Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Adware Every Pc Restart


  • This topic is locked This topic is locked
45 replies to this topic

#1 nomore568

nomore568

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 October 2016 - 01:55 PM

Every time i restart my computer then run a scan with malware bytes there is always either new adware marked red or yellow or a ton of pups or both idk whats going on but can anyone help.



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 13 October 2016 - 02:14 PM

Hi nomore568 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

To begin, I'll need a set of FRST logs. Follow the instructions below please.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 October 2016 - 02:19 PM

can you provide a download to frst?



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 13 October 2016 - 02:21 PM

Oups my bad, here goes. Download the version for your system (32-bit or 64-bit). If you don't know which one you should use, download them both. Only one will work, and you'll know that it's the one you need to use.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 October 2016 - 02:23 PM

ok i have it scanning now



#6 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 October 2016 - 02:26 PM

ok here are the results

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-10-2016
Ran by Dareon (administrator) on OWNER-PC (13-10-2016 13:22:59)
Running from C:\Users\Dareon.Owner-PC\Desktop\frst
Loaded Profiles: Dareon (Available Profiles: Dareon & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Users\Public\Pictures\DIIhost.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Hammer & Chisel, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\Discord.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Hammer & Chisel, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\Discord.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [fecal] => "C:\Program Files (x86)\irritable\escalation.exe"
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-09-13] (LogMeIn Inc.)
HKLM-x32\...\Run: [poisonous] => "C:\Program Files (x86)\irritable\escalation.exe"
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-07] (Valve Corporation)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334528 2016-08-04] (Echobit LLC)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [DIIhost] => C:\Users\Public\Pictures\DIIhost.exe [47616 2016-08-18] ()
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [MurGee.com Auto Clicker] => C:\Users\Dareon.Owner-PC\AppData\Roaming\Auto Clicker\AutoClicker.exe [124072 2016-04-20] (MurGee.com)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [Discord] => C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [analytically] => "C:\Program Files (x86)\irritable\escalation.exe"
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [callused] => "C:\Program Files (x86)\irritable\escalation.exe"
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\DAREON~1.OWN\Desktop\3DMAZE~1.SCR
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helmick.lnk [2016-10-10]
ShortcutTarget: helmick.lnk -> C:\Program Files (x86)\irritable\escalation.exe (No File)
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk [2016-10-10]
ShortcutTarget: WO Mic Client.lnk -> C:\Program Files (x86)\WOMic\WOMicClient.exe (No File)
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helmick.lnk [2016-10-10]
ShortcutTarget: helmick.lnk -> C:\Program Files (x86)\irritable\escalation.exe (No File)
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk [2016-10-10]
ShortcutTarget: WO Mic Client.lnk -> C:\Program Files (x86)\WOMic\WOMicClient.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{611C0765-E2BE-4264-AF52-8D85DACACA25}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-08-06] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-03] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-03] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-03] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-08-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-1871851679-1302881600-127590598-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-08-03] (Google Inc.)

FireFox:
========
FF DefaultProfile: etio5tsa.default
FF ProfilePath: C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default [2016-10-13]
FF Homepage: Mozilla\Firefox\Profiles\etio5tsa.default -> hxxp://www.tremorgames.com/profiles/816005/nomore568.html
FF Extension: (MEGA) - C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default\Extensions\firefox@mega.co.nz.xpi [2016-10-11]
FF Extension: (Adblock Plus) - C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-08-06]
FF HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default [2016-09-21]
CHR Extension: (Google Drive) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-08-04] (Echobit LLC)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2621448 2016-09-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-08-31] (LogMeIn, Inc.)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-08-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2016-08-04] (Echobit, LLC)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-16] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [133248 2016-07-06] (BigNox Corporation)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [27648 2016-08-31] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-13 13:22 - 2016-10-13 13:22 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\frst
2016-10-13 13:22 - 2016-10-13 13:22 - 00000000 ____D C:\FRST
2016-10-12 03:45 - 2016-09-30 01:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 03:45 - 2016-09-30 00:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 03:45 - 2016-09-29 23:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 03:45 - 2016-09-29 23:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 03:45 - 2016-09-29 23:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 03:45 - 2016-09-29 23:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 03:45 - 2016-08-12 11:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 03:45 - 2016-08-12 10:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-12 03:44 - 2016-09-30 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-12 03:44 - 2016-09-30 13:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-12 03:44 - 2016-09-30 09:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 03:44 - 2016-09-30 09:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-12 03:44 - 2016-09-30 09:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-12 03:44 - 2016-09-30 00:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-12 03:44 - 2016-09-30 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-12 03:44 - 2016-09-30 00:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-12 03:44 - 2016-09-30 00:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 03:44 - 2016-09-30 00:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 03:44 - 2016-09-30 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-12 03:44 - 2016-09-30 00:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-12 03:44 - 2016-09-30 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-12 03:44 - 2016-09-30 00:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-12 03:44 - 2016-09-30 00:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-12 03:44 - 2016-09-30 00:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-12 03:44 - 2016-09-30 00:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-12 03:44 - 2016-09-30 00:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-12 03:44 - 2016-09-30 00:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-12 03:44 - 2016-09-30 00:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-12 03:44 - 2016-09-30 00:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-12 03:44 - 2016-09-30 00:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-12 03:44 - 2016-09-29 23:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-12 03:44 - 2016-09-29 23:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-12 03:44 - 2016-09-29 23:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-12 03:44 - 2016-09-29 23:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-12 03:44 - 2016-09-29 23:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-12 03:44 - 2016-09-29 23:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-12 03:44 - 2016-09-29 23:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-12 03:44 - 2016-09-29 23:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 03:44 - 2016-09-29 23:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-12 03:44 - 2016-09-29 23:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-12 03:44 - 2016-09-29 23:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-12 03:44 - 2016-09-29 23:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-12 03:44 - 2016-09-29 23:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 03:44 - 2016-09-29 23:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-12 03:44 - 2016-09-29 23:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-12 03:44 - 2016-09-29 23:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-12 03:44 - 2016-09-29 23:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-12 03:44 - 2016-09-29 23:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-12 03:44 - 2016-09-29 23:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 03:44 - 2016-09-29 23:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-12 03:44 - 2016-09-29 23:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-12 03:44 - 2016-09-29 23:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-12 03:44 - 2016-09-29 23:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-12 03:44 - 2016-09-29 23:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-12 03:44 - 2016-09-29 23:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-12 03:44 - 2016-09-29 23:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-12 03:44 - 2016-09-29 23:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-12 03:44 - 2016-09-29 23:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 03:44 - 2016-09-29 23:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-12 03:44 - 2016-09-29 23:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-12 03:44 - 2016-09-29 23:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-12 03:44 - 2016-09-29 23:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-12 03:44 - 2016-09-29 23:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-12 03:44 - 2016-09-29 23:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-12 03:44 - 2016-09-29 23:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 03:44 - 2016-09-29 23:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-12 03:44 - 2016-09-29 23:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 03:44 - 2016-09-29 22:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-12 03:44 - 2016-09-29 22:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 03:44 - 2016-09-29 22:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 03:44 - 2016-09-29 22:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-12 03:44 - 2016-09-15 09:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 03:44 - 2016-09-15 09:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-12 03:44 - 2016-09-15 09:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 03:44 - 2016-09-15 09:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-12 03:44 - 2016-09-12 15:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-12 03:44 - 2016-09-12 15:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-12 03:44 - 2016-09-12 15:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-12 03:44 - 2016-09-12 15:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-12 03:44 - 2016-09-12 14:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-12 03:44 - 2016-09-12 14:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-12 03:44 - 2016-09-12 14:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-12 03:44 - 2016-09-12 14:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-12 03:44 - 2016-09-12 14:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-12 03:44 - 2016-09-12 14:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-12 03:44 - 2016-09-12 14:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-12 03:44 - 2016-09-12 14:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-12 03:44 - 2016-09-12 14:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-12 03:44 - 2016-09-12 13:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 03:44 - 2016-09-12 12:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 03:44 - 2016-09-12 12:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 03:44 - 2016-09-10 10:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 03:44 - 2016-09-10 09:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 03:44 - 2016-09-09 12:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 03:44 - 2016-09-09 12:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 03:44 - 2016-09-09 12:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 12:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-12 03:44 - 2016-09-09 12:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-12 03:44 - 2016-09-09 12:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 03:44 - 2016-09-09 12:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-12 03:44 - 2016-09-09 12:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-12 03:44 - 2016-09-09 11:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-12 03:44 - 2016-09-09 11:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-12 03:44 - 2016-09-09 11:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-12 03:44 - 2016-09-09 11:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-12 03:44 - 2016-09-09 11:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-12 03:44 - 2016-09-09 11:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-12 03:44 - 2016-09-09 11:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-12 03:44 - 2016-09-09 11:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-12 03:44 - 2016-09-09 11:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-12 03:44 - 2016-09-09 11:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-12 03:44 - 2016-09-09 11:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-12 03:44 - 2016-09-08 14:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-12 03:44 - 2016-09-08 14:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-12 03:44 - 2016-09-08 14:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-12 03:44 - 2016-09-08 14:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-12 03:44 - 2016-09-08 08:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 03:44 - 2016-09-08 08:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 03:44 - 2016-08-16 12:47 - 00419640 _____ C:\Windows\SysWOW64\locale.nls
2016-10-12 03:44 - 2016-08-16 12:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-12 03:44 - 2016-08-12 11:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-12 03:44 - 2016-08-12 11:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-12 03:44 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-12 03:44 - 2016-08-12 11:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-12 03:44 - 2016-08-12 10:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-12 03:44 - 2016-08-12 10:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-12 03:44 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-12 03:44 - 2016-08-12 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-12 03:44 - 2016-08-12 10:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-12 03:44 - 2016-08-06 09:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-12 03:44 - 2016-08-06 09:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-12 03:44 - 2016-08-06 09:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-12 03:44 - 2016-08-06 09:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-12 03:44 - 2016-08-06 09:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-12 03:44 - 2016-08-06 09:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-12 03:44 - 2016-08-06 09:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-12 03:44 - 2016-08-06 09:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-12 03:44 - 2016-08-06 09:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-12 03:44 - 2016-08-06 09:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-12 03:44 - 2016-08-06 09:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-12 03:44 - 2016-08-06 09:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-12 03:44 - 2016-08-06 09:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-12 03:44 - 2016-08-06 08:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-12 03:44 - 2016-08-06 08:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-12 03:44 - 2016-08-06 08:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-12 03:44 - 2016-06-14 11:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-12 03:44 - 2016-06-14 11:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-12 03:44 - 2016-06-14 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-12 03:44 - 2016-06-14 11:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-12 03:44 - 2016-06-14 09:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-12 03:44 - 2016-06-14 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-12 03:44 - 2016-06-14 09:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-12 03:44 - 2016-06-14 09:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-12 03:44 - 2016-06-14 09:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-12 03:44 - 2016-06-14 09:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-12 03:44 - 2016-06-14 09:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-12 03:44 - 2016-06-14 09:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-12 03:44 - 2016-06-14 09:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-12 03:32 - 2016-09-12 15:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-12 03:32 - 2016-09-12 15:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-12 03:32 - 2016-09-09 09:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-12 03:32 - 2016-09-09 09:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-12 03:32 - 2016-09-09 09:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-12 03:32 - 2016-09-09 09:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-12 03:32 - 2016-09-09 09:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-12 03:32 - 2016-09-09 09:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-12 03:32 - 2016-09-09 09:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-12 03:31 - 2016-08-29 09:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-12 03:31 - 2016-08-29 09:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-12 03:31 - 2016-08-29 09:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-12 03:31 - 2016-08-29 09:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-12 03:31 - 2016-08-29 09:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-12 03:31 - 2016-08-29 09:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-12 03:31 - 2016-08-29 09:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-12 03:31 - 2016-08-29 08:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-12 03:31 - 2016-08-16 14:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-12 03:31 - 2016-08-16 14:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-12 03:31 - 2016-08-16 14:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-12 03:31 - 2016-08-16 14:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-12 03:31 - 2016-08-16 14:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-12 03:31 - 2016-08-16 14:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-12 03:31 - 2016-08-16 14:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-12 03:20 - 2016-07-22 08:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-12 03:20 - 2016-07-22 08:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-10 05:51 - 2016-10-10 05:51 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Google
2016-10-10 04:27 - 2016-10-10 04:43 - 00002068 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-10-10 04:27 - 2016-10-10 04:43 - 00001873 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-10-10 04:27 - 2016-10-10 04:27 - 00000000 _____ C:\Users\Dareon.Owner-PC\AppData\Local\icka76680988.txt
2016-10-10 04:26 - 2016-10-10 04:43 - 00001914 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk
2016-10-10 04:26 - 2016-10-10 04:43 - 00001861 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2016-10-10 04:26 - 2016-10-10 04:26 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Google
2016-10-10 04:24 - 2016-10-10 04:24 - 19397312 _____ (Adobe Systems Incorporated) C:\Users\Dareon.Owner-PC\AppData\Local\install_flash_player_21_active_x.exe
2016-10-10 04:24 - 2016-10-10 04:24 - 00140288 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Installer.dat
2016-10-10 04:24 - 2016-10-10 04:24 - 00000003 _____ C:\Users\Dareon.Owner-PC\AppData\Local\run1.txt
2016-10-10 04:22 - 2016-10-10 04:22 - 00000000 ____D C:\Program Files\a1abd501a3cdbe5c3b3bcfba52e679c3
2016-10-10 04:21 - 2016-10-10 04:21 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll
2016-10-10 04:21 - 2016-10-10 04:21 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll
2016-10-10 02:58 - 2016-10-10 02:58 - 00291530 _____ C:\Users\Dareon.Owner-PC\AppData\Local\108374.exe
2016-10-10 02:58 - 2016-10-10 02:58 - 00127644 _____ C:\Users\Dareon.Owner-PC\AppData\Local\38443.exe
2016-10-10 02:58 - 2016-10-10 02:58 - 00040873 _____ C:\Users\Dareon.Owner-PC\AppData\Local\64447.exe
2016-10-10 02:58 - 2016-10-10 02:58 - 00034457 _____ C:\Users\Dareon.Owner-PC\AppData\Local\75566.exe
2016-10-10 02:44 - 2016-10-10 02:44 - 00110592 _____ C:\Users\Dareon.Owner-PC\murmur.sqlite
2016-10-10 00:04 - 2016-10-10 00:04 - 00002379 _____ C:\Users\Dareon.Owner-PC\Documents\MumbleAutomaticCertificateBackup.p12
2016-10-10 00:00 - 2016-10-10 00:24 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Mumble
2016-10-09 23:59 - 2016-10-09 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-10-09 23:59 - 2016-10-09 23:59 - 00000000 ____D C:\Program Files (x86)\Mumble
2016-10-09 23:57 - 2016-10-09 23:57 - 16642048 _____ C:\Users\Dareon.Owner-PC\Downloads\mumble-1.2.17.msi
2016-10-09 21:19 - 2016-10-09 21:19 - 00524473 _____ C:\Users\Dareon.Owner-PC\Downloads\Ultimate SAMP KeyBinder.rar
2016-10-08 23:38 - 2016-10-08 23:39 - 45218192 _____ C:\Users\Dareon.Owner-PC\Downloads\GrowtopiaInstaller(4).exe
2016-10-06 10:42 - 2016-10-06 10:42 - 00057424 _____ (K5ON85) C:\Windows\system32\Drivers\219cfa25d45f0fff2c1c0fd300b27e5d.sys
2016-10-05 00:43 - 2016-10-12 17:01 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Raynes School bleep
2016-10-05 00:42 - 2016-10-13 12:13 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Video Stuff
2016-10-05 00:41 - 2016-10-13 12:14 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\GAMES
2016-10-05 00:41 - 2016-10-13 12:12 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Hax
2016-10-05 00:01 - 2015-01-30 20:52 - 26341704 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 25255568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 19916432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 17559184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 13585736 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-10-05 00:01 - 2015-01-30 20:52 - 09185504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 07755632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 07639952 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 06295288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 02748232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 02576200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 02220176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 01868104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 01801544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6430908.dll
2016-10-05 00:01 - 2015-01-30 20:52 - 01510728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6430908.dll
2016-10-04 23:38 - 2016-10-05 00:26 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\NVIDIA Corporation
2016-10-04 23:36 - 2016-09-16 19:42 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-10-04 23:36 - 2016-09-16 19:42 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-10-04 23:36 - 2016-09-16 19:42 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-10-04 23:33 - 2016-10-04 23:34 - 68857168 _____ (NVIDIA Corporation) C:\Users\Dareon.Owner-PC\Downloads\GeForce_Experience_v3.0.6.48.exe
2016-10-03 18:03 - 2016-10-12 21:00 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Cubic
2016-10-03 17:44 - 2016-10-03 17:44 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Bytebin LLC
2016-10-02 23:05 - 2016-10-02 23:05 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Endless Loop Studios
2016-10-02 21:18 - 2016-10-03 22:43 - 00000000 ____D C:\Users\Dareon.Owner-PC\Documents\Rayne
2016-10-02 19:06 - 2016-10-02 19:06 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\enchant
2016-10-02 19:04 - 2016-10-03 22:51 - 00000000 ____D C:\Users\Dareon.Owner-PC\AbiSuite
2016-10-02 19:04 - 2016-10-02 19:04 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2016-10-02 19:04 - 2016-10-02 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2016-10-02 19:03 - 2016-10-02 19:04 - 00000000 ____D C:\Program Files (x86)\AbiWord
2016-10-02 19:01 - 2016-10-02 19:02 - 08335349 _____ (AbiSource Developers) C:\Users\Dareon.Owner-PC\Downloads\abiword-setup-2.8.6.exe
2016-10-02 18:54 - 2016-10-02 18:56 - 221753344 _____ C:\Users\Dareon.Owner-PC\Downloads\LibreOffice_5.2.2_Win_x86.msi
2016-10-01 23:30 - 2016-10-01 23:32 - 975147124 _____ C:\Users\Dareon.Owner-PC\Downloads\ableton_live_trial_9.6.2_64.zip
2016-09-29 22:01 - 2016-09-29 22:01 - 00013870 _____ C:\Users\Dareon.Owner-PC\Downloads\fpsboost(1).cfg
2016-09-29 22:00 - 2016-09-29 22:01 - 00013870 _____ C:\Users\Dareon.Owner-PC\Downloads\fpsboost.cfg
2016-09-29 21:25 - 2016-09-29 21:25 - 00001959 _____ C:\Users\Dareon.Owner-PC\Downloads\config(1).zip
2016-09-29 20:47 - 2016-09-29 20:48 - 12780479 _____ C:\Users\Dareon.Owner-PC\Downloads\pcsx2-0.9.8-installer.exe
2016-09-29 05:58 - 2016-05-13 16:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-29 05:58 - 2016-05-13 16:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-29 05:58 - 2016-05-13 16:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-29 05:58 - 2016-05-13 16:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-29 05:58 - 2016-05-13 15:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-29 05:58 - 2016-05-13 15:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-29 05:58 - 2016-05-13 15:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-29 05:58 - 2016-05-13 15:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-29 05:58 - 2016-05-13 15:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-29 05:58 - 2016-05-13 15:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-29 05:58 - 2016-05-13 15:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-29 05:58 - 2016-05-13 15:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-29 05:58 - 2016-05-13 15:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-29 05:58 - 2016-05-13 15:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-29 05:58 - 2016-05-13 15:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-29 05:58 - 2016-05-13 15:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-29 05:58 - 2016-05-12 11:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-29 05:58 - 2016-05-12 09:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-29 05:58 - 2016-05-12 09:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-29 05:58 - 2016-05-04 11:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-29 05:58 - 2016-05-04 11:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-29 05:58 - 2016-05-04 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-29 05:58 - 2016-05-04 11:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-29 05:58 - 2016-05-04 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-29 05:58 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-29 05:58 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-29 05:58 - 2016-05-04 11:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-29 05:58 - 2016-05-04 09:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-29 05:58 - 2016-05-04 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-29 05:58 - 2015-08-05 11:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-09-29 05:58 - 2015-06-01 18:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-09-29 05:58 - 2015-06-01 17:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2016-09-29 05:03 - 2015-07-30 07:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-09-29 05:03 - 2015-07-30 07:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-09-29 02:55 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2016-09-29 02:55 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2016-09-29 02:55 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2016-09-29 02:55 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2016-09-29 02:54 - 2016-08-12 10:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-29 02:54 - 2016-08-12 10:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-29 02:54 - 2016-08-12 10:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-29 02:54 - 2016-06-25 18:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-09-29 02:54 - 2016-06-25 18:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-09-29 02:54 - 2016-06-25 18:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-09-29 02:54 - 2016-06-25 18:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-09-29 02:54 - 2016-06-25 18:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-09-29 02:54 - 2016-06-25 13:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-09-29 02:54 - 2016-06-25 13:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-09-29 02:54 - 2016-06-25 13:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-09-29 02:54 - 2016-06-25 13:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-09-29 02:54 - 2016-06-25 13:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-09-29 02:54 - 2016-03-17 16:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-09-29 02:54 - 2016-03-17 16:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-09-29 02:54 - 2016-03-16 12:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-09-29 02:54 - 2016-03-16 12:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-09-29 02:54 - 2016-03-16 12:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-09-29 02:54 - 2016-03-06 12:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-09-29 02:54 - 2016-03-06 12:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-09-29 02:54 - 2016-03-06 12:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-09-29 02:54 - 2016-03-06 12:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-09-29 02:54 - 2016-02-02 12:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-09-29 02:54 - 2016-01-20 18:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-09-29 02:54 - 2015-11-19 08:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-09-29 02:54 - 2015-11-19 08:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-09-29 02:54 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-09-29 02:54 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-09-29 02:54 - 2015-11-13 17:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-09-29 02:54 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-09-29 02:54 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-09-29 02:54 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-09-29 02:54 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-09-29 02:54 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-09-29 02:53 - 2016-05-12 07:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-09-29 02:53 - 2016-05-12 07:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-09-29 02:53 - 2016-05-12 07:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-09-29 02:53 - 2016-04-09 01:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-09-29 02:53 - 2016-04-09 01:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-09-29 02:53 - 2016-04-09 00:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-09-29 02:53 - 2016-03-23 16:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-09-29 02:53 - 2016-02-05 12:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-09-29 02:53 - 2016-02-05 12:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-09-29 02:53 - 2016-02-05 11:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-09-29 02:53 - 2015-07-09 11:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-09-29 02:53 - 2015-07-09 11:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-09-29 02:53 - 2015-07-09 11:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-09-29 02:53 - 2015-07-09 11:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-09-29 02:53 - 2015-06-03 14:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-09-29 02:53 - 2015-02-02 21:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2016-09-29 02:53 - 2015-02-02 21:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2016-09-29 02:53 - 2015-01-28 21:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2016-09-29 02:53 - 2015-01-28 21:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2016-09-29 02:53 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2016-09-29 02:52 - 2016-08-16 11:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-29 02:52 - 2016-08-15 20:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-29 02:52 - 2016-08-05 09:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-29 02:52 - 2016-08-05 09:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-29 02:52 - 2016-07-07 09:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-29 02:52 - 2016-07-07 09:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-29 02:52 - 2016-07-07 09:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-29 02:52 - 2016-07-07 09:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-29 02:52 - 2016-05-13 16:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-09-29 02:52 - 2016-05-13 16:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-09-29 02:52 - 2016-05-13 16:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-09-29 02:52 - 2016-05-13 16:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-09-29 02:52 - 2016-05-13 16:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-09-29 02:52 - 2016-05-13 15:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-09-29 02:52 - 2016-05-13 15:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-09-29 02:52 - 2016-05-13 15:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-09-29 02:52 - 2016-05-13 15:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-09-29 02:52 - 2016-05-13 15:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-09-29 02:52 - 2016-03-23 16:40 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-09-29 02:52 - 2016-03-15 18:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-09-29 02:52 - 2016-03-15 18:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-09-29 02:52 - 2016-03-15 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-09-29 02:52 - 2016-02-04 19:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-09-29 02:52 - 2016-02-04 12:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-09-29 02:52 - 2016-02-03 12:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-09-29 02:52 - 2016-01-11 13:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-09-29 02:52 - 2015-12-20 12:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-09-29 02:52 - 2015-12-20 12:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-09-29 02:52 - 2015-12-20 08:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-29 02:52 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-09-29 02:52 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-09-29 02:52 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-09-29 02:52 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-09-29 02:52 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-09-29 02:52 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-09-29 02:52 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-09-29 02:52 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-09-29 02:52 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-09-29 02:52 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-09-29 02:52 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-09-29 02:52 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-09-29 02:52 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-09-29 02:52 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-09-29 02:52 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-09-29 02:52 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-09-29 02:52 - 2015-07-30 12:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-09-29 02:52 - 2015-07-30 11:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-09-29 02:52 - 2015-07-22 18:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-09-29 02:52 - 2015-07-22 18:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-09-29 02:52 - 2015-07-22 11:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-09-29 02:52 - 2015-07-22 10:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-09-29 02:52 - 2015-07-09 11:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-09-29 02:52 - 2015-07-09 11:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-09-29 02:52 - 2015-07-09 11:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-09-29 02:52 - 2012-05-31 23:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2016-09-29 02:52 - 2012-05-31 23:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2016-09-29 02:52 - 2012-05-31 23:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2016-09-29 02:52 - 2012-05-31 23:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2016-09-29 02:52 - 2012-05-31 23:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2016-09-29 02:52 - 2012-05-31 23:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2016-09-29 02:52 - 2012-05-31 22:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2016-09-29 02:52 - 2012-05-31 22:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2016-09-29 02:52 - 2012-05-31 22:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2016-09-29 02:52 - 2012-05-31 22:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2016-09-29 02:52 - 2012-05-31 22:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2016-09-29 02:52 - 2012-05-31 22:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2016-09-29 02:51 - 2016-05-11 11:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-09-29 02:51 - 2016-05-11 11:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-09-29 02:51 - 2016-05-11 11:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-09-29 02:51 - 2016-05-11 11:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-09-29 02:51 - 2016-05-11 09:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-09-29 02:51 - 2016-05-11 09:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-09-29 02:51 - 2016-05-11 09:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-09-29 02:51 - 2016-05-11 09:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-09-29 02:51 - 2016-05-11 09:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-09-29 02:51 - 2016-05-11 09:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-09-29 02:51 - 2016-05-11 08:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-09-29 02:51 - 2016-04-14 07:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-09-29 02:51 - 2016-04-14 07:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-09-29 02:51 - 2016-02-09 03:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-09-29 02:51 - 2016-01-22 00:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-09-29 02:51 - 2016-01-22 00:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-09-29 02:51 - 2016-01-22 00:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-09-29 02:51 - 2016-01-22 00:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-09-29 02:51 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-09-29 02:51 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-09-29 02:51 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-09-29 02:51 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-09-29 02:51 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-09-29 02:51 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-09-29 02:51 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-09-29 02:51 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-09-29 02:51 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-09-29 02:51 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-09-29 02:51 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-09-29 02:51 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-09-29 02:51 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-09-29 02:51 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-09-29 02:51 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-09-29 02:51 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-09-29 02:51 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-09-29 02:51 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-09-29 02:51 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-09-29 02:51 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-09-29 02:51 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-09-29 02:51 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-09-29 02:51 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-09-29 02:51 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-09-29 02:51 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-09-29 02:51 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-09-29 02:51 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-09-29 02:51 - 2015-12-08 13:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-09-29 02:51 - 2015-12-08 13:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-09-29 02:51 - 2015-12-08 13:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-09-29 02:51 - 2015-12-08 13:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-09-29 02:51 - 2015-12-08 13:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-09-29 02:51 - 2015-12-08 13:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-09-29 02:51 - 2015-12-08 13:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-09-29 02:51 - 2015-12-08 13:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-09-29 02:51 - 2015-12-08 13:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-09-29 02:51 - 2015-12-08 13:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-09-29 02:51 - 2015-12-08 13:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-09-29 02:51 - 2015-12-08 13:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-09-29 02:51 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-09-29 02:51 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-09-29 02:51 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-09-29 02:51 - 2015-08-27 12:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-09-29 02:51 - 2015-08-27 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-09-29 02:51 - 2015-08-27 11:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-09-29 02:51 - 2015-08-27 11:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-09-29 02:51 - 2015-04-10 21:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2016-09-29 02:51 - 2015-02-24 21:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-09-29 02:51 - 2015-01-16 20:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-09-29 02:51 - 2015-01-16 20:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-09-29 02:51 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2016-09-29 02:51 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2016-09-29 02:51 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2016-09-29 02:51 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2016-09-29 02:51 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2016-09-29 02:51 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-09-29 02:51 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-09-29 02:50 - 2016-08-06 09:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-29 02:50 - 2016-08-06 09:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-29 02:50 - 2016-05-18 10:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-09-29 02:50 - 2016-05-18 10:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-09-29 02:50 - 2016-05-12 11:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-09-29 02:50 - 2016-05-12 11:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-09-29 02:50 - 2016-05-12 11:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-09-29 02:50 - 2016-05-12 11:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-09-29 02:50 - 2016-05-12 11:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-09-29 02:50 - 2016-05-12 11:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-09-29 02:50 - 2016-05-12 09:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-09-29 02:50 - 2016-05-12 09:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-09-29 02:50 - 2016-05-12 09:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-09-29 02:50 - 2016-05-12 09:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-09-29 02:50 - 2016-03-09 13:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-09-29 02:50 - 2016-03-09 12:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-09-29 02:50 - 2016-03-09 12:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-09-29 02:50 - 2016-03-09 12:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-09-29 02:50 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-09-29 02:50 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-09-29 02:50 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-09-29 02:50 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2016-09-29 02:50 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2016-09-29 02:50 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2016-09-29 02:50 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2016-09-29 02:49 - 2016-04-08 22:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-09-29 02:49 - 2016-04-08 21:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-09-29 02:49 - 2015-03-03 22:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-09-29 02:49 - 2015-03-03 22:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2016-09-29 02:49 - 2015-03-03 22:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2016-09-29 02:33 - 2015-02-03 21:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-09-29 02:33 - 2015-02-03 20:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-09-29 02:09 - 2015-04-24 12:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-09-29 02:09 - 2015-04-24 11:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2016-09-29 02:07 - 2015-05-25 12:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2016-09-29 02:07 - 2015-05-25 12:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2016-09-29 02:07 - 2015-05-25 12:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2016-09-29 02:07 - 2015-05-25 12:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2016-09-29 02:07 - 2015-05-25 12:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2016-09-29 02:07 - 2015-05-25 12:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2016-09-29 02:07 - 2015-05-25 12:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2016-09-29 02:07 - 2015-05-25 12:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2016-09-29 02:07 - 2015-05-25 12:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2016-09-29 02:07 - 2015-05-25 12:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2016-09-29 02:07 - 2015-05-25 12:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2016-09-29 02:07 - 2015-05-25 12:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2016-09-29 01:56 - 2015-04-12 21:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-09-29 01:56 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2016-09-29 01:56 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2016-09-29 01:56 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2016-09-29 01:55 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-09-29 01:49 - 2015-07-16 13:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-09-29 01:49 - 2015-07-16 13:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-09-29 01:49 - 2015-07-16 13:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-09-29 01:49 - 2015-07-16 13:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-09-29 01:49 - 2015-07-16 13:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-09-29 01:49 - 2015-07-16 13:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-09-29 01:49 - 2015-07-11 07:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-09-29 01:42 - 2015-07-15 12:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-09-25 18:22 - 2016-09-25 18:22 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\IdleMaster
2016-09-25 15:03 - 2016-10-10 04:55 - 00001798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-09-25 15:03 - 2016-09-25 15:03 - 00007259 _____ C:\Windows\system32\-1.14-windows.xml
2016-09-25 15:03 - 2016-09-25 15:03 - 00000000 ____D C:\ProgramData\Bluestacks
2016-09-25 15:03 - 2016-09-25 15:03 - 00000000 ____D C:\Program Files (x86)\Bluestacks
2016-09-25 14:37 - 2016-09-25 14:38 - 00000000 ____D C:\Users\Dareon.Owner-PC\Nox_share
2016-09-25 14:37 - 2016-09-25 14:37 - 00000041 _____ C:\Users\Dareon.Owner-PC\inst.ini
2016-09-25 14:36 - 2016-09-25 14:43 - 00000000 ____D C:\Users\Dareon.Owner-PC\vmlogs
2016-09-25 14:36 - 2016-07-06 02:09 - 00133248 _____ (BigNox Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2016-09-25 14:35 - 2016-09-25 14:35 - 00000000 ____D C:\Program Files\DIFX
2016-09-25 14:35 - 2016-07-06 02:09 - 00281728 _____ (BigNox Corporation) C:\Windows\system32\Drivers\XQHDrv.sys
2016-09-25 14:33 - 2016-09-25 15:00 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Nox
2016-09-25 14:33 - 2016-09-25 15:00 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Nox
2016-09-25 14:31 - 2016-09-25 14:32 - 309441352 _____ (Duodian Technology Co. Ltd.) C:\Users\Dareon.Owner-PC\Downloads\nox_setup_v3.7.2.0_full_En.exe
2016-09-25 13:48 - 2016-09-25 13:48 - 00000000 ____D C:\Users\Dareon.Owner-PC\Downloads\MEmu Download
2016-09-25 13:45 - 2016-09-25 14:16 - 00000000 ____D C:\Program Files\Microvirt
2016-09-25 13:41 - 2016-09-25 13:43 - 276135480 _____ (Microvirt) C:\Users\Dareon.Owner-PC\Downloads\Memu-Setup.exe
2016-09-24 16:52 - 2016-10-10 04:55 - 00000926 _____ C:\Users\Dareon.Owner-PC\Desktop\LogMeIn Hamachi.lnk
2016-09-24 16:47 - 2016-10-13 03:11 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\LogMeIn Hamachi
2016-09-24 16:47 - 2016-09-24 16:47 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\LogMeIn
2016-09-24 16:47 - 2016-09-24 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-09-24 16:47 - 2016-09-24 16:47 - 00000000 ____D C:\ProgramData\LogMeIn
2016-09-24 16:47 - 2016-09-24 16:47 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-09-24 16:45 - 2016-09-24 16:45 - 08417280 _____ C:\Users\Dareon.Owner-PC\Downloads\hamachi.msi
2016-09-24 08:52 - 2016-09-24 08:52 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\TakeThyThrone
2016-09-23 21:06 - 2016-09-23 21:06 - 00061685 _____ C:\Users\Dareon.Owner-PC\Downloads\Character 1.3.0.rar
2016-09-23 20:10 - 2016-09-23 20:10 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\DvDrum
2016-09-23 19:58 - 2016-09-23 19:58 - 14462359 _____ C:\Users\Dareon.Owner-PC\Downloads\475469 toby fox - His Theme.osz
2016-09-23 14:30 - 2016-10-10 04:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-23 12:01 - 2016-09-23 12:03 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Trove
2016-09-22 23:33 - 2016-09-22 23:33 - 13170912 _____ (Microsoft Corporation) C:\Users\Dareon.Owner-PC\Downloads\Silverlight_x64.exe
2016-09-22 17:13 - 2016-09-22 17:13 - 08699004 _____ C:\Users\Dareon.Owner-PC\Downloads\tModLoader Windows GOG v0.8.3.4.zip
2016-09-22 15:06 - 2016-09-22 15:06 - 44838368 _____ C:\Users\Dareon.Owner-PC\Downloads\GrowtopiaInstaller(3).exe
2016-09-22 14:41 - 2016-09-22 16:56 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\PortForward.com
2016-09-22 14:41 - 2016-09-22 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortForward.com
2016-09-22 14:41 - 2016-09-22 14:41 - 00000000 ____D C:\Program Files (x86)\Portforward
2016-09-22 14:40 - 2016-09-22 14:40 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Downloaded Installations
2016-09-22 14:39 - 2016-09-22 14:39 - 05618448 _____ (Portforward, LLC) C:\Users\Dareon.Owner-PC\Downloads\setup-network-utilities.exe
2016-09-22 14:12 - 2016-09-22 14:12 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-09-22 14:01 - 2016-09-22 14:04 - 138320921 _____ C:\Users\Dareon.Owner-PC\Downloads\Terraria 1.3.3 - OpticFringe.zip
2016-09-21 15:38 - 2016-09-21 15:38 - 00243544 _____ C:\Users\Dareon.Owner-PC\Downloads\Firefox Setup Stub 49.0.exe
2016-09-21 15:17 - 2016-09-21 15:17 - 00085167 _____ C:\Users\Dareon.Owner-PC\Downloads\Verbs-Active-and-Passive-CCSS.ELA-Literacy.L.8.1b.pdf
2016-09-20 22:37 - 2016-10-10 04:55 - 00000997 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk
2016-09-20 22:37 - 2016-09-20 22:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPadian
2016-09-20 22:37 - 2016-09-20 22:37 - 00000000 ____D C:\Program Files (x86)\iPadian
2016-09-20 15:57 - 2016-09-20 15:57 - 00000000 ____D C:\forge
2016-09-20 15:22 - 2016-09-20 15:22 - 00000000 ____D C:\Pylo
2016-09-20 15:21 - 2016-09-20 15:22 - 69623192 _____ C:\Users\Dareon.Owner-PC\Downloads\MCreator 1.6.6 [1.8.9] Windows 32bit.exe
2016-09-19 23:36 - 2016-09-19 23:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\.gradle
2016-09-19 21:39 - 2016-10-10 04:55 - 00001206 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Cloud Penguin (CuP).lnk
2016-09-19 21:38 - 2016-09-19 22:40 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Cloud Penguin
2016-09-19 21:35 - 2016-09-19 21:35 - 00285474 _____ C:\Users\Dareon.Owner-PC\Downloads\Cloud Penguin Installer.zip
2016-09-19 20:00 - 2016-09-19 20:01 - 69210831 _____ C:\Users\Dareon.Owner-PC\Downloads\MCreator 1.6.6 [1.8.9] Windows 64bit.exe
2016-09-19 16:37 - 2016-09-19 16:38 - 124609040 _____ (Razer Inc. ) C:\Users\Dareon.Owner-PC\Downloads\RazerCortexSetup_7.5.7.57.exe
2016-09-18 21:08 - 2016-09-18 21:08 - 04086577 _____ C:\Users\Dareon.Owner-PC\Downloads\forge-1.8.9-11.15.1.1902-1.8.9-installer.jar
2016-09-16 23:46 - 2016-10-09 23:01 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\obs-studio
2016-09-16 23:45 - 2016-09-16 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-09-16 23:45 - 2016-09-16 23:45 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-09-16 23:44 - 2016-09-16 23:44 - 97255680 _____ C:\Users\Dareon.Owner-PC\Downloads\OBS-Studio-0.15.4-With-Browser-Installer.exe
2016-09-16 23:37 - 2016-10-10 04:55 - 00002210 _____ C:\Users\Dareon.Owner-PC\Desktop\Discord.lnk
2016-09-16 23:37 - 2016-09-17 00:14 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\discord
2016-09-16 23:37 - 2016-09-16 23:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-09-16 23:36 - 2016-09-16 23:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\SquirrelTemp
2016-09-16 23:36 - 2016-09-16 23:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Discord
2016-09-16 23:36 - 2016-09-16 23:36 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Dareon.Owner-PC\Downloads\DiscordSetup.exe
2016-09-16 16:42 - 2016-09-16 16:42 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\SKIDROW
2016-09-15 20:50 - 2016-09-15 20:50 - 36024843 _____ C:\Users\Dareon.Owner-PC\Downloads\Patrick mod (Sans).zip
2016-09-15 20:45 - 2016-09-15 20:45 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Landfall Games
2016-09-15 20:07 - 2016-10-11 00:09 - 00000000 ____D C:\R.G. Catalyst
2016-09-14 23:18 - 2016-10-13 03:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-14 23:17 - 2016-10-10 04:55 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-14 23:17 - 2016-09-14 23:17 - 22851472 _____ (Malwarebytes ) C:\Users\Dareon.Owner-PC\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-14 23:17 - 2016-09-14 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-14 23:17 - 2016-09-14 23:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-14 23:17 - 2016-09-14 23:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-14 23:17 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-14 23:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-14 23:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-14 15:33 - 2016-09-14 15:33 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\SUPERHOT_Sp_z_o.o
2016-09-14 15:30 - 2016-09-22 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-09-14 15:24 - 2016-09-25 18:53 - 00000000 ____D C:\GOG Games
2016-09-14 15:20 - 2016-09-14 15:23 - 1101226816 _____ (GOG.com ) C:\Users\Dareon.Owner-PC\Downloads\Superhot Installer.exe
2016-09-13 18:53 - 2016-09-13 18:53 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-13 12:27 - 2014-05-23 10:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-13 12:13 - 2016-08-30 19:18 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Games Folders With Shortcuts
2016-10-13 07:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-10-13 03:30 - 2009-07-13 22:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-13 03:30 - 2009-07-13 22:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-13 03:29 - 2016-08-12 11:30 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Razer
2016-10-13 03:29 - 2016-08-12 11:27 - 00000000 ____D C:\ProgramData\Razer
2016-10-13 03:28 - 2016-08-12 11:27 - 00000000 ____D C:\Program Files (x86)\Razer
2016-10-13 03:27 - 2016-08-02 16:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-13 03:16 - 2009-07-13 23:13 - 00862088 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-13 03:16 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-10-13 03:11 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-13 03:09 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-13 03:09 - 2009-07-13 22:45 - 00316320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 03:06 - 2014-05-21 12:46 - 00000000 ____D C:\Windows\Panther
2016-10-13 03:05 - 2015-10-01 19:56 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-13 03:05 - 2014-05-23 09:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-13 03:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-13 03:05 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-13 02:39 - 2016-08-31 10:11 - 00000000 ____D C:\Program Files (x86)\WOMic
2016-10-13 02:00 - 2014-05-23 09:57 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-13 02:00 - 2014-05-23 09:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-13 01:50 - 2014-05-21 12:49 - 00000000 ____D C:\Windows\system32\MRT
2016-10-13 01:38 - 2014-05-23 09:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-13 01:38 - 2014-05-21 12:49 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-12 16:09 - 2016-08-24 12:28 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-10-12 15:23 - 2016-09-05 23:08 - 00000000 ____D C:\Games
2016-10-11 19:52 - 2016-09-10 23:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\osu!
2016-10-11 19:18 - 2016-08-03 11:21 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Growtopia
2016-10-11 03:04 - 2014-05-22 21:50 - 00854210 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-10 17:14 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-10-10 04:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\IME
2016-10-10 04:55 - 2016-09-10 23:38 - 00000954 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-10-10 04:55 - 2016-08-18 18:30 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-10-10 04:55 - 2016-08-04 00:25 - 00001967 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2016-10-10 04:55 - 2016-08-02 16:57 - 00000957 _____ C:\Users\Public\Desktop\Steam.lnk
2016-10-10 04:55 - 2014-05-23 10:03 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-10 04:55 - 2014-05-23 10:00 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2016-10-10 04:55 - 2014-05-21 11:50 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-10-10 04:55 - 2014-05-21 11:50 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-10-10 04:55 - 2009-07-13 23:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-10-10 04:55 - 2009-07-13 22:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-10 04:55 - 2009-07-13 22:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-10-10 04:55 - 2009-07-13 22:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-10-10 04:55 - 2009-07-13 22:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-10-10 04:55 - 2009-07-13 22:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-10-10 04:55 - 2009-07-13 22:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-10-10 04:35 - 2014-05-23 09:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-10 04:26 - 2016-08-08 13:51 - 00000000 __SHD C:\Users\Dareon.Owner-PC\AppData\Local\EmieUserList
2016-10-10 04:26 - 2016-08-08 13:51 - 00000000 __SHD C:\Users\Dareon.Owner-PC\AppData\Local\EmieSiteList
2016-10-10 04:26 - 2016-08-02 13:57 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Google
2016-10-10 02:44 - 2016-08-02 13:55 - 00000000 ____D C:\Users\Dareon.Owner-PC
2016-10-05 14:02 - 2016-08-02 16:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-10-05 00:26 - 2014-05-21 12:34 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-05 00:26 - 2014-05-21 12:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-05 00:26 - 2014-05-21 12:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-02 19:00 - 2014-05-23 10:13 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2016-09-30 03:33 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2016-09-29 05:23 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-09-29 05:22 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing
2016-09-29 05:22 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2016-09-29 05:22 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\inetsrv
2016-09-29 05:22 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-09-25 15:03 - 2009-07-13 21:20 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-25 15:02 - 2016-08-24 12:27 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Bluestacks
2016-09-25 14:48 - 2016-08-31 10:15 - 00000000 ____D C:\Users\Dareon.Owner-PC\.android
2016-09-25 14:34 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-09-23 20:04 - 2016-08-06 03:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-22 14:23 - 2016-08-14 11:12 - 00000000 ____D C:\Users\Dareon.Owner-PC\Documents\My Games
2016-09-22 14:13 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-20 22:37 - 2016-08-02 13:55 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\VirtualStore
2016-09-20 17:52 - 2016-08-02 15:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\.minecraft
2016-09-16 10:00 - 2014-05-23 10:14 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-16 00:42 - 2016-08-21 23:47 - 00007608 _____ C:\Users\Dareon.Owner-PC\AppData\Local\Resmon.ResmonCfg
2016-09-15 21:04 - 2016-08-09 15:21 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\UNDERTALE
2016-09-13 16:27 - 2014-05-23 10:22 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 16:27 - 2014-05-23 10:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 16:27 - 2014-05-23 10:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-13 16:27 - 2014-05-23 10:22 - 00000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories =======

2016-08-29 00:37 - 2011-10-09 16:33 - 0000468 _____ () C:\Program Files (x86)\cod5key.reg
2016-08-02 13:43 - 2016-08-02 13:43 - 7065600 _____ () C:\Program Files (x86)\GUTAEF4.tmp
2016-08-29 00:37 - 2012-05-26 21:00 - 0000076 _____ () C:\Program Files (x86)\update-codwaw.bat
2016-08-24 21:09 - 2016-08-24 21:09 - 0099384 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\inst.exe
2016-10-10 04:24 - 2016-10-10 04:24 - 0140288 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\Installer.dat
2016-08-24 21:09 - 2016-08-24 21:09 - 0007859 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.cat
2016-08-24 21:09 - 2016-08-24 21:09 - 0001167 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.inf
2016-08-24 21:11 - 2016-08-24 21:11 - 0000034 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.log
2016-08-24 21:09 - 2016-08-24 21:09 - 0082816 _____ (VSO Software) C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.sys
2016-10-10 02:58 - 2016-10-10 02:58 - 0291530 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\108374.exe
2016-10-10 02:58 - 2016-10-10 02:58 - 0127644 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\38443.exe
2016-10-10 02:58 - 2016-10-10 02:58 - 0040873 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\64447.exe
2016-10-10 02:58 - 2016-10-10 02:58 - 0034457 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\75566.exe
2016-10-10 04:27 - 2016-10-10 04:27 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\icka76680988.txt
2016-10-10 04:24 - 2016-10-10 04:24 - 19397312 _____ (Adobe Systems Incorporated) C:\Users\Dareon.Owner-PC\AppData\Local\install_flash_player_21_active_x.exe
2016-08-21 23:47 - 2016-09-16 00:42 - 0007608 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Resmon.ResmonCfg
2016-10-10 04:24 - 2016-10-10 04:24 - 0000003 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\run1.txt
2016-08-15 22:07 - 2016-08-15 22:07 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Sethmumu.config
2016-08-18 21:46 - 2016-08-18 21:46 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Sethmumudata

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION


LastRegBack: 2016-10-10 09:31

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by Dareon (13-10-2016 13:24:26)
Running from C:\Users\Dareon.Owner-PC\Desktop\frst
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-21 05:54:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1871851679-1302881600-127590598-500 - Administrator - Disabled)
Dareon (S-1-5-21-1871851679-1302881600-127590598-1004 - Administrator - Enabled) => C:\Users\Dareon.Owner-PC
Guest (S-1-5-21-1871851679-1302881600-127590598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1871851679-1302881600-127590598-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ArtMoney PRO v7.37.2 (HKLM-x32\...\ArtMoney PRO_is1) (Version: 7.37 - System SoftLab)
Auto Clicker v2.2 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 2.2 - MurGee.com)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
CloneDVD 7 Ultimate 7.0.0.13 (HKLM-x32\...\CloneDVD 7 Ultimate_is1) (Version:  - Copyright © 2003-2013 CloneDVD Studio.)
Cloud Penguin (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Cloud Penguin) (Version: 2.0.6077.31355 - Cloud Penguin) <==== ATTENTION
Cubic Castles (HKLM\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
Deepworld (HKLM\...\Steam App 340810) (Version:  - Bytebin)
Discord (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DvDrum, Ultimate Drum Simulator! (HKLM\...\Steam App 385130) (Version:  - DarkTigerDevelop)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Game Corp DX (HKLM\...\Steam App 399670) (Version:  - Endless Loop Studios)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Growtopia) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gunscape (HKLM\...\Steam App 342480) (Version:  - Blowfish Studios)
Invasion (HKLM\...\Steam App 397980) (Version:  - Hipix Studio)
iPadian version 1.5 (HKLM-x32\...\{0DB90A1C-2C08-429C-8595-FD9848121D28}_is1) (Version: 1.5 - iPadian, Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
K-Lite Codec Pack 10.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.519 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.519 - LogMeIn, Inc.) Hidden
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.3.2 (HKLM-x32\...\ManyCam) (Version: 5.3.2 - Visicom Media Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
Mumble 1.2.17 (HKLM-x32\...\{95A0093C-0C81-4D0B-BCA7-3CE11755A6BD}) (Version: 1.2.17 - Thorvald Natvig)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{23069a6e-7873-4eaa-95d8-8eeaa2277df7}) (Version: latest - ppy Pty Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.5.2 - Portforward, LLC)
ROBLOX Player for Dareon (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Search & Kill ☠ (HKLM\...\Steam App 496550) (Version:  - Antonio Renna)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
Take Thy Throne (HKLM\...\Steam App 491260) (Version:  - Charyb Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.12.0.14 - GOG.com)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
Unity (HKLM-x32\...\Unity) (Version: 5.4.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
World of Fishing (HKLM\...\Steam App 421960) (Version:  - Masangsoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {50597F2B-7F9B-4EBF-A45F-16820A76D66C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-02] (AVAST Software)
Task: {6F0189AD-F0C2-46D2-8651-CC84A7C31CD0} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {8D11C08F-9609-4BD1-A887-EBF861EDAD4C} - \{7E328BCF-EC77-4B1B-8589-0C8F079B3E64} -> No File <==== ATTENTION
Task: {98659AE3-D6D0-4A37-8DCE-0827609B090E} - \{DEC7423D-AD67-4851-BDD9-66D94A9A6220} -> No File <==== ATTENTION
Task: {9B75513B-DE58-46C9-9BBB-DB40ECC86C10} - \{F8B397B2-D311-4840-8041-4665A3D9F26B} -> No File <==== ATTENTION
Task: {BF50CD39-D9E3-4F3D-966B-117C4608B312} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {C5D7F334-3A1D-4AE7-9811-D692D8AE3A0D} - \Adobe Flash Player Updater -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnеt Ехрlоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) <===== Cyrillic
Shortcut: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <===== Cyrillic
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic
Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-08-29 01:06 - 2016-08-29 01:06 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-21 12:34 - 2015-01-30 18:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-18 21:46 - 2016-08-18 21:46 - 00047616 _____ () C:\Users\Public\Pictures\DIIhost.exe
2016-09-16 23:36 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-09-16 23:37 - 2016-09-16 23:37 - 01050296 _____ () \\?\C:\Users\Dareon.Owner-PC\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-09-16 23:37 - 2016-09-16 23:37 - 03793080 _____ () \\?\C:\Users\Dareon.Owner-PC\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-09-16 23:37 - 2016-09-16 23:37 - 00894136 _____ () \\?\C:\Users\Dareon.Owner-PC\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-10-13 03:12 - 2016-10-13 03:12 - 00170496 _____ () \\?\C:\Users\Dareon.Owner-PC\AppData\Local\Temp\DA86.tmp.node
2016-09-16 23:39 - 2016-09-16 23:39 - 02022072 _____ () \\?\C:\Users\Dareon.Owner-PC\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-10-10 04:24 - 00000951 ____A C:\Windows\system32\Drivers\etc\hosts

162.222.194.13       cocomo.tremorhub.com
162.222.194.13       www.virustotal.com
162.222.194.13       virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C3CA3AE-F6DB-4CAC-95B1-79C3DC1AE8AD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EC06B62F-C5ED-42F7-AB6B-5006C3FD3329}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7C838D96-9BC9-4C38-BF71-C39CA8FA79DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6064CD48-DD3A-436D-8E83-378F0D1D1739}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{887C8000-3D19-43F5-80C2-DFE726B0543A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E4A36240-280B-4EF3-AAE5-CE7F3D84FE28}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{38256F7F-6420-4638-BC55-BBBA6B3AA5D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA07E272-E042-48BF-940F-07B5245F870D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2661AB7F-77EC-4373-ABE8-9B5F8988EF57}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{D086C947-FEB6-4E29-9A89-48E05EEFFCFA}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{ECD9F389-0D13-45B9-957B-781097DB3BD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA35CFE9-9F6F-4CD3-B64F-0466DC7EDC3B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC86687A-C6E0-4C7D-8318-28240F2AE97C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{788F36D9-B2DC-4BBC-AE87-AF7A3DDBB649}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0DBFD4D2-5D53-4970-AAB1-802FFE7493D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7A4A63CD-36A4-4026-BAA5-3E246FF9373B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{13E43990-65AA-4B25-AB9B-F0A750F52E3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{632701DC-9C51-447B-9E3D-95FD5EC1257E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{A76B7E8E-7337-4C51-B220-61D44A16AE77}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{6BF169FE-0864-4696-9866-663C03899D03}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{F4BFE29F-BD2C-4298-A1D1-068F68106FFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4CB8FE0B-6946-4F15-9859-4CD67245CA59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{6FD0CF64-D51F-4753-BCB6-713C65BD5734}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => (Allow) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [UDP Query User{F9649EB4-4B22-4C0A-A4C0-12A3B46A56A6}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => (Allow) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [TCP Query User{149D9ED3-5DC3-4064-B296-86D52469A637}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [UDP Query User{D2353706-5EE4-42C8-98F6-3909B7970E86}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [TCP Query User{C24F22B6-C6D9-430D-9B4A-BA791614404A}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => (Block) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [UDP Query User{A345760C-E443-4289-A8EB-8A54874298CD}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => (Block) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [TCP Query User{9CCE880D-613F-498F-A622-D6B506307CA9}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{16EDE507-16FB-4FE2-BE21-BD37157A937E}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{CD302F64-D56D-4502-9DBE-610E6EFC3B12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{B3FE73F9-AE11-4652-9BFF-7B671F983093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{2F82F3B6-E580-4687-8632-94C3A19C0CF0}] => (Allow) C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{3EAD2782-CCA9-43BC-AE78-04E94BC245E6}] => (Allow) C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{28B15313-6BF8-481F-8555-E32A9FFB4791}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => (Block) C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [UDP Query User{7545ED8C-F38D-4EBB-BD2B-310DA2DA3D31}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => (Block) C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [TCP Query User{72C31600-854A-4543-B7C5-F35CD1CB8AC4}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => (Allow) C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [UDP Query User{19FCAF99-3AC4-47A5-BF8A-8F1FB4A7B93B}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => (Allow) C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [TCP Query User{AFC9A25C-005E-4410-A75E-23F480A71675}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => (Block) C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [UDP Query User{1A62C563-DF65-41ED-9AE7-3B79EE09BF6D}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => (Block) C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [{B149FE65-B357-43A1-8FB5-F8D56FECE352}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe
FirewallRules: [TCP Query User{74817B19-8173-4436-9EBF-603F12627027}C:\gmod\srcds.exe] => (Allow) C:\gmod\srcds.exe
FirewallRules: [UDP Query User{3479D91B-ED2E-49B6-A398-DD9B0B1EB254}C:\gmod\srcds.exe] => (Allow) C:\gmod\srcds.exe
FirewallRules: [TCP Query User{4CE927BC-C739-492C-8686-31331F32A275}C:\r.g. catalyst\portal 2\portal2.exe] => (Allow) C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [UDP Query User{DFF75790-4263-4206-8DF1-0D807560A5E7}C:\r.g. catalyst\portal 2\portal2.exe] => (Allow) C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [{9E6D9A77-853D-40FF-8854-F89690C90776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [{F3223D9B-1143-499C-B73A-FD257B5B8679}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [TCP Query User{CC384B08-2C04-42D0-A23D-88536D0DD20F}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{F7DBDE2A-E11E-44D5-83C7-1E2A86FAB42D}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{512613A0-F442-4780-9E5A-7A1B64702DCD}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{F7DB8A2F-F123-4B43-85F7-B0BA64A1D66E}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{701425F2-9292-4F3B-8F30-F7772C29F0BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum.exe
FirewallRules: [{ECC71869-44B2-4550-9CAE-7FB999AB37E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum.exe
FirewallRules: [{9D7C2325-E86A-4FE1-9DAB-38515A1E57EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{C080E38B-6094-48EB-A286-5B4625DC021E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{9EE2F839-654E-4AE2-A5E8-9172BBAC120A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A7F3BB33-4574-43C3-8117-62E89DEE2D48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A5845E2D-028E-4303-A56D-A509D5140F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{A751502D-0FB8-43EF-B44C-4270544A4E08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{1D7B3203-2375-4BF4-A8DF-97902B1A33B8}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{D44DE305-F85D-49C1-98CB-E709A1678995}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{88FA3859-576A-46AB-B1E4-5F4759AB6878}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{59214904-9DAD-484E-A913-D35195525D30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{1E1E9253-F703-4AD1-8FE2-3A6561F7AEE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{F86DD4E5-2982-435B-A712-5B3A9AC1F70B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{47B16EBC-20AB-40B5-9179-A7F5728B1B97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{6F69F0A5-1B25-4A17-A47F-927C23B12212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{BABDF178-9062-4F2E-BA59-0E41685A9511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{6EDF0FF1-0413-41C5-8B69-BF9F1F41C711}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{88B16A95-B8AA-4E15-8D0B-B0583CF2D843}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AB2735CE-6458-42DB-A8E2-CBE1FD6AC6F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{93422FF3-3DDE-4C27-BDD8-A9ECB1F284E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{FC9B8DF8-2191-42C3-B1CF-13D2516D506F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [{FFBE5C9E-8663-475A-AD52-B997D0E23205}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [TCP Query User{A59AA992-4361-4E18-ABBD-BB5B18C19FE8}C:\program files (x86)\mumble\murmur.exe] => (Block) C:\program files (x86)\mumble\murmur.exe
FirewallRules: [UDP Query User{547C6B98-B7F1-4CBE-BD55-89688476920A}C:\program files (x86)\mumble\murmur.exe] => (Block) C:\program files (x86)\mumble\murmur.exe
FirewallRules: [{D0307FB1-191A-4CA5-B596-3B2FB116F922}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe
FirewallRules: [{D971C637-28B5-4666-8002-C47DFAD7816A}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Local\5962851.exe
FirewallRules: [{E1C5BB93-6636-4F5E-B1D3-1AB1B7C8A11E}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Local\tinstall.exe
FirewallRules: [{942E2788-3A50-4BF5-9960-0FD306528FBD}] => (Allow) C:\Program Files (x86)\irritable\escalation.exe
FirewallRules: [TCP Query User{CBAB2894-73BA-4C53-B9EC-1774DE5199CF}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{677962BC-31AF-493C-98E9-2253FEA140AC}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe

==================== Restore Points =========================

21-11-2014 05:07:28 avast! antivirus system restore point
25-11-2014 06:37:55 Windows Update
28-11-2014 08:22:42 Windows Update
02-12-2014 02:47:33 Windows Update
05-12-2014 16:25:00 Windows Update
08-12-2014 12:46:47 Restore Operation
08-12-2014 12:51:23 avast! antivirus system restore point
08-12-2014 12:52:32 Restore Operation
15-12-2014 18:45:21 Windows Update
01-10-2015 19:23:55 Windows Update
01-10-2015 19:40:24 Windows Update
17-11-2015 05:59:48 Windows Backup
19-11-2015 14:43:44 Windows Update
19-11-2015 14:57:35 avast! antivirus system restore point
19-11-2015 16:10:52 Windows Update
19-11-2015 16:53:54 Windows Update
02-08-2016 12:18:24 Restore Operation
02-08-2016 13:41:47 avast! antivirus system restore point
02-08-2016 13:49:03 Windows Update
02-08-2016 15:16:12 Windows Update
04-08-2016 00:41:24 Installed DirectX
04-08-2016 00:47:58 Device Driver Package Install: Echobit LLC Network adapters
04-08-2016 01:51:17 Installed DirectX
04-08-2016 05:56:18 Removed Java 8 Update 101
04-08-2016 05:58:04 Removed Java 8 Update 101
04-08-2016 21:10:05 Windows Modules Installer
06-08-2016 03:27:15 Microsoft Visual Studio Community 2015 with Updates
06-08-2016 15:28:19 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
06-08-2016 15:28:40 Microsoft Visual Studio Community 2015 with Updates
06-08-2016 15:30:05 Removed Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
08-08-2016 14:00:57 Installed DirectX
08-08-2016 14:09:45 Device Driver Package Install: Scarlet.Crush Productions System devices
24-08-2016 21:09:31 Device Driver Package Install: VSO Software
25-08-2016 11:41:19 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
25-08-2016 11:46:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
25-08-2016 12:25:24 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
25-08-2016 12:26:46 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
26-08-2016 11:53:04 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
26-08-2016 11:54:03 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
31-08-2016 10:12:09 Device Driver Package Install: Wireless Orange Sound, video and game controllers
01-09-2016 18:12:41 Device Driver Package Install: Visicom Media Inc. Imaging devices
01-09-2016 18:14:17 Device Driver Package Install: Visicom Media Inc. Sound, video and game controllers
16-09-2016 00:04:17 avast! antivirus system restore point
22-09-2016 14:12:36 Installed DirectX
23-09-2016 02:54:20 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
23-09-2016 02:55:39 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
23-09-2016 02:57:01 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
23-09-2016 02:58:19 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
23-09-2016 02:59:55 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
23-09-2016 20:01:47 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
23-09-2016 20:04:22 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
23-09-2016 20:04:27 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
29-09-2016 03:02:20 Windows Update
30-09-2016 03:00:31 Windows Update
01-10-2016 23:34:05 Installed Ableton Live 9 Trial
02-10-2016 18:57:49 Installed LibreOffice 5.2.2.2
03-10-2016 12:46:33 Windows Update
07-10-2016 03:55:26 Windows Update
09-10-2016 23:58:41 Installed Mumble 1.2.17
11-10-2016 03:00:13 Windows Update
12-10-2016 03:00:20 Windows Update
13-10-2016 01:31:08 Windows Update
13-10-2016 02:16:25 Windows Update
13-10-2016 03:00:10 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/13/2016 12:33:03 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (10/13/2016 03:18:43 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 4660.  Message ID: [0x2509].

Error: (10/13/2016 03:12:53 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 272.  Message ID: [0x2509].

Error: (10/13/2016 03:00:22 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3024.  Message ID: [0x2509].

Error: (10/13/2016 02:58:06 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1168.  Message ID: [0x2509].

Error: (10/13/2016 02:55:04 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3368.  Message ID: [0x2509].

Error: (10/13/2016 02:52:20 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2288.  Message ID: [0x2509].

Error: (10/13/2016 02:14:11 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.0 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3980.  Message ID: [0x2509].

Error: (10/12/2016 05:45:32 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).

Error: (10/12/2016 04:18:54 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).


System errors:
=============
Error: (10/13/2016 03:28:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RzKLService service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/13/2016 03:10:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (10/13/2016 02:03:39 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (10/12/2016 03:39:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SCP DS3 Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/12/2016 03:39:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SCP DS3 Service service to connect.

Error: (10/12/2016 03:33:24 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (10/11/2016 03:28:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TeamViewer 9 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/11/2016 03:28:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 9 service to connect.

Error: (10/11/2016 03:27:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SCP DS3 Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (10/11/2016 03:27:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SCP DS3 Service service to connect.


CodeIntegrity:
===================================
  Date: 2016-09-27 16:46:46.484
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-27 16:46:45.985
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-26 12:51:56.105
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-26 12:51:55.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-24 16:47:17.408
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-24 16:47:16.891
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\hamachi.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-31 11:09:17.603
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-31 11:09:17.057
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-31 10:43:37.187
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-31 10:43:36.612
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250u Processor
Percentage of memory in use: 60%
Total physical RAM: 3839.37 MB
Available physical RAM: 1533.63 MB
Total Virtual: 7676.92 MB
Available Virtual: 5542.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:160.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 311F8258)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 13 October 2016 - 02:59 PM

Thank you :) Now we'll run a first fix with FRST, followed with a Malwarebytes Anti-Malware scan.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on your Desktop, select New and click on Text Document. Name it fixlist (make sure it's a .txt file) and press on Enter;
  • Open the file you just created and copy/paste the content below in it, then save it (Ctrl + S);
    CloseProcesses:
    CreateRestorePoint:
    
    Zip: C:\Users\Dareon.Owner-PC\AppData\Local\108374.exe;C:\Users\Dareon.Owner-PC\AppData\Local\38443.exe;C:\Users\Dareon.Owner-PC\AppData\Local\64447.exe;C:\Users\Dareon.Owner-PC\AppData\Local\75566.exe;C:\Windows\system32\Drivers\219cfa25d45f0fff2c1c0fd300b27e5d.sys;C:\Users\Public\Pictures\DIIhost.exe
    
    HKLM\...\Run: [fecal] => "C:\Program Files (x86)\irritable\escalation.exe"
    HKLM-x32\...\Run: [poisonous] => "C:\Program Files (x86)\irritable\escalation.exe"
    HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [DIIhost] => C:\Users\Public\Pictures\DIIhost.exe [47616 2016-08-18] ()
    HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [analytically] => "C:\Program Files (x86)\irritable\escalation.exe"
    HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [callused] => "C:\Program Files (x86)\irritable\escalation.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helmick.lnk [2016-10-10]
    ShortcutTarget: helmick.lnk -> C:\Program Files (x86)\irritable\escalation.exe (No File)
    Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk [2016-10-10]
    ShortcutTarget: WO Mic Client.lnk -> C:\Program Files (x86)\WOMic\WOMicClient.exe (No File)
    Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helmick.lnk [2016-10-10]
    ShortcutTarget: helmick.lnk -> C:\Program Files (x86)\irritable\escalation.exe (No File)
    Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk [2016-10-10]
    ShortcutTarget: WO Mic Client.lnk -> C:\Program Files (x86)\WOMic\WOMicClient.exe (No File)
    
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
    
    FF HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found
    
    CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
    
    testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
    
    Task: {6F0189AD-F0C2-46D2-8651-CC84A7C31CD0} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {8D11C08F-9609-4BD1-A887-EBF861EDAD4C} - \{7E328BCF-EC77-4B1B-8589-0C8F079B3E64} -> No File <==== ATTENTION
    Task: {98659AE3-D6D0-4A37-8DCE-0827609B090E} - \{DEC7423D-AD67-4851-BDD9-66D94A9A6220} -> No File <==== ATTENTION
    Task: {9B75513B-DE58-46C9-9BBB-DB40ECC86C10} - \{F8B397B2-D311-4840-8041-4665A3D9F26B} -> No File <==== ATTENTION
    Task: {BF50CD39-D9E3-4F3D-966B-117C4608B312} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {C5D7F334-3A1D-4AE7-9811-D692D8AE3A0D} - \Adobe Flash Player Updater -> No File <==== ATTENTION
    
    FirewallRules: [{D971C637-28B5-4666-8002-C47DFAD7816A}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Local\5962851.exe
    FirewallRules: [{E1C5BB93-6636-4F5E-B1D3-1AB1B7C8A11E}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Local\tinstall.exe
    FirewallRules: [{942E2788-3A50-4BF5-9960-0FD306528FBD}] => (Allow) C:\Program Files (x86)\irritable\escalation.exe
    
    C:\Program Files\a1abd501a3cdbe5c3b3bcfba52e679c3
    C:\Program Files (x86)\irritable
    C:\Program Files (x86)\WOMic
    C:\Users\Public\Pictures\DIIhost.exe
    C:\Users\Dareon.Owner-PC\AppData\Local\108374.exe
    C:\Users\Dareon.Owner-PC\AppData\Local\38443.exe
    C:\Users\Dareon.Owner-PC\AppData\Local\64447.exe
    C:\Users\Dareon.Owner-PC\AppData\Local\75566.exe
    C:\Users\Dareon.Owner-PC\AppData\Local\install_flash_player_21_active_x.exe
    C:\Windows\system32\Drivers\219cfa25d45f0fff2c1c0fd300b27e5d.sys
    
    EmptyTemp:
    
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;
After running the FRST fix, a file called Upload.zip will be created on your desktop. Please upload it to the link below.

http://www.bleepingcomputer.com/submit-malware.php?channel=194

0isDeWa.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should include:
  • Copy/pasted content of FRST's fixlog.txt;
  • Confirmation that you uploaded the Upload.zip file to the link listed above;
  • Copy/pasted content of Malwarebytes clean log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 October 2016 - 03:19 PM

ok i uploaded the file and the malwarebytes scan is in progress here is the fixlog also one question can i delete the upload.zip from my desktop

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-10-2016
Ran by Dareon (13-10-2016 14:07:49) Run:1
Running from C:\Users\Dareon.Owner-PC\Desktop\frst
Loaded Profiles: Dareon (Available Profiles: Dareon & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Zip: C:\Users\Dareon.Owner-PC\AppData\Local\108374.exe;C:\Users\Dareon.Owner-PC\AppData\Local\38443.exe;C:\Users\Dareon.Owner-PC\AppData\Local\64447.exe;C:\Users\Dareon.Owner-PC\AppData\Local\75566.exe;C:\Windows\system32\Drivers\219cfa25d45f0fff2c1c0fd300b27e5d.sys;C:\Users\Public\Pictures\DIIhost.exe

HKLM\...\Run: [fecal] => "C:\Program Files (x86)\irritable\escalation.exe"
HKLM-x32\...\Run: [poisonous] => "C:\Program Files (x86)\irritable\escalation.exe"
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [DIIhost] => C:\Users\Public\Pictures\DIIhost.exe [47616 2016-08-18] ()
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [analytically] => "C:\Program Files (x86)\irritable\escalation.exe"
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [callused] => "C:\Program Files (x86)\irritable\escalation.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helmick.lnk [2016-10-10]
ShortcutTarget: helmick.lnk -> C:\Program Files (x86)\irritable\escalation.exe (No File)
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk [2016-10-10]
ShortcutTarget: WO Mic Client.lnk -> C:\Program Files (x86)\WOMic\WOMicClient.exe (No File)
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helmick.lnk [2016-10-10]
ShortcutTarget: helmick.lnk -> C:\Program Files (x86)\irritable\escalation.exe (No File)
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk [2016-10-10]
ShortcutTarget: WO Mic Client.lnk -> C:\Program Files (x86)\WOMic\WOMicClient.exe (No File)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File

FF HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => not found

CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx

testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION

Task: {6F0189AD-F0C2-46D2-8651-CC84A7C31CD0} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {8D11C08F-9609-4BD1-A887-EBF861EDAD4C} - \{7E328BCF-EC77-4B1B-8589-0C8F079B3E64} -> No File <==== ATTENTION
Task: {98659AE3-D6D0-4A37-8DCE-0827609B090E} - \{DEC7423D-AD67-4851-BDD9-66D94A9A6220} -> No File <==== ATTENTION
Task: {9B75513B-DE58-46C9-9BBB-DB40ECC86C10} - \{F8B397B2-D311-4840-8041-4665A3D9F26B} -> No File <==== ATTENTION
Task: {BF50CD39-D9E3-4F3D-966B-117C4608B312} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {C5D7F334-3A1D-4AE7-9811-D692D8AE3A0D} - \Adobe Flash Player Updater -> No File <==== ATTENTION

FirewallRules: [{D971C637-28B5-4666-8002-C47DFAD7816A}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Local\5962851.exe
FirewallRules: [{E1C5BB93-6636-4F5E-B1D3-1AB1B7C8A11E}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Local\tinstall.exe
FirewallRules: [{942E2788-3A50-4BF5-9960-0FD306528FBD}] => (Allow) C:\Program Files (x86)\irritable\escalation.exe

C:\Program Files\a1abd501a3cdbe5c3b3bcfba52e679c3
C:\Program Files (x86)\irritable
C:\Program Files (x86)\WOMic
C:\Users\Public\Pictures\DIIhost.exe
C:\Users\Dareon.Owner-PC\AppData\Local\108374.exe
C:\Users\Dareon.Owner-PC\AppData\Local\38443.exe
C:\Users\Dareon.Owner-PC\AppData\Local\64447.exe
C:\Users\Dareon.Owner-PC\AppData\Local\75566.exe
C:\Users\Dareon.Owner-PC\AppData\Local\install_flash_player_21_active_x.exe
C:\Windows\system32\Drivers\219cfa25d45f0fff2c1c0fd300b27e5d.sys

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
================== Zip: ===================
C:\Users\Dareon.Owner-PC\AppData\Local\108374.exe -> copied successfully to C:\Users\Dareon.Owner-PC\Desktop\Upload.zip
C:\Users\Dareon.Owner-PC\AppData\Local\38443.exe -> copied successfully to C:\Users\Dareon.Owner-PC\Desktop\Upload.zip
C:\Users\Dareon.Owner-PC\AppData\Local\64447.exe -> copied successfully to C:\Users\Dareon.Owner-PC\Desktop\Upload.zip
C:\Users\Dareon.Owner-PC\AppData\Local\75566.exe -> copied successfully to C:\Users\Dareon.Owner-PC\Desktop\Upload.zip
C:\Windows\system32\Drivers\219cfa25d45f0fff2c1c0fd300b27e5d.sys -> copied successfully to C:\Users\Dareon.Owner-PC\Desktop\Upload.zip
C:\Users\Public\Pictures\DIIhost.exe -> copied successfully to C:\Users\Dareon.Owner-PC\Desktop\Upload.zip
=========== Zip: End ===========
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\fecal => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\poisonous => value removed successfully
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Windows\CurrentVersion\Run\\DIIhost => value removed successfully
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Windows\CurrentVersion\Run\\analytically => value removed successfully
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Windows\CurrentVersion\Run\\callused => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helmick.lnk => moved successfully
C:\Program Files (x86)\irritable\escalation.exe => not found.
C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk => moved successfully
C:\Program Files (x86)\WOMic\WOMicClient.exe => not found.
C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\helmick.lnk => not found.
C:\Program Files (x86)\irritable\escalation.exe => not found.
C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WO Mic Client.lnk => not found.
C:\Program Files (x86)\WOMic\WOMicClient.exe => not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01} => key not found.
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh" => key removed successfully

=========================  bcdedit ========================


The operation completed successfully.

========= End of bcdedit =========

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F0189AD-F0C2-46D2-8651-CC84A7C31CD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F0189AD-F0C2-46D2-8651-CC84A7C31CD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D11C08F-9609-4BD1-A887-EBF861EDAD4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D11C08F-9609-4BD1-A887-EBF861EDAD4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7E328BCF-EC77-4B1B-8589-0C8F079B3E64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98659AE3-D6D0-4A37-8DCE-0827609B090E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98659AE3-D6D0-4A37-8DCE-0827609B090E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DEC7423D-AD67-4851-BDD9-66D94A9A6220}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B75513B-DE58-46C9-9BBB-DB40ECC86C10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B75513B-DE58-46C9-9BBB-DB40ECC86C10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F8B397B2-D311-4840-8041-4665A3D9F26B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BF50CD39-D9E3-4F3D-966B-117C4608B312}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF50CD39-D9E3-4F3D-966B-117C4608B312}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5D7F334-3A1D-4AE7-9811-D692D8AE3A0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5D7F334-3A1D-4AE7-9811-D692D8AE3A0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D971C637-28B5-4666-8002-C47DFAD7816A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1C5BB93-6636-4F5E-B1D3-1AB1B7C8A11E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{942E2788-3A50-4BF5-9960-0FD306528FBD} => value removed successfully
C:\Program Files\a1abd501a3cdbe5c3b3bcfba52e679c3 => moved successfully
"C:\Program Files (x86)\irritable" => not found.
C:\Program Files (x86)\WOMic => moved successfully
C:\Users\Public\Pictures\DIIhost.exe => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\108374.exe => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\38443.exe => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\64447.exe => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\75566.exe => moved successfully
C:\Users\Dareon.Owner-PC\AppData\Local\install_flash_player_21_active_x.exe => moved successfully
C:\Windows\system32\Drivers\219cfa25d45f0fff2c1c0fd300b27e5d.sys => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 49873525 B
Java, Flash, Steam htmlcache => 174368713 B
Windows/system/drivers => 789614123 B
Edge => 0 B
Chrome => 60328446 B
Firefox => 387357648 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55425542 B
systemprofile32 => 69218 B
LocalService => 0 B
NetworkService => 591318 B
UpdatusUser => 0 B
Dareon.Owner-PC => 80820527 B
DefaultAppPool => 0 B

RecycleBin => 5062 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:09:08 ====



#9 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 October 2016 - 03:39 PM

here is the malwarebytes scan results

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/13/2016
Scan Time: 2:18 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.13.10
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dareon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388577
Time Elapsed: 19 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 13 October 2016 - 03:41 PM

You can delete the Upload.zip file, yes. I received it, thank you.

Looks like the FRST scan went through without a hitch. Let's see what JRT, AdwCleaner and EEK can find.

Follow the instructions below please.

iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    MV5ejgW.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
G0tu5D9.pngEmsisoft Emergency Kit
Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
How's your computer behaving now?

Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted EEK clean log;
  • Answer to my question about your computer current status;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 October 2016 - 03:48 PM

here is the jrt one

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Dareon (Administrator) on Thu 10/13/2016 at 14:43:15.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Program Files (x86)\GUTAEF4.tmp (File)

Deleted the following from C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/13/2016 at 14:47:24.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#12 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 October 2016 - 03:59 PM

here is adwcleaner

 

# AdwCleaner v6.021 - Logfile created 13/10/2016 at 14:51:30
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-13.2 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dareon - OWNER-PC
# Running from : C:\Users\Dareon.Owner-PC\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Program Files (x86)\Yahoo!\Companion


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com


***** [ Web browsers ] *****

[-] [C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2327 Bytes] - [13/10/2016 14:51:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [2451 Bytes] - [13/10/2016 14:50:43]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2473 Bytes] ##########
 



#13 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 October 2016 - 04:12 PM

emsisoft found nothing so this is what i got

 

Emsisoft Emergency Kit - Version 11.9
Last update: 10/13/2016 3:05:48 PM
User account: Owner-PC\Dareon
Computer name: OWNER-PC
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    10/13/2016 3:06:18 PM

Scanned    75349
Found    0

Scan end:    10/13/2016 3:11:54 PM
Scan time:    0:05:36
 



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:36 AM

Posted 13 October 2016 - 04:14 PM

Awesome :) How's your computer running now? And we'll grab a new pair of FRST logs to make sure there's nothing left.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of both FRST.txt and Addition.txt in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 13 October 2016 - 04:16 PM

its running fine i will have the frst logs in a minute






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users