Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer locking up, things freezing.


  • This topic is locked This topic is locked
4 replies to this topic

#1 Divinelsx

Divinelsx

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 29 October 2016 - 01:31 AM

About 4-5 months ago I was having problems running a game called League Of Legends... I ran a disk scan and looked for errors. It runs but it seems to not fix anything, now I'm seeing a lot of programs on my computer are freezing up. Not really sure what to run, it would be much appreciated if somebody would help me.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2016
Ran by Stephen (administrator) on STEPHEN-PC (29-10-2016 02:38:38)
Running from C:\Users\Stephen\Desktop
Loaded Profiles: Stephen (Available Profiles: Stephen)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
(Razer Inc.) C:\Program Files\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Nota Inc.) C:\Program Files\Gyazo\GyStation.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Razer Synapse] => C:\Program Files\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25424008 2016-10-24] (Dropbox, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-2442070009-41494806-3721028810-1000\...\Run: [Gyazo] => C:\Program Files\Gyazo\GyStation.exe [3582240 2016-08-03] (Nota Inc.)
HKU\S-1-5-21-2442070009-41494806-3721028810-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6854360 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-2442070009-41494806-3721028810-1000\...\Run: [Steam] => C:\Program Files\Steam1\steam.exe [2860832 2016-10-12] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-11-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2442070009-41494806-3721028810-1000] => 87.229.45.91:32467
AutoConfigURL: [S-1-5-21-2442070009-41494806-3721028810-1000] => 87.229.45.91:32467
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{B7980541-7BF6-4784-8824-09ECFF90ABA5}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2442070009-41494806-3721028810-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2442070009-41494806-3721028810-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

FireFox:
========
FF DefaultProfile: nm0d48h7.default
FF ProfilePath: C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\nm0d48h7.default [2016-10-29]
FF Extension: (All Aboard) - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\nm0d48h7.default\Extensions\@all-aboard-v1 [2016-07-15]
FF Extension: (IPFlood) - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\nm0d48h7.default\Extensions\ipbleep@p4ul.info.xpi [2016-08-25]
FF Extension: (iMacros for Firefox) - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\nm0d48h7.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}.xpi [2016-10-21]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome:
=======
CHR StartupUrls: Default -> "","hxxp://www.google.com/"
CHR Profile: C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default [2016-10-29]
CHR Extension: (Google Drive) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25]
CHR Extension: (YouTube) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-25]
CHR Extension: (Adblock Plus) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-29]
CHR Extension: (Slither.io Mods) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnlenmmkifnhllnjfoangnjokeadhbbk [2016-05-11]
CHR Extension: (Google Search) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25]
CHR Extension: (TastyPlug) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\faccgibalfdoihmenknhpfhldkmgaang [2016-10-20]
CHR Extension: (Google Docs Offline) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-10-25]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajfgnegopeedndeahkdjedjkjcmnpb [2016-09-20]
CHR Extension: (Agarbot) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhonokokepghkkabpbckpelkodnldlmi [2015-12-03]
CHR Extension: (KProxy Background App) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\maicibfoihmlppibfkljeljefamfndbp [2016-09-23]
CHR Extension: (BlackArt) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdhhaelinffalopkfaimjimjalhjkng [2016-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Gmail) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-25]
CHR Extension: (Chrome Media Router) - C:\Users\Stephen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65128 2016-01-11] (CyberGhost S.R.L)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [35440 2016-10-24] (Dropbox, Inc.)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [2718840 2016-10-13] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.exe [103168 2016-10-13] ()
R2 Razer Chroma SDK Service; C:\Program Files\Razer Chroma SDK\bin\RzSDKService.exe [57856 2016-01-10] (Razer Inc.) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AFTrafMgr1.1; C:\Program Files\Hotspot Shield\bin\TrafMgr_1_1_32.sys [47544 2016-10-04] (AnchorFree Inc.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-07-13] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-07-13] (Disc Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [101792 2016-08-04] (Eugene V. Muzychenko)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11728 2016-03-02] (Windows ® Win 7 DDK provider)
R3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [48640 2009-08-23] (Atheros Communications, Inc.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2016-09-09] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [47944 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [20288 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [63808 2015-12-14] (Razer, Inc.)
R3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [174792 2015-08-13] (Razer Inc)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [36944 2016-10-13] (Anchorfree Inc.)
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable_win7.sys [34024 2013-07-11] (Windows ® Win 7 DDK provider)
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\Users\Stephen\AppData\Local\Temp\catchme.sys [X]
S3 cpuz138; \??\C:\Users\Stephen\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-29 02:38 - 2016-10-29 02:40 - 00013992 _____ C:\Users\Stephen\Desktop\FRST.txt
2016-10-29 02:38 - 2016-10-29 02:38 - 00000000 ____D C:\FRST
2016-10-29 02:38 - 2016-10-29 02:37 - 01757184 _____ (Farbar) C:\Users\Stephen\Desktop\FRST.exe
2016-10-29 02:37 - 2016-10-29 02:37 - 01757184 _____ (Farbar) C:\Users\Stephen\Downloads\FRST.exe
2016-10-29 02:23 - 2016-10-29 02:23 - 00000000 ____D C:\Program Files\Tweaking.com
2016-10-29 02:22 - 2016-10-29 02:23 - 00181899 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-10-29 02:21 - 2016-10-29 02:22 - 29306344 _____ (Tweaking.com) C:\Users\Stephen\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-10-29 02:18 - 2016-10-29 02:19 - 00015961 _____ C:\Users\Stephen\Desktop\MTB.txt
2016-10-29 02:16 - 2016-10-29 02:16 - 00892416 _____ (Farbar) C:\Users\Stephen\Downloads\MiniToolBox.exe
2016-10-29 02:16 - 2016-10-29 02:16 - 00892416 _____ (Farbar) C:\Users\Stephen\Desktop\MiniToolBox.exe
2016-10-28 23:29 - 2016-10-28 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-24 11:29 - 2016-10-24 11:33 - 00000144 _____ C:\Users\Stephen\Desktop\Materials for build.txt
2016-10-24 09:06 - 2016-10-24 09:06 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-24 09:06 - 2016-10-24 09:06 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-24 09:06 - 2016-10-24 09:06 - 00063600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-24 09:06 - 2016-10-24 09:06 - 00035440 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-23 10:24 - 2016-10-23 10:24 - 00000008 _____ C:\Users\Stephen\Desktop\11.311313
2016-10-23 05:12 - 2016-10-23 05:13 - 00000062 _____ C:\Users\Stephen\Desktop\voting on fear.txt
2016-10-22 18:18 - 2016-10-22 18:18 - 00000000 ____D C:\Program Files\File Recovery
2016-10-22 08:14 - 2016-10-22 08:14 - 28366090 _____ C:\Users\Stephen\Downloads\kgjzyc.flv
2016-10-22 06:34 - 2016-10-22 06:34 - 00015254 _____ C:\Users\Stephen\Downloads\replay-0_672429_2192032131.osr
2016-10-21 03:37 - 2016-10-21 03:37 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-21 03:37 - 2016-10-21 03:37 - 00001105 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-10-21 03:37 - 2016-10-21 03:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-10-21 03:35 - 2016-10-21 03:36 - 00243520 _____ C:\Users\Stephen\Downloads\Firefox Setup Stub 49.0.2.exe
2016-10-19 22:51 - 2016-10-19 22:51 - 00000032 _____ C:\Users\Stephen\Desktop\Alt that needs to transfer host.txt
2016-10-19 19:36 - 2016-10-19 19:36 - 03175360 _____ C:\Users\Stephen\Downloads\472440 KAKU P-MODEL - Big Brother.osz
2016-10-19 14:48 - 2016-10-22 22:33 - 00000000 ____D C:\Program Files\Recuva
2016-10-19 14:48 - 2016-10-19 14:48 - 00001795 _____ C:\Users\Public\Desktop\Recuva.lnk
2016-10-19 14:48 - 2016-10-19 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-10-19 03:08 - 2016-10-19 03:08 - 00341589 _____ C:\Users\Stephen\Downloads\TigurForge-1.1.jar
2016-10-18 19:00 - 2016-10-18 19:02 - 05562976 _____ (Piriform Ltd) C:\Users\Stephen\Downloads\rcsetup153.exe
2016-10-18 18:57 - 2016-10-18 18:58 - 02843064 _____ (File Recovery Ltd. ) C:\Users\Stephen\Downloads\undelete-360-setup.exe
2016-10-18 04:35 - 2016-10-29 03:10 - 00000000 ____D C:\Users\Stephen\Desktop\Minecraft Spam Bot
2016-10-18 04:16 - 2016-10-18 04:16 - 00000000 ____D C:\Users\Stephen\AppData\Local\CrashRpt
2016-10-18 04:09 - 2016-10-18 04:16 - 00001078 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk
2016-10-18 04:08 - 2016-10-18 04:15 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-10-18 04:08 - 2016-10-18 04:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2016-10-18 04:06 - 2016-10-18 04:16 - 00000000 ____D C:\Program Files\Hotspot Shield
2016-10-18 04:04 - 2016-10-18 04:05 - 13986912 _____ C:\Users\Stephen\Downloads\HSS-6.0.4-install-hss-815-ext.exe
2016-10-18 03:58 - 2016-10-25 22:32 - 00001866 _____ C:\Users\Stephen\Desktop\spambot.txt
2016-10-18 03:54 - 2016-10-18 03:54 - 01222159 _____ C:\Users\Stephen\Downloads\OptiFine_1.7.10_HD_U_D6.jar
2016-10-18 03:30 - 2016-10-18 03:31 - 01188390 _____ C:\Users\Stephen\Downloads\OptiFine_1.7.2_HD_U_E4.jar
2016-10-18 00:39 - 2016-10-24 11:04 - 00004206 _____ C:\Users\Stephen\Desktop\Alts check.txt
2016-10-17 23:47 - 2016-10-18 00:16 - 00000746 _____ C:\Users\Stephen\Desktop\Working ALTS.txt
2016-10-17 23:23 - 2016-10-17 23:24 - 00000064 _____ C:\Users\Stephen\Desktop\Future Diary.txt
2016-10-17 17:19 - 2016-10-17 17:21 - 00000134 _____ C:\Users\Stephen\Desktop\Alts work.txt
2016-10-17 17:13 - 2016-10-18 00:39 - 00001605 _____ C:\Users\Stephen\Desktop\Alt gen check.txt
2016-10-17 03:05 - 2016-10-17 03:07 - 00000057 _____ C:\Users\Stephen\Desktop\steam accs.txt
2016-10-13 16:07 - 2016-10-13 16:07 - 00036944 _____ (Anchorfree Inc.) C:\Windows\system32\Drivers\taphss6.sys
2016-10-12 16:54 - 2016-10-12 16:51 - 00357467 _____ C:\Users\Stephen\Desktop\1Click.jar
2016-10-12 10:37 - 2016-10-25 21:08 - 00001033 _____ C:\Users\Stephen\Desktop\get yt2mp3.txt
2016-10-11 16:46 - 2016-09-12 16:54 - 00067816 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-11 16:46 - 2016-09-12 16:49 - 01017856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-11 16:46 - 2016-09-09 11:53 - 01406976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-11 16:46 - 2016-09-09 11:53 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-11 16:46 - 2016-09-09 11:53 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-11 16:46 - 2016-09-09 11:53 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-11 16:46 - 2016-09-09 11:53 - 00213504 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-11 16:46 - 2016-09-09 11:53 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-11 16:46 - 2016-09-09 11:53 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-11 16:46 - 2016-08-16 16:27 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-11 16:46 - 2016-08-16 16:27 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-11 16:46 - 2016-08-16 16:26 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-11 16:46 - 2016-08-16 16:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-11 16:46 - 2016-08-16 16:26 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-11 16:46 - 2016-08-16 16:26 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-11 16:46 - 2016-08-16 16:26 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-11 16:46 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-11 16:43 - 2016-09-30 15:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-11 16:43 - 2016-09-30 11:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-10-11 16:43 - 2016-09-30 11:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-11 16:43 - 2016-09-30 01:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-11 16:43 - 2016-09-30 01:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-11 16:43 - 2016-09-30 01:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-11 16:43 - 2016-09-30 01:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-11 16:43 - 2016-09-30 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-11 16:43 - 2016-09-30 01:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-11 16:43 - 2016-09-30 01:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-11 16:43 - 2016-09-30 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-11 16:43 - 2016-09-30 01:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-11 16:43 - 2016-09-30 01:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-11 16:43 - 2016-09-30 01:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-11 16:43 - 2016-09-30 01:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-11 16:43 - 2016-09-30 01:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-11 16:43 - 2016-09-30 01:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-11 16:43 - 2016-09-30 01:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-11 16:43 - 2016-09-30 01:32 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-11 16:43 - 2016-09-30 01:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-11 16:43 - 2016-09-30 01:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-11 16:43 - 2016-09-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-11 16:43 - 2016-09-30 01:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-11 16:43 - 2016-09-30 01:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-11 16:43 - 2016-09-30 01:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-11 16:43 - 2016-09-30 01:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-11 16:43 - 2016-09-30 01:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-11 16:43 - 2016-09-30 01:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-11 16:43 - 2016-09-30 01:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-11 16:43 - 2016-09-30 01:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-11 16:43 - 2016-09-30 01:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-11 16:43 - 2016-09-30 01:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-11 16:43 - 2016-09-30 01:05 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-11 16:43 - 2016-09-30 01:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-11 16:43 - 2016-09-30 00:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-11 16:43 - 2016-09-30 00:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-11 16:43 - 2016-09-30 00:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-11 16:43 - 2016-09-15 11:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-11 16:43 - 2016-09-15 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-11 16:43 - 2016-09-12 16:53 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-11 16:43 - 2016-09-12 16:53 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-11 16:43 - 2016-09-12 16:49 - 01063936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-11 16:43 - 2016-09-12 16:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-11 16:43 - 2016-09-12 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-11 16:43 - 2016-09-12 16:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-11 16:43 - 2016-09-12 16:26 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-11 16:43 - 2016-09-12 16:26 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-11 16:43 - 2016-09-12 16:26 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-11 16:43 - 2016-09-12 16:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-11 16:43 - 2016-09-12 16:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-11 16:43 - 2016-09-12 16:25 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-11 16:43 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-11 16:43 - 2016-09-12 15:08 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-11 16:43 - 2016-09-10 11:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-11 16:43 - 2016-09-09 14:01 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-11 16:43 - 2016-09-09 14:00 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-11 16:43 - 2016-09-09 14:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-11 16:43 - 2016-09-09 13:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-11 16:43 - 2016-09-09 13:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-11 16:43 - 2016-09-09 13:59 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-11 16:43 - 2016-09-09 13:59 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-11 16:43 - 2016-09-09 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-11 16:43 - 2016-09-09 13:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-11 16:43 - 2016-09-09 13:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-11 16:43 - 2016-09-09 13:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-11 16:43 - 2016-09-09 13:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-11 16:43 - 2016-09-09 13:39 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-11 16:43 - 2016-09-09 13:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-11 16:43 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-11 16:43 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-11 16:43 - 2016-09-08 10:49 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-11 16:43 - 2016-09-08 10:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-11 16:43 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-11 16:43 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-11 16:43 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-11 16:43 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-11 16:43 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-11 16:43 - 2016-08-12 12:21 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-11 16:43 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-11 16:43 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-11 16:43 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-11 16:43 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-11 16:43 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-11 16:43 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-11 16:43 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-11 16:43 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-11 16:43 - 2016-06-14 11:25 - 00078568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-11 16:43 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-11 16:43 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-11 16:43 - 2016-06-14 11:17 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-11 16:43 - 2016-06-14 11:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-11 16:43 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-11 16:43 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-11 16:43 - 2016-06-14 11:00 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-11 16:43 - 2016-06-14 10:55 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-11 16:43 - 2016-06-14 10:55 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-11 16:43 - 2016-06-14 10:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-11 16:42 - 2016-08-29 11:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-11 16:42 - 2016-08-29 11:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-11 16:42 - 2016-08-29 11:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-11 16:42 - 2016-08-29 10:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-06 03:02 - 2016-10-06 03:10 - 00000000 ____D C:\Dank
2016-10-06 02:44 - 2016-10-06 02:44 - 24699392 _____ () C:\Users\Stephen\Desktop\sarefine ss tool.exe
2016-10-03 20:54 - 2016-10-03 20:54 - 00000000 ____D C:\Users\Stephen\AppData\LocalLow\Temp
2016-10-03 19:59 - 2016-10-03 19:59 - 00001620 _____ C:\Users\Stephen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackboard Collaborate Launcher.lnk
2016-10-03 19:58 - 2016-10-03 20:46 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\Blackboard
2016-10-03 19:58 - 2016-10-03 19:58 - 00000000 ____D C:\Users\Stephen\AppData\Local\Blackboard
2016-09-30 16:41 - 2016-10-29 02:10 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\.minecraft
2016-09-30 04:28 - 2016-09-30 04:28 - 00000000 ____D C:\Riot Games
2016-09-30 04:28 - 2016-09-30 04:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-09-30 04:19 - 2016-09-30 04:19 - 00000000 ____D C:\New folder
2016-09-30 03:22 - 2016-09-30 03:22 - 00003075 _____ C:\Users\Stephen\Desktop\Hextech Repair Tool.lnk
2016-09-30 03:22 - 2016-09-30 03:22 - 00000000 ____D C:\Program Files\Hextech Repair Tool

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-29 03:10 - 2015-11-25 22:44 - 00000000 ____D C:\Program Files\Common Files\Steam
2016-10-29 03:10 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-10-29 03:09 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\registration
2016-10-29 02:36 - 2015-11-30 23:20 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\Skype
2016-10-29 02:36 - 2015-11-25 23:00 - 00000000 ____D C:\Users\Stephen\AppData\Local\osu!
2016-10-29 02:18 - 2016-09-07 07:13 - 00000898 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-10-29 02:16 - 2016-04-24 00:17 - 00001075 _____ C:\Users\Stephen\Desktop\nativelog.txt
2016-10-29 01:52 - 2015-11-25 22:21 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-29 01:31 - 2016-09-09 11:47 - 00000000 ____D C:\Program Files\Steam1
2016-10-29 00:30 - 2009-07-14 00:34 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-29 00:30 - 2009-07-14 00:34 - 00017136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-29 00:23 - 2015-12-04 20:16 - 00000000 ___RD C:\Users\Stephen\Dropbox
2016-10-29 00:19 - 2016-09-07 07:13 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-10-29 00:19 - 2015-11-25 22:21 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-29 00:19 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-28 23:29 - 2015-12-04 20:11 - 00000000 ____D C:\Program Files\Dropbox
2016-10-28 23:13 - 2015-11-25 10:56 - 00000000 ____D C:\Users\Stephen
2016-10-26 22:49 - 2016-04-24 00:17 - 00000000 ____D C:\Users\Stephen\Desktop\game
2016-10-25 12:10 - 2015-11-30 23:19 - 00000000 ___RD C:\Program Files\Skype
2016-10-24 06:00 - 2015-12-04 01:08 - 00000000 ____D C:\Users\Stephen\AppData\Roaming\TS3Client
2016-10-21 03:37 - 2016-07-15 06:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-20 01:09 - 2016-09-07 20:57 - 00000000 ____D C:\Users\Stephen\Desktop\Moms pictures - And folders
2016-10-17 23:17 - 2016-09-20 17:28 - 00000000 ____D C:\Users\Stephen\Desktop\Songss
2016-10-17 17:12 - 2016-08-27 19:31 - 00000196 _____ C:\Users\Stephen\Desktop\Tigur 1.7 - 1.8.txt
2016-10-17 02:33 - 2016-02-10 06:25 - 00000000 ____D C:\Users\Stephen\Desktop\School folder
2016-10-12 01:32 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2016-10-12 00:31 - 2015-11-25 11:02 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-12 00:25 - 2016-09-12 09:17 - 00269104 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-11 23:50 - 2015-11-25 11:25 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-11 23:50 - 2015-11-25 11:25 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-11 23:49 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\Dism
2016-10-11 22:55 - 2015-11-25 11:17 - 00000000 ____D C:\Windows\system32\MRT
2016-10-11 22:47 - 2015-11-25 11:17 - 141042968 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-03 19:59 - 2016-09-12 07:15 - 00000000 __SHD C:\AI_RecycleBin
2016-10-01 12:57 - 2015-12-04 20:11 - 00000000 ____D C:\Users\Stephen\AppData\Local\Dropbox

==================== Files in the root of some directories =======

2016-08-12 05:19 - 2016-08-12 05:19 - 0000513 _____ () C:\Users\Stephen\AppData\Roaming\jd-gui.cfg
2016-02-22 12:19 - 2016-09-09 07:06 - 0000600 _____ () C:\Users\Stephen\AppData\Local\PUTTY.RND
2015-12-09 03:52 - 2015-12-09 03:52 - 0000003 _____ () C:\Users\Stephen\AppData\Local\updater.log
2015-12-09 03:52 - 2016-08-30 12:49 - 0000059 _____ () C:\Users\Stephen\AppData\Local\UserProducts.xml
2016-09-21 23:57 - 2016-09-21 23:57 - 0000000 _____ () C:\Users\Stephen\AppData\Local\{B4360B11-12B3-4C6B-A429-034F89158810}
2015-12-18 19:27 - 2015-12-18 19:27 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-133103299125554223.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-1712863165648208746.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-2044699148552579406.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-2629432324569404578.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-4581545913115472323.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-4943142195289279415.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-5910413105558175308.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-698332402076571912.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-6996588132165610813.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-8528905567792234218.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-8697466900068829185.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-8860226431082231201.dll
C:\Users\Stephen\AppData\Local\Temp\JNativeHook-FCBC1DC5993F3B7C153159E29CD4364927BC9517.dll
C:\Users\Stephen\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-26 02:49

==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   42.88KB   4 downloads

Edited by Oh My!, 01 November 2016 - 07:50 PM.


BC AdBot (Login to Remove)

 


#2 Divinelsx

Divinelsx
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:34 AM

Posted 29 October 2016 - 05:06 PM

Updated thread with logs  :lmao:



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:34 PM

Posted 01 November 2016 - 07:53 PM

Greetings Divinelsx and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

When you ran a FRST scan an Addition.txt document should have been created. If you can locate it please copy and paste the information in your reply.

In addition, please do this.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click C:\Program Files (86)\gsmartcontrol (select the application and not the Icon)
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive C: drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Addition.txt
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:34 PM

Posted 04 November 2016 - 09:41 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:34 PM

Posted 07 November 2016 - 10:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users