [16/09/2016 14:07:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [1403 Bytes] - [16/09/2016 14:06:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1194 Bytes] ##########

JRT.txt as follows

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Gaming (Administrator) on 16/09/2016 at 14:11:05.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 33 
 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02JEX5SW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NMIJ80B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SJHI4WF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L6XICKQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0CEPO8G (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6PN6H44 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQNJEXSR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LL3YZGI0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGWQ0JD0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAY38UPQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIUPB1JF (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gaming\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP8BPLPT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-5F22D041.pf (File) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02JEX5SW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NMIJ80B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SJHI4WF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L6XICKQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C0CEPO8G (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6PN6H44 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQNJEXSR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LL3YZGI0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGWQ0JD0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NAY38UPQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIUPB1JF (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RP8BPLPT (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/09/2016 at 14:12:50.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Frst.txt as follows;

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2016

Ran by Gaming (administrator) on GAMING-PC (16-09-2016 14:15:03)
Running from C:\Users\Gaming\Downloads
Loaded Profiles: Gaming (Available Profiles: Gaming)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
(Mediatek Inc.) C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-12] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11340752 2016-07-19] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-6295810-3929519030-725474577-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2016-05-29] (Google Inc.)
HKU\S-1-5-21-6295810-3929519030-725474577-1000\...\Run: [Steam] => E:\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-6295810-3929519030-725474577-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-6295810-3929519030-725474577-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29538432 2016-08-17] (Skype Technologies S.A.)
HKU\S-1-5-21-6295810-3929519030-725474577-1000\...\Run: [BingSvc] => C:\Users\Gaming\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-6295810-3929519030-725474577-1000\...\MountPoints2: {ea425ff9-2966-11e6-afb7-9cd089d1789e} - F:\OnePlus_setup.exe /s
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-05-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2016-09-16]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe (Mediatek Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Find Fast.lnk [2016-05-29]
ShortcutTarget: Microsoft Find Fast.lnk -> C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Office Startup.lnk [2016-05-29]
ShortcutTarget: Office Startup.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{61E3F7D4-ABCC-4F03-9A78-65E3767A3118}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-6295810-3929519030-725474577-1000 -> {1BB5F193-B5BB-4D4A-9D9A-7466236A8CC8} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-31] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-31] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-31] (Google Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-31] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2016-06-30] (Adobe Systems Incorporated)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-08-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-08-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-08-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-08-29] (McAfee, Inc.)
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-07-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-07-07] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-09-16]
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-08-17]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
 
Chrome: 
=======
CHR Profile: C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-31]
CHR Extension: (Google Docs) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-31]
CHR Extension: (Google Drive) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-31]
CHR Extension: (YouTube) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-31]
CHR Extension: (Adobe Acrobat) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-08]
CHR Extension: (Google Sheets) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-31]
CHR Extension: (SiteAdvisor) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-31]
CHR Extension: (Grammarly for Chrome) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-09-08]
CHR Extension: (Yahoo Web) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh [2016-07-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-31]
CHR Extension: (Gmail) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-31]
CHR Extension: (Chrome Media Router) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-02]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-12] ()
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [161536 2016-08-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-07-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 MediatekRegistryWriter; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe [405136 2014-12-04] (Mediatek Inc.)
R2 MediatekRegistryWriter64; C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe [454288 2014-12-04] (Mediatek Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2227152 2016-07-19] (Micro-Star INT'L CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519976 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2229392 2015-02-16] (MediaTek Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
U0 aswVmm; no ImagePath
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160718.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160718.001\EX64.SYS [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 14:15 - 2016-09-16 14:15 - 00024605 _____ C:\Users\Gaming\Downloads\FRST.txt
2016-09-16 14:14 - 2016-09-16 14:15 - 00000000 ____D C:\FRST
2016-09-16 14:14 - 2016-09-16 14:14 - 02399232 _____ (Farbar) C:\Users\Gaming\Downloads\FRST64.exe
2016-09-16 14:14 - 2016-09-16 14:14 - 01749504 _____ (Farbar) C:\Users\Gaming\Downloads\FRST.exe
2016-09-16 14:13 - 2016-09-16 14:13 - 01610560 _____ (Malwarebytes) C:\Users\Gaming\Downloads\JRT (1).exe
2016-09-16 14:12 - 2016-09-16 14:13 - 00005909 _____ C:\Users\Gaming\Desktop\JRT.txt
2016-09-16 14:10 - 2016-09-16 14:10 - 01610560 _____ (Malwarebytes) C:\Users\Gaming\Downloads\JRT.exe
2016-09-16 14:10 - 2016-09-16 14:10 - 00001273 _____ C:\Users\Gaming\Desktop\AdwCleaner[C0].txt
2016-09-16 14:06 - 2016-09-16 14:06 - 00000000 ____D C:\Users\Gaming\AppData\Local\Sony
2016-09-16 14:06 - 2016-09-16 14:06 - 00000000 ____D C:\ProgramData\Sony
2016-09-16 14:06 - 2016-09-16 14:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-09-16 14:06 - 2016-09-16 14:06 - 00000000 ____D C:\Program Files\Sony
2016-09-16 14:06 - 2016-09-16 14:06 - 00000000 ____D C:\Program Files (x86)\Sony
2016-09-16 14:05 - 2016-09-16 14:07 - 00000000 ____D C:\AdwCleaner
2016-09-16 14:05 - 2016-09-16 14:05 - 03861056 _____ C:\Users\Gaming\Downloads\adwcleaner_6.020 (1).exe
2016-09-16 12:43 - 2016-09-16 12:44 - 70517045 _____ C:\Users\Gaming\Downloads\blender-2.77a-windows32.msi
2016-09-16 12:40 - 2016-09-16 12:40 - 01239752 _____ (Microsoft Corporation) C:\Users\Gaming\Downloads\wlsetup-web (3).exe
2016-09-15 17:42 - 2016-09-16 14:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-15 17:42 - 2016-09-15 17:42 - 00001098 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-15 17:42 - 2016-09-15 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-15 17:42 - 2016-09-15 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-15 17:42 - 2016-09-15 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-15 17:42 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-15 17:42 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-15 17:42 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-15 17:41 - 2016-09-15 17:42 - 22851472 _____ (Malwarebytes ) C:\Users\Gaming\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-15 17:36 - 2016-09-15 17:36 - 00000042 _____ C:\Windows\SysWOW64\AK083E209605E394C.lie
2016-09-15 17:34 - 2016-09-15 17:34 - 02670160 _____ (www.PerfectUninstaller.com ) C:\Users\Gaming\Downloads\PerfectUninstaller_Setup.exe
2016-09-15 17:23 - 2016-09-16 14:06 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Sony
2016-09-15 17:15 - 2016-09-15 17:19 - 411058696 _____ (Sony Creative Software Inc.) C:\Users\Gaming\Downloads\vegaspro13.0.373_64bit.exe
2016-09-15 16:53 - 2016-09-15 16:53 - 01239752 _____ (Microsoft Corporation) C:\Users\Gaming\Downloads\wlsetup-web (2).exe
2016-09-15 16:52 - 2016-09-15 16:52 - 03861056 _____ C:\Users\Gaming\Downloads\adwcleaner_6.020.exe
2016-09-15 16:39 - 2016-09-15 16:39 - 00000000 ____D C:\ProgramData\Wondershare
2016-09-15 16:38 - 2016-09-15 16:38 - 00000000 ____D C:\Users\Gaming\AppData\Local\Wondershare
2016-09-15 16:35 - 2016-09-15 16:35 - 01225872 _____ C:\Users\Gaming\Downloads\filmora_setup_full846.exe
2016-09-15 16:32 - 2016-09-15 16:32 - 00000000 ____D C:\Windows\en
2016-09-15 16:31 - 2016-09-15 16:31 - 00002486 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-09-15 16:31 - 2016-09-15 16:31 - 00001458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-09-15 16:31 - 2016-09-15 16:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-09-15 16:30 - 2016-09-15 16:32 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-09-15 16:30 - 2016-09-15 16:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-09-15 16:30 - 2016-09-15 16:30 - 00000000 ____D C:\Windows\PCHEALTH
2016-09-15 16:30 - 2016-09-15 16:30 - 00000000 ____D C:\Program Files\Windows Live
2016-09-15 16:30 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2016-09-15 16:26 - 2016-09-15 16:26 - 00002174 _____ C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-15 16:26 - 2016-09-15 16:26 - 00002096 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-15 16:26 - 2016-09-15 16:26 - 00002096 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-15 16:26 - 2016-09-15 16:26 - 00000000 ___RD C:\Users\Gaming\OneDrive
2016-09-15 16:26 - 2016-09-15 16:26 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-15 16:26 - 2016-09-15 16:26 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-09-15 16:25 - 2016-09-15 16:25 - 00000000 ____D C:\Users\Gaming\AppData\Local\Windows Live
2016-09-15 16:24 - 2016-09-15 16:24 - 01239752 _____ (Microsoft Corporation) C:\Users\Gaming\Downloads\wlsetup-web (1).exe
2016-09-15 16:15 - 2016-09-15 16:15 - 01239752 _____ (Microsoft Corporation) C:\Users\Gaming\Downloads\wlsetup-web.exe
2016-09-15 16:14 - 2016-09-15 16:37 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-09-15 16:14 - 2016-09-15 16:14 - 01206416 _____ C:\Users\Gaming\Downloads\filmora-idco_setup_full1901.exe
2016-09-15 15:59 - 2016-09-15 15:59 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-09-15 15:11 - 2016-09-15 15:11 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\VideoEditor
2016-09-15 15:11 - 2016-09-15 15:11 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\FlashIntegro
2016-09-15 15:11 - 2016-07-25 17:41 - 00071480 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter3.ax
2016-09-15 15:11 - 2011-12-07 18:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2016-09-15 15:11 - 2005-08-01 18:43 - 00245760 _____ () C:\Windows\SysWOW64\lame.ax
2016-09-15 15:11 - 2004-12-10 09:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2016-09-15 15:11 - 2004-09-06 15:06 - 00053248 _____ C:\Windows\SysWOW64\xvid.ax
2016-09-15 15:11 - 2004-07-03 20:08 - 00139264 _____ C:\Windows\SysWOW64\xvidvfw.dll
2016-09-15 15:11 - 2004-07-03 19:59 - 00524288 _____ C:\Windows\SysWOW64\xvidcore.dll
2016-09-15 15:11 - 2004-02-04 20:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2016-09-15 15:11 - 2003-05-22 11:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2016-09-15 15:11 - 2003-05-22 11:26 - 00221215 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divxdec.ax
2016-09-15 15:11 - 2003-05-21 22:50 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-09-15 15:11 - 2003-05-21 22:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2016-09-15 15:11 - 2003-05-21 22:50 - 00156910 _____ C:\Windows\WMSysPr8.prx
2016-09-15 15:11 - 2003-05-21 22:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2016-09-15 15:11 - 2003-05-21 22:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2016-09-15 15:11 - 2003-05-21 22:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2016-09-15 15:11 - 2003-03-25 04:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2016-09-15 15:11 - 2000-03-14 19:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2016-09-15 15:09 - 2016-09-15 15:10 - 35645576 _____ (Flash-Integro LLC ) C:\Users\Gaming\Downloads\video_editor.exe
2016-09-15 14:42 - 2016-09-15 14:42 - 00000000 ____D C:\ProgramData\iSkysoft
2016-09-15 14:41 - 2016-09-15 14:41 - 00000000 ____D C:\Users\Gaming\AppData\Local\iSkysoft
2016-09-15 14:39 - 2016-09-15 14:39 - 00808800 _____ C:\Users\Gaming\Downloads\video-editor_setup_full715.exe
2016-09-15 14:38 - 2016-09-15 14:38 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\WMM
2016-09-15 14:37 - 2016-09-15 15:17 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-09-15 14:35 - 2016-09-15 14:37 - 26689458 _____ (videowinsoft.com ) C:\Users\Gaming\Downloads\windows-movie-maker-2016.exe
2016-09-15 14:30 - 2016-09-15 14:30 - 00000000 ____D C:\Users\Gaming\.thumbnails
2016-09-15 13:52 - 2016-09-16 13:24 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-09-14 08:24 - 2016-09-01 20:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-14 08:24 - 2016-09-01 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-14 08:24 - 2016-09-01 04:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-14 08:24 - 2016-09-01 04:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 08:24 - 2016-09-01 03:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-14 08:24 - 2016-09-01 03:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 08:24 - 2016-09-01 03:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-14 08:24 - 2016-09-01 03:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-14 08:24 - 2016-09-01 03:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-14 08:24 - 2016-09-01 03:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 08:24 - 2016-09-01 03:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-14 08:24 - 2016-09-01 03:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-14 08:24 - 2016-09-01 03:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-14 08:24 - 2016-09-01 03:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 08:24 - 2016-09-01 03:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-14 08:24 - 2016-09-01 03:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-14 08:24 - 2016-09-01 03:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-14 08:24 - 2016-09-01 02:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-14 08:24 - 2016-09-01 02:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-14 08:24 - 2016-09-01 02:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-14 08:24 - 2016-09-01 02:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-14 08:24 - 2016-09-01 02:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-14 08:24 - 2016-09-01 02:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-14 08:24 - 2016-09-01 02:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-14 08:24 - 2016-09-01 02:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 08:24 - 2016-09-01 02:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-14 08:24 - 2016-09-01 02:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-14 08:24 - 2016-09-01 02:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 08:24 - 2016-09-01 02:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 08:24 - 2016-09-01 01:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 08:24 - 2016-09-01 01:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 08:24 - 2016-09-01 01:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 08:24 - 2016-09-01 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-14 08:24 - 2016-09-01 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-14 08:24 - 2016-09-01 01:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 08:24 - 2016-09-01 01:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-14 08:24 - 2016-09-01 01:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 08:24 - 2016-09-01 01:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 08:24 - 2016-09-01 01:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-14 08:24 - 2016-09-01 01:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-14 08:24 - 2016-09-01 01:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-14 08:24 - 2016-09-01 01:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-14 08:24 - 2016-09-01 01:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-14 08:24 - 2016-09-01 01:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-14 08:24 - 2016-09-01 01:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-14 08:24 - 2016-09-01 01:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-14 08:24 - 2016-09-01 01:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 08:24 - 2016-09-01 01:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-14 08:24 - 2016-09-01 01:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 08:24 - 2016-09-01 01:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-14 08:24 - 2016-09-01 00:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-14 08:24 - 2016-09-01 00:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-14 08:24 - 2016-09-01 00:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-14 08:24 - 2016-09-01 00:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-14 08:24 - 2016-09-01 00:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-14 08:24 - 2016-09-01 00:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-14 08:24 - 2016-09-01 00:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-14 08:24 - 2016-09-01 00:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-14 08:24 - 2016-09-01 00:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-14 08:24 - 2016-09-01 00:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 08:24 - 2016-09-01 00:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-14 08:24 - 2016-09-01 00:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-14 08:24 - 2016-09-01 00:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 08:24 - 2016-09-01 00:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 08:24 - 2016-08-31 23:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 08:24 - 2016-08-31 23:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 08:24 - 2016-08-12 17:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 08:24 - 2016-08-12 17:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 08:24 - 2016-08-12 17:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 08:23 - 2016-09-02 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 08:23 - 2016-09-02 16:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 08:23 - 2016-09-02 16:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 08:23 - 2016-09-02 16:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-14 08:23 - 2016-09-02 16:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 08:23 - 2016-09-02 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 08:23 - 2016-09-02 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-14 08:23 - 2016-09-02 16:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-14 08:23 - 2016-09-02 16:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-14 08:23 - 2016-09-02 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-14 08:23 - 2016-09-02 16:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-14 08:23 - 2016-09-02 16:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 08:23 - 2016-09-02 16:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-14 08:23 - 2016-09-02 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-14 08:23 - 2016-09-02 16:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-14 08:23 - 2016-09-02 16:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-14 08:23 - 2016-09-02 16:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-14 08:23 - 2016-09-02 16:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 16:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-14 08:23 - 2016-09-02 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-14 08:23 - 2016-09-02 16:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-14 08:23 - 2016-09-02 16:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-14 08:23 - 2016-09-02 15:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-14 08:23 - 2016-09-02 15:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-14 08:23 - 2016-09-02 15:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 08:23 - 2016-09-02 15:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 08:23 - 2016-09-02 15:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 08:23 - 2016-09-02 15:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-14 08:23 - 2016-09-02 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-14 08:23 - 2016-09-02 15:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-14 08:23 - 2016-09-02 15:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-14 08:23 - 2016-09-02 15:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-14 08:23 - 2016-09-02 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-14 08:23 - 2016-09-02 15:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-14 08:23 - 2016-09-02 15:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-14 08:23 - 2016-09-02 15:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 15:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 08:23 - 2016-09-02 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 08:23 - 2016-08-16 18:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 08:23 - 2016-08-16 03:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 08:23 - 2016-08-16 03:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 08:23 - 2016-08-06 16:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 08:23 - 2016-08-06 16:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-08 16:17 - 2016-09-08 16:17 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\OpenOffice
2016-09-08 15:53 - 2016-09-08 15:53 - 00001180 _____ C:\Users\Gaming\Desktop\OpenOffice 4.1.2.lnk
2016-09-08 15:53 - 2016-09-08 15:53 - 00000000 ___SD C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-09-08 15:53 - 2016-09-08 15:53 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-09-08 15:52 - 2016-09-08 15:52 - 00000000 ____D C:\Users\Gaming\Desktop\OpenOffice 4.1.2 (en-GB) Installation Files
2016-09-08 15:45 - 2016-09-08 15:45 - 00053471 _____ C:\Users\Gaming\Desktop\StrengthShopReturnsForm.pdf
2016-09-07 12:21 - 2016-09-07 12:21 - 00000000 ____D C:\Users\Gaming\Downloads\SafeZone Installer
2016-09-07 12:20 - 2016-09-07 12:20 - 00001912 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2016-09-07 12:20 - 2016-09-07 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-09-07 12:20 - 2016-02-24 21:07 - 00207968 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2016-09-07 12:19 - 2016-09-07 12:19 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-09-07 12:19 - 2016-09-07 12:19 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-09-07 12:19 - 2016-09-07 12:19 - 00000000 ____D C:\ProgramData\Intel Security
2016-09-07 12:18 - 2016-09-07 12:20 - 00000000 ____D C:\Program Files\McAfee
2016-09-07 12:18 - 2016-09-07 12:18 - 00000000 ____D C:\Program Files\McAfee.com
2016-09-07 12:17 - 2016-09-07 12:20 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-09-07 12:17 - 2016-09-07 12:17 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-09-07 12:17 - 2016-09-07 12:17 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-09-07 12:15 - 2016-09-07 12:19 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-09-07 12:15 - 2016-04-26 17:56 - 00277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-09-07 11:34 - 2016-09-07 11:34 - 00025100 _____ C:\Users\Gaming\Desktop\Online Declaration Form.pdf
2016-09-02 12:03 - 2016-09-02 12:03 - 00057129 _____ C:\Users\Gaming\Desktop\Private-Car-Sale-Receipt-PDF-Download.pdf
2016-09-01 11:57 - 2016-09-01 11:57 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-08-31 05:33 - 2016-08-31 05:33 - 00044952 _____ () C:\Windows\system32\Drivers\staport.sys
2016-08-29 21:05 - 2016-09-16 14:11 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Skype
2016-08-29 21:05 - 2016-08-29 21:21 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-29 21:05 - 2016-08-29 21:20 - 00000000 ____D C:\ProgramData\Skype
2016-08-29 21:05 - 2016-08-29 21:05 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-08-29 21:05 - 2016-08-29 21:05 - 00000000 ____D C:\Users\Gaming\Tracing
2016-08-29 21:05 - 2016-08-29 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-08-24 15:24 - 2016-08-24 15:25 - 00000000 ____D C:\Users\Gaming\Desktop\Stranded-Deep-v0.12.H1_www.FreeGamesDL.net
2016-08-21 18:41 - 2016-07-07 16:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-08-21 18:41 - 2016-07-07 16:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-08-21 18:41 - 2016-07-07 16:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-08-21 18:41 - 2016-07-07 16:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-08-21 18:41 - 2016-07-01 16:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-08-21 18:41 - 2016-07-01 16:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-08-21 18:41 - 2016-07-01 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-08-21 18:41 - 2016-07-01 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-08-19 07:54 - 2016-08-19 07:54 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\PDAppFlex
2016-08-17 13:54 - 2016-08-17 13:54 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Macromedia
2016-08-17 13:53 - 2016-08-17 13:53 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-08-17 13:52 - 2016-08-17 14:00 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-08-17 13:52 - 2016-08-17 14:00 - 00002037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-08-17 13:52 - 2016-08-17 13:52 - 00002014 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2016-08-17 13:23 - 2016-08-17 13:23 - 00000000 ____D C:\Users\Gaming\AppData\Local\AbleWord
2016-08-17 13:21 - 2016-08-17 13:21 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\AbleWord
2016-08-17 09:09 - 2016-07-08 16:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-17 09:09 - 2016-07-08 16:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 14:09 - 2016-05-29 14:31 - 00000000 __SHD C:\Users\Gaming\IntelGraphicsProfiles
2016-09-16 14:09 - 2016-05-29 13:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-16 14:09 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-16 14:09 - 2009-07-14 05:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-16 14:08 - 2016-05-29 13:38 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-16 14:08 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-16 14:03 - 2016-05-29 13:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-16 13:52 - 2016-06-26 15:55 - 00000000 ____D C:\Users\Public\CineForm
2016-09-16 13:45 - 2009-07-14 06:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-16 13:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-09-16 12:35 - 2016-05-29 14:05 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-15 16:54 - 2016-07-22 22:11 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-09-15 16:48 - 2009-07-14 05:45 - 00301200 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-15 16:39 - 2016-05-29 14:34 - 00067240 _____ C:\Users\Gaming\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-15 16:38 - 2009-07-14 08:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-09-15 16:30 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-09-15 16:26 - 2016-05-29 13:24 - 00000000 ____D C:\Users\Gaming
2016-09-15 15:24 - 2016-06-13 10:59 - 00000000 ____D C:\Users\Gaming\AppData\Local\CrashDumps
2016-09-14 08:55 - 2016-05-29 14:24 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-14 08:55 - 2016-05-29 14:24 - 00000000 ____D C:\Windows\system32\MRT
2016-09-08 13:43 - 2016-05-29 14:05 - 00000000 ____D C:\ProgramData\McAfee
2016-09-07 15:05 - 2016-08-05 12:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-07 12:17 - 2016-05-31 16:45 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-21 18:33 - 2016-05-29 13:56 - 00000000 ____D C:\Users\Gaming\Desktop\Personal Training
2016-08-18 14:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-18 13:52 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-08-18 09:05 - 2016-05-29 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-17 15:48 - 2016-05-29 14:02 - 00000000 ____D C:\Users\Gaming\AppData\Local\Adobe
2016-08-17 13:55 - 2016-06-03 10:53 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Adobe
2016-08-17 13:54 - 2016-05-29 14:03 - 00000000 ____D C:\ProgramData\Adobe
2016-08-17 13:49 - 2016-05-29 14:04 - 00000000 ____D C:\Program Files (x86)\Adobe
 
Some files in TEMP:
====================
C:\Users\Gaming\AppData\Local\Temp\AutoWifi.exe
C:\Users\Gaming\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Gaming\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Gaming\AppData\Local\Temp\devcon64.exe
C:\Users\Gaming\AppData\Local\Temp\libeay32.dll
C:\Users\Gaming\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Gaming\AppData\Local\Temp\msvcr120.dll
C:\Users\Gaming\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-26 11:47
 
==================== End of FRST.txt ============================

Addition.txt as follows;

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016

Ran by Gaming (16-09-2016 14:16:10)
Running from C:\Users\Gaming\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-05-29 12:24:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-6295810-3929519030-725474577-500 - Administrator - Disabled)
Gaming (S-1-5-21-6295810-3929519030-725474577-1000 - Administrator - Enabled) => C:\Users\Gaming
Guest (S-1-5-21-6295810-3929519030-725474577-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-6295810-3929519030-725474577-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Free2X Webcam Recorder 1.0.0.1 (HKLM-x32\...\Free2X Webcam Recorder_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.63 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoPro (Version: 0.1.2733 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.)
GoPro Studio (x32 Version: 5.9.2733 - GoPro, Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 15.0.166 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.266 - McAfee, Inc.)
Mediatek RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.126 - MediatekWiFi)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-6295810-3929519030-725474577-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Word 97 (HKLM-x32\...\Word8.0) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.2.0.6025 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 en-US)) (Version: 45.2.0 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 3.0.0.12 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.021 - MSI)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OnePlus USB Drivers 1.00 (HKLM-x32\...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}) (Version: 4.12.9782 - Apache Software Foundation)
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Windows Driver Package - OnePlus, Inc. (WinUSB) AndroidUsbDeviceClass  (05/24/2012 6.0.0000.00000) (HKLM\...\59AFF6524BE5C0983F2711DEB8D25D511D4F4924) (Version: 05/24/2012 6.0.0000.00000 - OnePlus, Inc.)
XSplit Gamecaster (HKLM-x32\...\{7CBDC2CD-F5C7-4DD3-91C8-1E4D68924955}) (Version: 1.9.1409.2308 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-6295810-3929519030-725474577-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-6295810-3929519030-725474577-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-6295810-3929519030-725474577-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-6295810-3929519030-725474577-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-6295810-3929519030-725474577-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-6295810-3929519030-725474577-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-6295810-3929519030-725474577-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {25997F27-E55B-49DE-AE77-264E858CDCDE} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {2B99E77C-AE5D-4503-A03F-532FC4367B01} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {3DF63730-D6BE-4800-A981-343037C9C087} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-07-07] (McAfee, Inc.)
Task: {47F876AE-5613-4880-B900-24588D78C986} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {A1C0FFD2-80C9-4081-A461-9ECA00FD9EBC} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {BB46C92A-9616-42A2-A277-5DA4F639A78B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {E653A7B8-D98B-44E3-8C1D-7C161EB8D387} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29] (Google Inc.)
Task: {F1BE1142-4830-4257-BCDC-21D21967C480} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-29] (Google Inc.)
Task: {F2FEF561-6841-4D39-830B-26BA95B3A819} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-05] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Gaming\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-12 00:39 - 2016-05-12 00:39 - 01088944 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
1997-08-19 00:00 - 1997-08-19 00:00 - 00111376 _____ () C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE
2016-05-12 00:39 - 2016-05-12 00:39 - 00037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2016-05-31 10:44 - 2016-05-25 00:24 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libglesv2.dll
2016-05-31 10:44 - 2016-05-25 00:24 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libegl.dll
2016-08-03 09:17 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
1997-08-19 00:00 - 1997-08-19 00:00 - 03782416 _____ () C:\Program Files (x86)\Microsoft Office\Office\MSO97.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2016-08-11 18:06 - 00000857 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-6295810-3929519030-725474577-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{F8A8794F-4022-4518-8DDD-E2A22EED97D1}] => (Allow) C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe
FirewallRules: [{B9AD8E03-2827-452E-A13D-7EF7A20F4A19}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{45193877-EF2F-4AC7-AFE8-7C0303D6662D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C5D95C9B-01AB-4458-B321-8BCFE1C37C40}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{98EBA3B9-7FE0-42E5-8501-0D9B1288F1D4}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{63F570CC-D255-4541-88FE-C5334B61E0C8}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B01F24F1-D5D7-4F6B-A1D0-DC8E3D505EF3}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{8A66C493-E98D-4CDE-9E91-BB074EBEB2B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{790948E9-6A93-4BD6-B4DD-45629F84E539}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe
FirewallRules: [{202E58DA-2AB0-494F-AB77-309F033F71F3}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{DB0EAA21-3FAC-453A-BE23-0A6F19025C25}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{2262A05B-62FD-4256-9025-1EE8D2100C90}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{FE780C07-BE58-4286-9D24-4EA83030690E}] => (Allow) E:\Steam\steamapps\common\Bus Simulator 16\BusSimulator16.exe
FirewallRules: [{4A578BEB-70A2-42E5-8479-79E659B65198}] => (Allow) E:\Steam\steamapps\common\Bus Simulator 16\BusSimulator16.exe
FirewallRules: [{9AB4DFD8-2D06-4BA8-A375-939645393655}] => (Allow) E:\Steam\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{30DD30D8-A43E-46E4-A2BD-1E20305F21F9}] => (Allow) E:\Steam\steamapps\common\RailWorks\RailWorks.exe
FirewallRules: [{9114628F-FBBB-4B68-BE32-72F96CEA8380}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9D33FCCF-54B7-4410-B0DA-3A04FC4BFE60}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{CF304E96-A9D6-42BD-824C-F3B63752EFA3}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{13653F5C-9098-438F-8B76-5AE50FAAC338}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{E8427A8A-4DE2-4755-8F92-2CA1BAA1BD57}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{7D5E24EC-477D-446C-BD6B-C9756B9C1C73}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{0FBD2344-FD91-4A2D-9C2B-E907B60F86B1}] => (Allow) E:\Steam\steamapps\common\OMSI 2\Omsi.exe
FirewallRules: [{3ACC0A51-6A93-45B9-BDED-89CD044B0705}] => (Allow) E:\Steam\steamapps\common\OMSI 2\Omsi.exe
FirewallRules: [{E59A7588-9A64-4C54-9305-E6B3307640C5}] => (Allow) C:\Users\Gaming\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{7737442E-D0AF-40B6-B866-33DA6E1FFD12}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{06B27244-C5E9-4FA8-A988-743F88B0893F}] => (Allow) LPort=2869
FirewallRules: [{17FE6308-A4AA-4DEB-AB8B-06913255C465}] => (Allow) LPort=1900
FirewallRules: [{6631654C-E25B-4E23-AC98-FC494C2B355F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
 
==================== Restore Points =========================
 
08-09-2016 12:34:36 Scheduled Checkpoint
08-09-2016 15:52:54 Installed OpenOffice 4.1.2
14-09-2016 08:54:20 Windows Update
15-09-2016 13:45:49 Windows Update
15-09-2016 14:29:35 Installed Blender
15-09-2016 14:33:00 Removed Blender
15-09-2016 14:38:02 Installed DirectX
15-09-2016 15:11:41 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
15-09-2016 15:17:55 Installed DirectX
15-09-2016 16:25:15 Windows Live Essentials
15-09-2016 16:27:11 Installed DirectX
15-09-2016 16:27:53 Installed DirectX
15-09-2016 16:28:32 Installed DirectX
15-09-2016 16:30:17 WLSetup
15-09-2016 16:35:28 Windows Update
16-09-2016 12:45:45 Installed Blender
16-09-2016 13:44:51 Removed Blender
16-09-2016 13:46:40 Removed Cisco EAP-FAST Module
16-09-2016 13:46:52 Removed Cisco LEAP Module
16-09-2016 13:47:23 Removed Cisco PEAP Module
16-09-2016 14:11:11 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Ethernet Controller
Description: Ethernet Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/15/2016 05:25:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vegaspro13.0.373_64bit.exe version 1.0.0.44 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10bc
 
Start Time: 01d20f6d86693b12
 
Termination Time: 21434
 
Application Path: C:\Users\Gaming\Downloads\vegaspro13.0.373_64bit.exe
 
Report Id:
 
Error: (09/15/2016 04:26:10 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Gaming-PC)
Description: Application or service 'Windows Search' could not be shut down.
 
Error: (09/15/2016 03:25:02 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/15/2016 03:25:02 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/15/2016 03:24:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MovieMaker.exe, version: 16.4.3528.331, time stamp: 0x533a401b
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0689666c
Faulting process id: 0x1fac
Faulting application start time: 0x01d20f5bffd0edcf
Faulting application path: C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
Faulting module path: unknown
Report Id: 20f6574e-7b50-11e6-b8c3-edff53262f86
 
Error: (09/15/2016 03:18:27 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/15/2016 03:18:27 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/08/2016 05:40:40 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Steam Client WebHelper because of this error.
 
Program: Steam Client WebHelper
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000026E
Disk type: 0
 
Error: (09/08/2016 05:40:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: steamwebhelper.exe, version: 3.58.42.68, time stamp: 0x57bc9566
Faulting module name: libcef.dll, version: 3.2623.1395.0, time stamp: 0x57a38be1
Exception code: 0xc0000006
Fault offset: 0x02407b51
Faulting process id: 0x1064
Faulting application start time: 0x01d209bc992aff4e
Faulting application path: E:\Steam\bin\steamwebhelper.exe
Faulting module path: E:\Steam\bin\libcef.dll
Report Id: fa075283-75e2-11e6-ab5a-87059285e1ba
 
Error: (08/21/2016 07:18:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fitbit Connect.exe, version: 2.0.1.6742, time stamp: 0x5630c9ca
Faulting module name: Fitbit Connect.exe, version: 2.0.1.6742, time stamp: 0x5630c9ca
Exception code: 0x40000015
Fault offset: 0x001e2080
Faulting process id: 0xc7c
Faulting application start time: 0x01d1fb73c932a59a
Faulting application path: C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
Faulting module path: C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
Report Id: 1817cc05-6767-11e6-aeb1-e4d88453fd96
 
 
System errors:
=============
Error: (09/16/2016 02:11:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/16/2016 02:07:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\RAIHV.dll
 
Error: (09/16/2016 02:07:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\RAIHV.dll
 
Error: (09/16/2016 02:07:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.
 
Error: (09/16/2016 02:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/16/2016 02:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.
 
Error: (09/16/2016 02:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/16/2016 02:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/16/2016 02:07:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GoPro Device Detection Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/16/2016 02:07:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\system32\RAIHV.dll
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8084.54 MB
Available physical RAM: 5163.25 MB
Total Virtual: 16167.25 MB
Available Virtual: 13017.49 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.76 GB) (Free:400.21 GB) NTFS
Drive e: (SAMSUNG) (Fixed) (Total:1863.01 GB) (Free:1761.2 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: CCF08373)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F93D6030)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 0D01B156)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#5 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:10 PM

Posted 16 September 2016 - 09:08 AM

A pretty clean computer on the whole and just a bit of tidying up needed.

You need to move Farbar Recovery Scan Tool to your desktop otherwise fixes will not work.

  • go to your Downloads folder and locate Farbar Recovery Scan Tool
  • right click and select Cut
  • go to an empty spot on your desktop, right click and select Paste

Farbar Recovery Scan Tool should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn => not found
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160718.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160718.001\EX64.SYS [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
2016-09-15 14:42 - 2016-09-15 14:42 - 00000000 ____D C:\ProgramData\iSkysoft
2016-09-15 14:41 - 2016-09-15 14:41 - 00000000 ____D C:\Users\Gaming\AppData\Local\iSkysoft
2016-09-07 15:05 - 2016-08-05 12:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-07 12:17 - 2016-05-31 16:45 - 00000000 ____D C:\Program Files\Common Files\AV
C:\Program Files (x86)\Common Files\iSkysoft
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

Run Security Check

 

Download Security Check by screen317 from here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!, try rebooting the system and then run SecurityCheck again.

Logs to include with next post:

Fixlog.txt
checkup.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 UKScorpion

UKScorpion
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 September 2016 - 09:24 AM

Thank you :)

 

Fixlog.txt as follows;

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by Gaming (16-09-2016 15:20:30) Run:1
Running from C:\Users\Gaming\Desktop
Loaded Profiles: Gaming (Available Profiles: Gaming)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2080768 2014-09-11] (iSkySoft)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn => not found
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160718.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160718.001\EX64.SYS [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
2016-09-15 14:42 - 2016-09-15 14:42 - 00000000 ____D C:\ProgramData\iSkysoft
2016-09-15 14:41 - 2016-09-15 14:41 - 00000000 ____D C:\Users\Gaming\AppData\Local\iSkysoft
2016-09-07 15:05 - 2016-08-05 12:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-07 12:17 - 2016-05-31 16:45 - 00000000 ____D C:\Program Files\Common Files\AV
C:\Program Files (x86)\Common Files\iSkysoft
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iSkysoft Helper Compact.exe => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{40211632-250D-4B8C-B04E-DA45BAE6DF8C} => value removed successfully
MSICDSetup => service removed successfully
NAVENG => service removed successfully
NAVEX15 => service removed successfully
NTIOLib_1_0_C => service removed successfully
C:\ProgramData\iSkysoft => moved successfully
C:\Users\Gaming\AppData\Local\iSkysoft => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Program Files\Common Files\AV => moved successfully
C:\Program Files (x86)\Common Files\iSkysoft => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 135842529 B
Java, Flash, Steam htmlcache => 31672163 B
Windows/system/drivers => 145673335 B
Edge => 0 B
Chrome => 806533311 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58558537 B
systemprofile32 => 69836 B
LocalService => 66228 B
NetworkService => 84278 B
Gaming => 196583276 B
 
RecycleBin => 0 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:20:42 ====


#7 UKScorpion

UKScorpion
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 September 2016 - 09:35 AM

checkup.txt as follows;

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 101  
 Java version 32-bit out of Date! 
 Mozilla Thunderbird (45.2.0) 
 Google Chrome 31.0.1650.59 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log`````````````````````` 


#8 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:10 PM

Posted 16 September 2016 - 10:15 AM

Any problems remaining?


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 UKScorpion

UKScorpion
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 16 September 2016 - 12:38 PM

No it appears to be fine now! Thank you very much :)



#10 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:10 PM

Posted 16 September 2016 - 04:45 PM

As long as you’re happy that your computer appears to be clean, let’s clear up.

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update Java

Your version of Java is out-of-date and need to be removed and updated.

Having the latest updates and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall:


Java 8 Update 101

 

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

NEXT

Install the latest version of Java:

Java

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

Java.gif

Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.

More information can be found here.

===================================================

Update Google Chrome

  • open Chrome
  • at the top right, click More
  • click Update Google Chrome, (If you don't see this button, you've got the latest version)
  • click Relaunch.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 satchfan

satchfan

  • Malware Response Team
  • 2,792 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:05:10 PM

Posted 18 September 2016 - 03:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users