Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

High CPU Usage due to svchost.exe (netsvcs) and pop-ups starting chrome


  • This topic is locked This topic is locked
7 replies to this topic

#1 Alkai

Alkai

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 13 November 2016 - 10:30 AM

Hey!
 
For a while when starting Google Chrome i kept getting directed to advertisements and i got pop-ups automatically. Recently it stopped showing me the advertisement and pop-ups but now opens this link: file:///C:/Program%20Files%20(x86)/Google/Chrome/Application/54.0.2840.71/ , showing me the file location of my chrome application. Also my CPU usage is really high with round about 50% of all the usage coming from ​svchost.exe (netsvcs) which seems really weird to me. Thanks for all the help :) 

This is the FRST log i got when i scanned my PC:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Leo (administrator) on LEO-PC (13-11-2016 16:11:47)
Running from C:\Users\Leo\Desktop\Magic image packs
Loaded Profiles: Leo (Available Profiles: Leo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Spotify Ltd) C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Leo\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Leo\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Leo\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Leo\AppData\Roaming\Spotify\Spotify.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\Run: [Spotify Web Helper] => C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-12] (Spotify Ltd)
HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-26] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{4E0B7E0E-EFD7-4E18-9066-8978B9EC2980}: [DhcpNameServer] 192.168.2.1
ManualProxies: 
 
Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-18] (Oracle Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-26]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-18] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> E:\Adobe Reader\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default [2016-11-13]
CHR Extension: (ProxFlow) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-10-10]
CHR Extension: (Google Präsentationen) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-02]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-11-11]
CHR Extension: (BetterTTV) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Docs) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-02]
CHR Extension: (Google Drive) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google-Suche) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Avast SafePrice) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-26]
CHR Extension: (Google Tabellen) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-31]
CHR Extension: (Twitch Now) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2016-07-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Mail) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-17] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-13 16:11 - 2016-11-13 16:11 - 00000000 ____D C:\FRST
2016-11-13 15:44 - 2016-11-13 15:44 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-11-13 01:22 - 2016-11-13 01:22 - 00000000 ____D C:\Users\Leo\Documents\Lightshot
2016-11-13 01:20 - 2016-11-13 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-11-08 21:48 - 2016-04-21 17:17 - 00000000 ____D C:\Users\Leo\Desktop\Touhou 7 – Perfect Cherry Blossom (English Patched) PC
2016-10-19 01:50 - 2016-09-30 21:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-19 01:50 - 2016-09-30 20:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-19 01:50 - 2016-09-30 16:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-19 01:50 - 2016-09-30 16:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-19 01:50 - 2016-09-30 16:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-19 01:50 - 2016-09-30 08:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-19 01:50 - 2016-09-30 07:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-19 01:50 - 2016-09-30 07:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-19 01:50 - 2016-09-30 07:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-19 01:50 - 2016-09-30 07:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-19 01:50 - 2016-09-30 07:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-19 01:50 - 2016-09-30 07:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-19 01:50 - 2016-09-30 07:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-19 01:50 - 2016-09-30 07:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-19 01:50 - 2016-09-30 07:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-19 01:50 - 2016-09-30 07:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-19 01:50 - 2016-09-30 07:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-19 01:50 - 2016-09-30 07:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-19 01:50 - 2016-09-30 07:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-19 01:50 - 2016-09-30 07:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-19 01:50 - 2016-09-30 07:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-19 01:50 - 2016-09-30 07:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-19 01:50 - 2016-09-30 07:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-19 01:50 - 2016-09-30 07:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-19 01:50 - 2016-09-30 06:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-19 01:50 - 2016-09-30 06:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-19 01:50 - 2016-09-30 06:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-19 01:50 - 2016-09-30 06:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-19 01:50 - 2016-09-30 06:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-19 01:50 - 2016-09-30 06:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-19 01:50 - 2016-09-30 06:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-19 01:50 - 2016-09-30 06:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-19 01:50 - 2016-09-30 06:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-19 01:50 - 2016-09-30 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-19 01:50 - 2016-09-30 06:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-19 01:50 - 2016-09-30 06:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-19 01:50 - 2016-09-30 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-19 01:50 - 2016-09-30 06:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-19 01:50 - 2016-09-30 06:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-19 01:50 - 2016-09-30 06:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-19 01:50 - 2016-09-30 06:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-19 01:50 - 2016-09-30 06:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-19 01:50 - 2016-09-30 06:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-19 01:50 - 2016-09-30 06:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-19 01:50 - 2016-09-30 06:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-19 01:50 - 2016-09-30 06:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-19 01:50 - 2016-09-30 06:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-19 01:50 - 2016-09-30 06:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-19 01:50 - 2016-09-30 06:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-19 01:50 - 2016-09-30 06:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-19 01:50 - 2016-09-30 06:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-19 01:50 - 2016-09-30 06:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-19 01:50 - 2016-09-30 06:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-19 01:50 - 2016-09-30 06:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-19 01:50 - 2016-09-30 06:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-19 01:50 - 2016-09-30 06:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-19 01:50 - 2016-09-30 06:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-19 01:50 - 2016-09-30 06:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-19 01:50 - 2016-09-30 06:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-19 01:50 - 2016-09-30 06:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-19 01:50 - 2016-09-30 06:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-19 01:50 - 2016-09-30 06:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-19 01:50 - 2016-09-30 06:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-19 01:50 - 2016-09-30 06:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-19 01:50 - 2016-09-30 06:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-19 01:50 - 2016-09-30 05:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-19 01:50 - 2016-09-30 05:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-19 01:50 - 2016-09-30 05:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-19 01:50 - 2016-09-30 05:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-19 01:50 - 2016-09-15 16:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-19 01:50 - 2016-09-15 16:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-19 01:50 - 2016-09-15 16:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-19 01:50 - 2016-09-15 16:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-19 01:50 - 2016-09-12 22:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-19 01:50 - 2016-09-12 22:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-19 01:50 - 2016-09-12 22:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-19 01:50 - 2016-09-12 21:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-19 01:50 - 2016-09-12 21:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-19 01:50 - 2016-09-12 21:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-19 01:50 - 2016-09-12 21:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-19 01:50 - 2016-09-12 21:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-19 01:50 - 2016-09-12 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-19 01:50 - 2016-09-12 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-19 01:50 - 2016-09-12 21:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-19 01:50 - 2016-09-12 20:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-19 01:50 - 2016-09-12 19:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-19 01:50 - 2016-09-12 19:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-19 01:50 - 2016-09-10 17:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-19 01:50 - 2016-09-10 16:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-19 01:50 - 2016-09-09 19:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-19 01:50 - 2016-09-09 19:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-19 01:50 - 2016-09-09 19:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-19 01:50 - 2016-09-09 19:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-19 01:50 - 2016-09-09 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-19 01:50 - 2016-09-09 19:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-19 01:50 - 2016-09-09 19:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-19 01:50 - 2016-09-09 18:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-19 01:50 - 2016-09-09 18:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-19 01:50 - 2016-09-09 18:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-19 01:50 - 2016-09-09 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-19 01:50 - 2016-09-09 18:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-19 01:50 - 2016-09-09 18:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-19 01:50 - 2016-09-09 18:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-19 01:50 - 2016-09-09 18:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-19 01:50 - 2016-09-09 18:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-19 01:50 - 2016-09-09 18:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-19 01:50 - 2016-09-08 21:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-19 01:50 - 2016-09-08 21:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-19 01:50 - 2016-09-08 21:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-19 01:50 - 2016-09-08 21:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-19 01:50 - 2016-09-08 15:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-19 01:50 - 2016-09-08 15:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-19 01:50 - 2016-08-16 19:47 - 00419640 _____ C:\Windows\SysWOW64\locale.nls
2016-10-19 01:50 - 2016-08-16 19:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-19 01:50 - 2016-08-12 18:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-19 01:50 - 2016-08-12 18:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-19 01:50 - 2016-08-12 18:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-19 01:50 - 2016-08-12 18:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-19 01:50 - 2016-08-12 18:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-19 01:50 - 2016-08-12 17:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-19 01:50 - 2016-08-12 17:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-19 01:50 - 2016-08-12 17:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-19 01:50 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-19 01:50 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-19 01:50 - 2016-08-12 17:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-19 01:50 - 2016-08-06 16:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-19 01:50 - 2016-08-06 16:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-19 01:50 - 2016-08-06 16:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-19 01:50 - 2016-08-06 16:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-19 01:50 - 2016-08-06 16:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-19 01:50 - 2016-08-06 16:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-19 01:50 - 2016-08-06 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-19 01:50 - 2016-08-06 15:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-19 01:50 - 2016-08-06 15:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-19 01:50 - 2016-08-06 15:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-19 01:50 - 2016-06-14 18:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-19 01:50 - 2016-06-14 18:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-19 01:50 - 2016-06-14 18:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-19 01:50 - 2016-06-14 16:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-19 01:50 - 2016-06-14 16:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-19 01:50 - 2016-06-14 16:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-19 01:50 - 2016-06-14 16:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-19 01:50 - 2016-06-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-19 01:50 - 2016-06-14 16:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-19 01:50 - 2016-06-14 16:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-19 01:50 - 2016-06-14 16:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-19 01:49 - 2016-07-22 15:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-19 01:49 - 2016-07-22 15:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-13 16:12 - 2015-04-03 20:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-13 16:11 - 2015-04-11 15:13 - 00000000 ____D C:\Users\Leo\Desktop\Magic image packs
2016-11-13 16:09 - 2009-07-14 05:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-13 16:09 - 2009-07-14 05:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-13 16:07 - 2015-04-02 12:46 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Spotify
2016-11-13 16:02 - 2015-04-02 12:48 - 00000000 ____D C:\Users\Leo\AppData\Local\Spotify
2016-11-13 15:57 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-13 15:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-13 15:52 - 2015-04-02 11:54 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-13 15:27 - 2016-01-28 18:52 - 00000384 _____ C:\Windows\Tasks\update-sys.job
2016-11-13 15:09 - 2016-01-28 18:52 - 00000384 _____ C:\Windows\Tasks\update-S-1-5-21-106863883-1702173518-3343362997-1000.job
2016-11-13 15:09 - 2015-04-02 11:54 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-13 15:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-13 01:20 - 2016-01-28 18:52 - 00003254 _____ C:\Windows\System32\Tasks\update-S-1-5-21-106863883-1702173518-3343362997-1000
2016-11-13 01:20 - 2016-01-28 18:52 - 00000424 _____ C:\Users\Leo\AppData\Local\UserProducts.xml
2016-11-13 01:20 - 2016-01-28 18:52 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2016-11-12 21:31 - 2015-04-02 12:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-12 18:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2016-11-12 16:56 - 2015-04-14 18:45 - 00000000 ____D C:\Users\Leo\AppData\Roaming\TS3Client
2016-11-10 21:46 - 2015-04-02 13:01 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Skype
2016-11-10 19:46 - 2016-04-07 20:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-10 19:46 - 2016-03-23 12:33 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-11-10 19:46 - 2016-01-29 19:56 - 00001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-10 19:46 - 2015-07-15 15:38 - 00000994 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-11-10 19:46 - 2015-04-18 23:00 - 00000904 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-11-10 19:46 - 2015-04-02 12:48 - 00001763 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-11-10 19:46 - 2015-04-02 11:55 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-10 19:46 - 2015-04-02 11:45 - 00001393 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-10 19:46 - 2015-04-02 11:43 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-10 19:46 - 2015-04-02 11:43 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-10 19:46 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-10 19:46 - 2009-07-14 05:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-11-10 19:46 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-11-10 19:46 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-11-10 19:45 - 2016-09-15 22:33 - 00001108 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk
2016-11-10 19:45 - 2016-08-03 21:10 - 00000706 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-11-10 19:45 - 2016-07-27 01:32 - 00000963 _____ C:\Users\Leo\Desktop\Steam.lnk
2016-11-10 19:45 - 2016-07-21 23:57 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-10 19:45 - 2016-07-21 23:07 - 00000000 ____D C:\Users\Leo\AppData\Roaming\SparkTrust
2016-11-10 19:45 - 2016-07-21 23:07 - 00000000 ____D C:\ProgramData\SparkTrust
2016-11-10 19:45 - 2016-04-07 20:10 - 00001558 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-11-10 19:45 - 2016-03-21 16:31 - 00000767 _____ C:\Users\Leo\Desktop\CABAL Online (EU).lnk
2016-11-10 19:45 - 2016-03-21 16:31 - 00000767 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\CABAL Online (EU).lnk
2016-11-10 19:45 - 2016-01-29 22:26 - 00002112 _____ C:\Users\Leo\Desktop\Discord.lnk
2016-11-10 19:45 - 2016-01-29 19:56 - 00001001 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-10 19:45 - 2016-01-25 16:53 - 00000935 _____ C:\Users\Leo\Desktop\Open Broadcaster Software.lnk
2016-11-10 19:45 - 2016-01-18 18:04 - 00001424 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-11-10 19:45 - 2015-11-19 16:58 - 00001960 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-10 19:45 - 2015-10-24 20:23 - 00002151 _____ C:\Users\Leo\Desktop\DuelystLauncher.lnk
2016-11-10 19:45 - 2015-07-15 15:38 - 00000988 _____ C:\Users\Leo\Desktop\Curse.lnk
2016-11-10 19:45 - 2015-07-02 17:04 - 00001062 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\CABAL2 (US).lnk
2016-11-10 19:45 - 2015-06-30 13:16 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-11-10 19:45 - 2015-04-18 23:00 - 00000898 _____ C:\Users\Leo\Desktop\osu!.lnk
2016-11-10 19:45 - 2015-04-14 18:45 - 00001156 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-11-10 19:45 - 2015-04-08 19:22 - 00001149 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2016-11-10 19:45 - 2015-04-02 13:01 - 00002693 _____ C:\Users\Public\Desktop\Skype.lnk
2016-11-10 19:45 - 2015-04-02 12:48 - 00001757 _____ C:\Users\Leo\Desktop\Spotify.lnk
2016-11-10 19:45 - 2015-04-02 12:46 - 00001607 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-11-10 19:45 - 2015-04-02 11:55 - 00002173 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-10 19:45 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-11-10 19:45 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-11-10 19:33 - 2016-07-21 23:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-09 17:53 - 2016-04-07 20:10 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 18:51 - 2015-04-23 14:00 - 00000000 ____D C:\Users\Leo\AppData\Local\nuclearthrone
2016-10-31 21:11 - 2015-04-02 11:54 - 00000000 ____D C:\Users\Leo\AppData\Local\Google
2016-10-23 18:40 - 2015-12-11 19:42 - 00000000 ____D C:\Windows\rescache
2016-10-21 17:37 - 2015-04-02 13:01 - 00000000 ____D C:\ProgramData\Skype
2016-10-20 20:44 - 2015-04-02 13:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-19 14:47 - 2009-07-14 05:45 - 00293824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-19 03:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-19 03:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-19 02:06 - 2015-04-08 12:25 - 00000000 ____D C:\Windows\system32\MRT
2016-10-19 02:00 - 2015-04-08 12:25 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-19 00:12 - 2015-04-02 11:54 - 00069944 _____ C:\Users\Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-17 20:52 - 2015-04-02 12:14 - 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
 
==================== Files in the root of some directories =======
 
2016-07-21 23:07 - 2016-07-21 23:52 - 0000115 _____ () C:\Users\Leo\AppData\Roaming\LogFile.txt
2016-01-28 18:52 - 2016-01-28 18:52 - 0000003 _____ () C:\Users\Leo\AppData\Local\updater.log
2016-01-28 18:52 - 2016-11-13 01:20 - 0000424 _____ () C:\Users\Leo\AppData\Local\UserProducts.xml
2015-04-02 12:18 - 2015-04-02 12:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-27 18:30
 
==================== End of FRST.txt ============================

Edited by hamluis, 13 November 2016 - 11:10 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:16 AM

Posted 18 November 2016 - 10:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632154 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Alkai

Alkai
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 18 November 2016 - 11:06 AM

Hey,

No problem at all for the delay :). One thing i might be able to add is that I've already tried scanning for Malware with programs such as "Malwarebytes Anti-Malware" aswell as trying to scan for a Virus with "Avast Free Antivirus" and cleaned my PC with "CCleaner". 

The other FRST:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by Leo (administrator) on LEO-PC (18-11-2016 17:04:40)
Running from C:\Users\Leo\Desktop\Magic image packs
Loaded Profiles: Leo (Available Profiles: Leo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Spotify Ltd) C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\Run: [Spotify Web Helper] => C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-12] (Spotify Ltd)
HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-26] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{4E0B7E0E-EFD7-4E18-9066-8978B9EC2980}: [DhcpNameServer] 192.168.2.1
ManualProxies: 
 
Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-18] (Oracle Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-26]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-18] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> E:\Adobe Reader\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default [2016-11-18]
CHR Extension: (ProxFlow) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-10-10]
CHR Extension: (Google Präsentationen) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-02]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-11-11]
CHR Extension: (BetterTTV) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Docs) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-02]
CHR Extension: (Google Drive) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google-Suche) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Avast SafePrice) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Google Tabellen) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-31]
CHR Extension: (Twitch Now) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2016-07-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Mail) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-17] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-18 16:39 - 2016-11-18 16:39 - 00000000 ____D C:\Users\Leo\AppData\Roaming\LibreOffice
2016-11-18 16:38 - 2016-11-18 16:38 - 00001468 _____ C:\Users\Public\Desktop\LibreOffice 5.2.lnk
2016-11-18 16:38 - 2016-11-18 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
2016-11-18 16:38 - 2016-11-18 16:38 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2016-11-14 18:44 - 2016-11-14 19:07 - 00000100 _____ C:\Users\Leo\Desktop\New Text Document (2).txt
2016-11-13 16:49 - 2016-11-13 16:49 - 00059019 _____ C:\Users\Leo\Desktop\New Text Document.txt
2016-11-13 16:31 - 2016-11-17 21:47 - 00007602 _____ C:\Users\Leo\AppData\Local\Resmon.ResmonCfg
2016-11-13 16:12 - 2016-11-13 16:12 - 00034697 _____ C:\Users\Leo\Desktop\Addition.txt
2016-11-13 16:11 - 2016-11-18 17:04 - 00000000 ____D C:\FRST
2016-11-13 15:44 - 2016-11-13 15:44 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-11-13 01:22 - 2016-11-13 01:22 - 00000000 ____D C:\Users\Leo\Documents\Lightshot
2016-11-13 01:20 - 2016-11-13 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-11-08 21:48 - 2016-04-21 17:17 - 00000000 ____D C:\Users\Leo\Desktop\Touhou 7 – Perfect Cherry Blossom (English Patched) PC
2016-10-19 01:50 - 2016-09-30 21:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-19 01:50 - 2016-09-30 20:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-19 01:50 - 2016-09-30 16:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-19 01:50 - 2016-09-30 16:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-19 01:50 - 2016-09-30 16:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-19 01:50 - 2016-09-30 08:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-19 01:50 - 2016-09-30 07:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-19 01:50 - 2016-09-30 07:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-19 01:50 - 2016-09-30 07:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-19 01:50 - 2016-09-30 07:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-19 01:50 - 2016-09-30 07:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-19 01:50 - 2016-09-30 07:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-19 01:50 - 2016-09-30 07:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-19 01:50 - 2016-09-30 07:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-19 01:50 - 2016-09-30 07:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-19 01:50 - 2016-09-30 07:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-19 01:50 - 2016-09-30 07:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-19 01:50 - 2016-09-30 07:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-19 01:50 - 2016-09-30 07:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-19 01:50 - 2016-09-30 07:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-19 01:50 - 2016-09-30 07:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-19 01:50 - 2016-09-30 07:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-19 01:50 - 2016-09-30 07:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-19 01:50 - 2016-09-30 07:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-19 01:50 - 2016-09-30 06:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-19 01:50 - 2016-09-30 06:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-19 01:50 - 2016-09-30 06:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-19 01:50 - 2016-09-30 06:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-19 01:50 - 2016-09-30 06:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-19 01:50 - 2016-09-30 06:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-19 01:50 - 2016-09-30 06:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-19 01:50 - 2016-09-30 06:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-19 01:50 - 2016-09-30 06:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-19 01:50 - 2016-09-30 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-19 01:50 - 2016-09-30 06:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-19 01:50 - 2016-09-30 06:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-19 01:50 - 2016-09-30 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-19 01:50 - 2016-09-30 06:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-19 01:50 - 2016-09-30 06:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-19 01:50 - 2016-09-30 06:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-19 01:50 - 2016-09-30 06:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-19 01:50 - 2016-09-30 06:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-19 01:50 - 2016-09-30 06:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-19 01:50 - 2016-09-30 06:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-19 01:50 - 2016-09-30 06:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-19 01:50 - 2016-09-30 06:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-19 01:50 - 2016-09-30 06:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-19 01:50 - 2016-09-30 06:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-19 01:50 - 2016-09-30 06:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-19 01:50 - 2016-09-30 06:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-19 01:50 - 2016-09-30 06:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-19 01:50 - 2016-09-30 06:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-19 01:50 - 2016-09-30 06:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-19 01:50 - 2016-09-30 06:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-19 01:50 - 2016-09-30 06:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-19 01:50 - 2016-09-30 06:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-19 01:50 - 2016-09-30 06:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-19 01:50 - 2016-09-30 06:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-19 01:50 - 2016-09-30 06:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-19 01:50 - 2016-09-30 06:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-19 01:50 - 2016-09-30 06:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-19 01:50 - 2016-09-30 06:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-19 01:50 - 2016-09-30 06:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-19 01:50 - 2016-09-30 06:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-19 01:50 - 2016-09-30 06:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-19 01:50 - 2016-09-30 05:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-19 01:50 - 2016-09-30 05:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-19 01:50 - 2016-09-30 05:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-19 01:50 - 2016-09-30 05:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-19 01:50 - 2016-09-15 16:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-19 01:50 - 2016-09-15 16:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-19 01:50 - 2016-09-15 16:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-19 01:50 - 2016-09-15 16:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-19 01:50 - 2016-09-12 22:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-19 01:50 - 2016-09-12 22:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-19 01:50 - 2016-09-12 22:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-19 01:50 - 2016-09-12 22:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-19 01:50 - 2016-09-12 21:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-19 01:50 - 2016-09-12 21:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-19 01:50 - 2016-09-12 21:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-19 01:50 - 2016-09-12 21:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-19 01:50 - 2016-09-12 21:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-19 01:50 - 2016-09-12 21:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-19 01:50 - 2016-09-12 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-19 01:50 - 2016-09-12 21:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-19 01:50 - 2016-09-12 21:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-19 01:50 - 2016-09-12 20:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-19 01:50 - 2016-09-12 19:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-19 01:50 - 2016-09-12 19:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-19 01:50 - 2016-09-10 17:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-19 01:50 - 2016-09-10 16:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-19 01:50 - 2016-09-09 19:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-19 01:50 - 2016-09-09 19:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-19 01:50 - 2016-09-09 19:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 19:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-19 01:50 - 2016-09-09 19:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-19 01:50 - 2016-09-09 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-19 01:50 - 2016-09-09 19:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-19 01:50 - 2016-09-09 19:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-19 01:50 - 2016-09-09 18:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-19 01:50 - 2016-09-09 18:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-19 01:50 - 2016-09-09 18:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-19 01:50 - 2016-09-09 18:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-19 01:50 - 2016-09-09 18:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-19 01:50 - 2016-09-09 18:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-19 01:50 - 2016-09-09 18:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-19 01:50 - 2016-09-09 18:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-19 01:50 - 2016-09-09 18:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-19 01:50 - 2016-09-09 18:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-19 01:50 - 2016-09-09 18:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-19 01:50 - 2016-09-08 21:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-19 01:50 - 2016-09-08 21:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-19 01:50 - 2016-09-08 21:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-19 01:50 - 2016-09-08 21:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-19 01:50 - 2016-09-08 15:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-19 01:50 - 2016-09-08 15:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-19 01:50 - 2016-08-16 19:47 - 00419640 _____ C:\Windows\SysWOW64\locale.nls
2016-10-19 01:50 - 2016-08-16 19:47 - 00419640 _____ C:\Windows\system32\locale.nls
2016-10-19 01:50 - 2016-08-12 18:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-19 01:50 - 2016-08-12 18:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-19 01:50 - 2016-08-12 18:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-19 01:50 - 2016-08-12 18:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-19 01:50 - 2016-08-12 18:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-19 01:50 - 2016-08-12 17:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-19 01:50 - 2016-08-12 17:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-19 01:50 - 2016-08-12 17:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-19 01:50 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-19 01:50 - 2016-08-12 17:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-19 01:50 - 2016-08-12 17:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-19 01:50 - 2016-08-06 16:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-19 01:50 - 2016-08-06 16:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-19 01:50 - 2016-08-06 16:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-19 01:50 - 2016-08-06 16:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-19 01:50 - 2016-08-06 16:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-19 01:50 - 2016-08-06 16:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-19 01:50 - 2016-08-06 16:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-19 01:50 - 2016-08-06 16:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-19 01:50 - 2016-08-06 15:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-19 01:50 - 2016-08-06 15:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-19 01:50 - 2016-08-06 15:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-19 01:50 - 2016-06-14 18:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-19 01:50 - 2016-06-14 18:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-19 01:50 - 2016-06-14 18:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-19 01:50 - 2016-06-14 18:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-19 01:50 - 2016-06-14 16:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-19 01:50 - 2016-06-14 16:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-19 01:50 - 2016-06-14 16:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-19 01:50 - 2016-06-14 16:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-19 01:50 - 2016-06-14 16:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-19 01:50 - 2016-06-14 16:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-19 01:50 - 2016-06-14 16:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-19 01:50 - 2016-06-14 16:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-19 01:50 - 2016-06-14 16:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-19 01:49 - 2016-07-22 15:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-19 01:49 - 2016-07-22 15:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-18 17:04 - 2015-04-11 15:13 - 00000000 ____D C:\Users\Leo\Desktop\Magic image packs
2016-11-18 16:51 - 2015-04-02 11:54 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-18 16:42 - 2015-04-02 12:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-18 16:31 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-18 16:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-18 16:26 - 2015-04-02 11:54 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-18 16:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-17 23:29 - 2009-07-14 05:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-17 23:29 - 2009-07-14 05:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-17 23:27 - 2016-01-28 18:52 - 00000384 _____ C:\Windows\Tasks\update-sys.job
2016-11-17 23:12 - 2015-04-03 20:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-17 21:47 - 2015-04-02 12:46 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Spotify
2016-11-17 21:42 - 2015-04-02 12:48 - 00000000 ____D C:\Users\Leo\AppData\Local\Spotify
2016-11-17 21:20 - 2009-07-14 06:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-17 21:13 - 2016-01-28 18:52 - 00000384 _____ C:\Windows\Tasks\update-S-1-5-21-106863883-1702173518-3343362997-1000.job
2016-11-17 21:01 - 2015-04-02 13:01 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Skype
2016-11-17 16:02 - 2015-04-14 18:45 - 00000000 ____D C:\Users\Leo\AppData\Roaming\TS3Client
2016-11-16 18:14 - 2015-04-02 11:55 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-16 18:14 - 2015-04-02 11:55 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-13 21:00 - 2016-07-21 23:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 20:27 - 2016-08-19 22:01 - 00000000 ____D C:\Windows\Minidump
2016-11-13 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2016-11-13 01:20 - 2016-01-28 18:52 - 00003254 _____ C:\Windows\System32\Tasks\update-S-1-5-21-106863883-1702173518-3343362997-1000
2016-11-13 01:20 - 2016-01-28 18:52 - 00000424 _____ C:\Users\Leo\AppData\Local\UserProducts.xml
2016-11-13 01:20 - 2016-01-28 18:52 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2016-11-10 19:46 - 2016-04-07 20:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-10 19:46 - 2016-03-23 12:33 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-11-10 19:46 - 2016-01-29 19:56 - 00001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-10 19:46 - 2015-07-15 15:38 - 00000994 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-11-10 19:46 - 2015-04-18 23:00 - 00000904 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-11-10 19:46 - 2015-04-02 12:48 - 00001763 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-11-10 19:46 - 2015-04-02 11:45 - 00001393 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-10 19:46 - 2015-04-02 11:43 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-10 19:46 - 2015-04-02 11:43 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-10 19:46 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-10 19:46 - 2009-07-14 05:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-11-10 19:46 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-11-10 19:46 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-11-10 19:45 - 2016-09-15 22:33 - 00001108 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk
2016-11-10 19:45 - 2016-08-03 21:10 - 00000706 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-11-10 19:45 - 2016-07-27 01:32 - 00000963 _____ C:\Users\Leo\Desktop\Steam.lnk
2016-11-10 19:45 - 2016-07-21 23:57 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-10 19:45 - 2016-07-21 23:07 - 00000000 ____D C:\Users\Leo\AppData\Roaming\SparkTrust
2016-11-10 19:45 - 2016-07-21 23:07 - 00000000 ____D C:\ProgramData\SparkTrust
2016-11-10 19:45 - 2016-04-07 20:10 - 00001558 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-11-10 19:45 - 2016-03-21 16:31 - 00000767 _____ C:\Users\Leo\Desktop\CABAL Online (EU).lnk
2016-11-10 19:45 - 2016-03-21 16:31 - 00000767 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\CABAL Online (EU).lnk
2016-11-10 19:45 - 2016-01-29 22:26 - 00002112 _____ C:\Users\Leo\Desktop\Discord.lnk
2016-11-10 19:45 - 2016-01-29 19:56 - 00001001 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-10 19:45 - 2016-01-25 16:53 - 00000935 _____ C:\Users\Leo\Desktop\Open Broadcaster Software.lnk
2016-11-10 19:45 - 2016-01-18 18:04 - 00001424 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-11-10 19:45 - 2015-11-19 16:58 - 00001960 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-10 19:45 - 2015-10-24 20:23 - 00002151 _____ C:\Users\Leo\Desktop\DuelystLauncher.lnk
2016-11-10 19:45 - 2015-07-15 15:38 - 00000988 _____ C:\Users\Leo\Desktop\Curse.lnk
2016-11-10 19:45 - 2015-07-02 17:04 - 00001062 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\CABAL2 (US).lnk
2016-11-10 19:45 - 2015-06-30 13:16 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-11-10 19:45 - 2015-04-18 23:00 - 00000898 _____ C:\Users\Leo\Desktop\osu!.lnk
2016-11-10 19:45 - 2015-04-14 18:45 - 00001156 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-11-10 19:45 - 2015-04-08 19:22 - 00001149 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2016-11-10 19:45 - 2015-04-02 13:01 - 00002693 _____ C:\Users\Public\Desktop\Skype.lnk
2016-11-10 19:45 - 2015-04-02 12:48 - 00001757 _____ C:\Users\Leo\Desktop\Spotify.lnk
2016-11-10 19:45 - 2015-04-02 12:46 - 00001607 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-11-10 19:45 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-11-10 19:45 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-11-09 17:53 - 2016-04-07 20:10 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 18:51 - 2015-04-23 14:00 - 00000000 ____D C:\Users\Leo\AppData\Local\nuclearthrone
2016-10-31 21:11 - 2015-04-02 11:54 - 00000000 ____D C:\Users\Leo\AppData\Local\Google
2016-10-23 18:40 - 2015-12-11 19:42 - 00000000 ____D C:\Windows\rescache
2016-10-21 17:37 - 2015-04-02 13:01 - 00000000 ____D C:\ProgramData\Skype
2016-10-20 20:44 - 2015-04-02 13:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-19 14:47 - 2009-07-14 05:45 - 00293824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-19 03:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-19 03:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-19 02:06 - 2015-04-08 12:25 - 00000000 ____D C:\Windows\system32\MRT
2016-10-19 02:00 - 2015-04-08 12:25 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-19 00:12 - 2015-04-02 11:54 - 00069944 _____ C:\Users\Leo\AppData\Local\GDIPFONTCACHEV1.DAT
 
==================== Files in the root of some directories =======
 
2016-07-21 23:07 - 2016-07-21 23:52 - 0000115 _____ () C:\Users\Leo\AppData\Roaming\LogFile.txt
2016-11-13 16:31 - 2016-11-17 21:47 - 0007602 _____ () C:\Users\Leo\AppData\Local\Resmon.ResmonCfg
2016-01-28 18:52 - 2016-01-28 18:52 - 0000003 _____ () C:\Users\Leo\AppData\Local\updater.log
2016-01-28 18:52 - 2016-11-13 01:20 - 0000424 _____ () C:\Users\Leo\AppData\Local\UserProducts.xml
2015-04-02 12:18 - 2015-04-02 12:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-27 18:30
 
==================== End of FRST.txt ============================


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:16 AM

Posted 22 November 2016 - 06:16 AM

Alkai:

 

 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall.  I would like to address you by your first name, if that is alright with you since we will be working together.
 
I will be assisting you with your computer issues.  All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal  Instructor.  This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I apologize for the delay you encountered in getting assistance.  This Forum is very busy and resources are limited, but I am here now.
 
There is a new version of FRST available.  Please go to this link and download the 64-bit version of FRST.  Please ensure that "Addition.txt" is checked.  Then run new scans for me, please.
 
Please copy and paste the contents of both the "FRST.txt" file and the "Addition.txt" file into your next reply, as soon as possible.  While I am waiting for the new logs, I will start to review the latest FRST log that you submitted.
 
I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic.  That could take a few days.  Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the new FRST scan logs that you submit.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#5 Alkai

Alkai
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:16 AM

Posted 23 November 2016 - 11:20 AM

Hey Phil,

Thanks for helping :)

Conent of FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by Leo (administrator) on LEO-PC (23-11-2016 17:09:16)
Running from C:\Users\Leo\Desktop\Magic image packs
Loaded Profiles: Leo (Available Profiles: Leo)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Spotify Ltd) C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\LeagueClient.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\LeagueClientUx.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\LeagueClientUx.exe
() C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\LeagueClientUx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\Run: [Spotify Web Helper] => C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-12] (Spotify Ltd)
HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-26] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{4E0B7E0E-EFD7-4E18-9066-8978B9EC2980}: [DhcpNameServer] 192.168.2.1
ManualProxies: 
 
Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-18] (Oracle Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-26]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-18] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> E:\Adobe Reader\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default [2016-11-23]
CHR Extension: (ProxFlow) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-10-10]
CHR Extension: (Google Präsentationen) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-02]
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-11-11]
CHR Extension: (BetterTTV) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-06-03]
CHR Extension: (Google Docs) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-02]
CHR Extension: (Google Drive) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Adblock Plus) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Google-Suche) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Avast SafePrice) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-14]
CHR Extension: (Google Tabellen) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-02]
CHR Extension: (Google Docs Offline) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-31]
CHR Extension: (Twitch Now) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmbdmpjmlijibeockamioakdpmhjnpk [2016-07-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Google Mail) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\Leo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-22]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [419248 2016-06-07] (LogMeIn, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-17] (AVAST Software)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-23 17:07 - 2016-11-23 17:08 - 00000000 ____D C:\Users\Leo\Desktop\FRST
2016-11-18 16:39 - 2016-11-18 16:39 - 00000000 ____D C:\Users\Leo\AppData\Roaming\LibreOffice
2016-11-18 16:38 - 2016-11-18 16:38 - 00001468 _____ C:\Users\Public\Desktop\LibreOffice 5.2.lnk
2016-11-18 16:38 - 2016-11-18 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
2016-11-18 16:38 - 2016-11-18 16:38 - 00000000 ____D C:\Program Files (x86)\LibreOffice 5
2016-11-14 18:44 - 2016-11-14 19:07 - 00000100 _____ C:\Users\Leo\Desktop\New Text Document (2).txt
2016-11-13 16:49 - 2016-11-13 16:49 - 00059019 _____ C:\Users\Leo\Desktop\New Text Document.txt
2016-11-13 16:31 - 2016-11-22 20:10 - 00007602 _____ C:\Users\Leo\AppData\Local\Resmon.ResmonCfg
2016-11-13 16:11 - 2016-11-23 17:09 - 00000000 ____D C:\FRST
2016-11-13 15:44 - 2016-11-13 15:44 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-11-13 01:22 - 2016-11-13 01:22 - 00000000 ____D C:\Users\Leo\Documents\Lightshot
2016-11-13 01:20 - 2016-11-13 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-11-08 21:48 - 2016-04-21 17:17 - 00000000 ____D C:\Users\Leo\Desktop\Touhou 7 – Perfect Cherry Blossom (English Patched) PC
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-23 17:13 - 2016-01-28 18:52 - 00000384 _____ C:\Windows\Tasks\update-S-1-5-21-106863883-1702173518-3343362997-1000.job
2016-11-23 17:12 - 2015-04-03 20:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-23 17:09 - 2015-04-11 15:13 - 00000000 ____D C:\Users\Leo\Desktop\Magic image packs
2016-11-23 17:08 - 2016-03-26 18:00 - 00000074 _____ C:\Users\Leo\Desktop\New Text Document (16).txt
2016-11-23 16:52 - 2015-04-02 11:54 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-23 16:40 - 2015-04-02 13:01 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Skype
2016-11-23 16:38 - 2015-04-02 13:01 - 00000000 ____D C:\ProgramData\Skype
2016-11-23 16:37 - 2015-04-02 13:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-23 16:36 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-23 16:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-11-23 16:25 - 2015-04-02 11:54 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-23 16:24 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-22 22:48 - 2009-07-14 05:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-22 22:48 - 2009-07-14 05:45 - 00016832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-22 21:58 - 2015-04-02 12:46 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Spotify
2016-11-22 21:53 - 2015-04-02 12:48 - 00000000 ____D C:\Users\Leo\AppData\Local\Spotify
2016-11-22 20:31 - 2015-04-14 18:45 - 00000000 ____D C:\Users\Leo\AppData\Roaming\TS3Client
2016-11-22 20:09 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-22 19:27 - 2016-01-28 18:52 - 00000384 _____ C:\Windows\Tasks\update-sys.job
2016-11-22 19:23 - 2015-04-02 12:46 - 00001708 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-11-21 19:52 - 2015-04-02 12:45 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-19 20:44 - 2015-04-02 11:54 - 00088280 _____ C:\Users\Leo\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-19 20:44 - 2009-07-14 05:45 - 00371360 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-16 18:14 - 2015-04-02 11:55 - 00002191 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-16 18:14 - 2015-04-02 11:55 - 00002179 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-13 21:00 - 2016-07-21 23:58 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 20:27 - 2016-08-19 22:01 - 00000000 ____D C:\Windows\Minidump
2016-11-13 20:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs
2016-11-13 01:20 - 2016-01-28 18:52 - 00003254 _____ C:\Windows\System32\Tasks\update-S-1-5-21-106863883-1702173518-3343362997-1000
2016-11-13 01:20 - 2016-01-28 18:52 - 00000424 _____ C:\Users\Leo\AppData\Local\UserProducts.xml
2016-11-13 01:20 - 2016-01-28 18:52 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2016-11-10 19:46 - 2016-04-07 20:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-10 19:46 - 2016-03-23 12:33 - 00001181 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-11-10 19:46 - 2016-01-29 19:56 - 00001019 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-11-10 19:46 - 2015-07-15 15:38 - 00000994 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-11-10 19:46 - 2015-04-18 23:00 - 00000904 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-11-10 19:46 - 2015-04-02 12:48 - 00001763 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-11-10 19:46 - 2015-04-02 11:45 - 00001393 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-10 19:46 - 2015-04-02 11:43 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-10 19:46 - 2015-04-02 11:43 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-10 19:46 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-10 19:46 - 2009-07-14 05:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-11-10 19:46 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-11-10 19:46 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-11-10 19:45 - 2016-09-15 22:33 - 00001108 _____ C:\Users\Public\Desktop\Finale NotePad 2012.lnk
2016-11-10 19:45 - 2016-08-03 21:10 - 00000706 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-11-10 19:45 - 2016-07-27 01:32 - 00000963 _____ C:\Users\Leo\Desktop\Steam.lnk
2016-11-10 19:45 - 2016-07-21 23:57 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-10 19:45 - 2016-07-21 23:07 - 00000000 ____D C:\Users\Leo\AppData\Roaming\SparkTrust
2016-11-10 19:45 - 2016-07-21 23:07 - 00000000 ____D C:\ProgramData\SparkTrust
2016-11-10 19:45 - 2016-04-07 20:10 - 00001558 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-11-10 19:45 - 2016-03-21 16:31 - 00000767 _____ C:\Users\Leo\Desktop\CABAL Online (EU).lnk
2016-11-10 19:45 - 2016-03-21 16:31 - 00000767 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\CABAL Online (EU).lnk
2016-11-10 19:45 - 2016-01-29 22:26 - 00002112 _____ C:\Users\Leo\Desktop\Discord.lnk
2016-11-10 19:45 - 2016-01-29 19:56 - 00001001 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-10 19:45 - 2016-01-25 16:53 - 00000935 _____ C:\Users\Leo\Desktop\Open Broadcaster Software.lnk
2016-11-10 19:45 - 2016-01-18 18:04 - 00001424 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-11-10 19:45 - 2015-11-19 16:58 - 00001960 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-10 19:45 - 2015-10-24 20:23 - 00002151 _____ C:\Users\Leo\Desktop\DuelystLauncher.lnk
2016-11-10 19:45 - 2015-07-15 15:38 - 00000988 _____ C:\Users\Leo\Desktop\Curse.lnk
2016-11-10 19:45 - 2015-07-02 17:04 - 00001062 _____ C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\CABAL2 (US).lnk
2016-11-10 19:45 - 2015-06-30 13:16 - 00000000 ____D C:\Users\Leo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-11-10 19:45 - 2015-04-18 23:00 - 00000898 _____ C:\Users\Leo\Desktop\osu!.lnk
2016-11-10 19:45 - 2015-04-14 18:45 - 00001156 _____ C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2016-11-10 19:45 - 2015-04-08 19:22 - 00001149 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2016-11-10 19:45 - 2015-04-02 13:01 - 00002693 _____ C:\Users\Public\Desktop\Skype.lnk
2016-11-10 19:45 - 2015-04-02 12:48 - 00001757 _____ C:\Users\Leo\Desktop\Spotify.lnk
2016-11-10 19:45 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-11-10 19:45 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-11-09 17:53 - 2016-04-07 20:10 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 18:51 - 2015-04-23 14:00 - 00000000 ____D C:\Users\Leo\AppData\Local\nuclearthrone
2016-10-31 21:11 - 2015-04-02 11:54 - 00000000 ____D C:\Users\Leo\AppData\Local\Google
 
==================== Files in the root of some directories =======
 
2016-07-21 23:07 - 2016-07-21 23:52 - 0000115 _____ () C:\Users\Leo\AppData\Roaming\LogFile.txt
2016-11-13 16:31 - 2016-11-22 20:10 - 0007602 _____ () C:\Users\Leo\AppData\Local\Resmon.ResmonCfg
2016-01-28 18:52 - 2016-01-28 18:52 - 0000003 _____ () C:\Users\Leo\AppData\Local\updater.log
2016-01-28 18:52 - 2016-11-13 01:20 - 0000424 _____ () C:\Users\Leo\AppData\Local\UserProducts.xml
2015-04-02 12:18 - 2015-04-02 12:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-27 18:30
 
==================== End of FRST.txt ============================


Content of Addition.txt
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by Leo (23-11-2016 17:15:23)
Running from C:\Users\Leo\Desktop\Magic image packs
Windows 7 Ultimate Service Pack 1 (X64) (2015-04-02 10:45:36)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-106863883-1702173518-3343362997-500 - Administrator - Disabled)
Guest (S-1-5-21-106863883-1702173518-3343362997-501 - Limited - Disabled)
Leo (S-1-5-21-106863883-1702173518-3343362997-1000 - Administrator - Enabled) => C:\Users\Leo
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.23.0 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlerite Beta (HKLM\...\Steam App 427460) (Version:  - )
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
CABAL Online (EU) (HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\CabalOnline(EU)) (Version:  - )
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version:  - Vertigo Gaming)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
DARK SOULSâ„¢ II: Scholar of the First Sin (HKLM\...\Steam App 335300) (Version:  - FromSoftware, Inc)
Discord (HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DuelystLauncher (HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\launcher) (Version: 0.05 - Counterplay Games Inc.)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.1 - MakeMusic)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200091}) (Version:  - )
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
Heroes of Might and Magic V (HKLM-x32\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version:  - )
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
LibreOffice 5.2.3.3 (HKLM-x32\...\{30605C95-A3A0-4A08-AD58-9AE7ABA47B70}) (Version: 5.2.3.3 - The Document Foundation)
Lightshot-5.4.0.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.1 - Skillbrains)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.472 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.472 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mortal Kombat X (HKLM\...\Steam App 307780) (Version:  - NetherRealm Studios)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Ori and the Blind Forest (HKLM-x32\...\Steam App 261570) (Version:  - Moon Studios GmbH)
osu! (HKLM-x32\...\{dba524bc-fad5-4022-bbe0-dd40f10066e7}) (Version: latest - ppy Pty Ltd)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.90.826.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7464 - Realtek Semiconductor Corp.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version:  - Ubisoft - San Francisco)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skypeâ„¢ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SpeedRunners (HKLM\...\Steam App 207140) (Version:  - DoubleDutch Games)
Spotify (HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\Spotify) (Version: 1.0.42.151.g19de0aa6 - Spotify AB)
SrpnFiles (HKU\S-1-5-21-106863883-1702173518-3343362997-1000\...\SrpnFiles) (Version: 29.16.27 - hxxps://www.www.springfile.biz) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0266B6BF-DBED-4086-BE62-D3960C895654} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {4AF64568-2370-4D44-8E84-32947E2CC228} - System32\Tasks\SafeZone scheduled Autoupdate 1458732779 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {4EC7B42F-434D-47DA-B928-5444DD11BD52} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {57703C8B-5820-40D6-90BF-8FBC5B976727} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-26] (AVAST Software)
Task: {5EEEB016-3D7F-488B-B287-FDCF43BFAD69} - System32\Tasks\update-S-1-5-21-106863883-1702173518-3343362997-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {67382485-0A0A-49AB-9A65-2F1F3BAAD3A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-02] (Google Inc.)
Task: {712D0279-A4BA-45FB-A5A7-C7790BB337BB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {7DEF6C25-47DF-4D54-A4B3-E36C586AE7B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-02] (Google Inc.)
Task: {88329808-9E7D-4DE9-A882-77AA6AB4E3DD} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {BBEA7F0A-27C9-4062-A62D-10DE9383246B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {FBE5BD77-7AF8-425C-B9AC-3293BCE45E1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-106863883-1702173518-3343362997-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Leo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
ShortcutWithArgument: C:\Users\Leo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-23 16:26 - 2016-11-23 16:26 - 04240376 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\LeagueClient.exe
2016-11-23 16:26 - 2016-11-23 16:26 - 03196920 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\LeagueClientUx.exe
2016-09-26 14:32 - 2016-09-26 14:32 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-23 16:25 - 2016-11-23 16:25 - 03134984 _____ () C:\Program Files\AVAST Software\Avast\defs\16112300\algo.dll
2016-09-26 14:32 - 2016-09-26 14:32 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-09-26 14:32 - 2016-09-26 14:32 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 03319808 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-patcher\rcp-be-patcher.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 01022976 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-rso-auth\rcp-be-rso-auth.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 02516992 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-login\rcp-be-lol-login.dll
2016-11-23 16:26 - 2016-11-16 17:54 - 00556544 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-account-settings\rcp-be-lol-account-settings.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00582144 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-platform-config\rcp-be-lol-platform-config.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00681472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-summoner\rcp-be-lol-summoner.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00631808 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-ranked-stats\rcp-be-lol-ranked-stats.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00523776 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-maps\rcp-be-lol-maps.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00659456 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-game-queues\rcp-be-lol-game-queues.dll
2016-11-23 16:26 - 2016-11-23 16:26 - 00842752 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-gameflow\rcp-be-lol-gameflow.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00907264 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-player-preferences\rcp-be-lol-player-preferences.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00683520 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-game-settings\rcp-be-lol-game-settings.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00625664 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-settings\rcp-be-lol-settings.dll
2016-11-23 16:26 - 2016-11-23 16:26 - 00630272 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-sanitizer\rcp-be-sanitizer.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 02475520 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-chat\rcp-be-lol-chat.dll
2016-11-23 16:26 - 2016-11-23 16:26 - 00159224 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\libexpat.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 01988096 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-riot-messaging-service\rcp-be-lol-riot-messaging-service.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00534528 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-heartbeat\rcp-be-lol-heartbeat.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00558080 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-shutdown\rcp-be-lol-shutdown.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00583168 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-acs\rcp-be-lol-acs.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00604160 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-player-notifications\rcp-be-player-notifications.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00575488 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-loyalty\rcp-be-lol-loyalty.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 01119232 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-collections\rcp-be-lol-collections.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00932352 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-loot\rcp-be-lol-loot.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00529920 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-kr-shutdown-law\rcp-be-lol-kr-shutdown-law.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 01039872 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-lobby-team-builder\rcp-be-lol-lobby-team-builder.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00683008 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-queue-eligibility\rcp-be-lol-queue-eligibility.dll
2016-11-23 16:26 - 2016-11-23 16:26 - 01497600 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-lobby\rcp-be-lol-lobby.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00854016 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-license-agreement\rcp-be-lol-license-agreement.dll
2016-11-23 16:26 - 2016-11-23 16:26 - 01165824 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-champ-select-legacy\rcp-be-lol-champ-select-legacy.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00700416 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-champ-select\rcp-be-lol-champ-select.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00817664 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-matchmaking\rcp-be-lol-matchmaking.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00520704 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-kr-playtime-reminder\rcp-be-lol-kr-playtime-reminder.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00561664 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-game-client-chat\rcp-be-lol-game-client-chat.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00801792 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-end-of-game\rcp-be-lol-end-of-game.dll
2016-11-23 16:26 - 2016-11-16 17:54 - 00559616 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-active-boosts\rcp-be-lol-active-boosts.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00602112 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-kudos\rcp-be-lol-kudos.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00629760 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-parties\rcp-be-lol-parties.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00898048 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-leagues\rcp-be-lol-leagues.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00642560 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-pft\rcp-be-lol-pft.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00653824 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-player-behavior\rcp-be-lol-player-behavior.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00636416 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-suggested-players\rcp-be-lol-suggested-players.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00565760 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-service-status\rcp-be-lol-service-status.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00611840 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-leaver-buster\rcp-be-lol-leaver-buster.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00697856 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-match-history\rcp-be-lol-match-history.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00589312 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-team-boosts\rcp-be-lol-team-boosts.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00712192 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-recofriender\rcp-be-recofriender.dll
2016-11-23 16:26 - 2016-11-16 17:54 - 00803328 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-clubs\rcp-be-lol-clubs.dll
2016-11-23 16:26 - 2016-11-23 16:26 - 01705472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-clubs-public\rcp-be-lol-clubs-public.dll
2016-11-23 16:26 - 2016-11-16 17:54 - 00614400 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-esport-stream-notifications\rcp-be-lol-esport-stream-notifications.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00778752 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-replays\rcp-be-lol-replays.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00699904 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-store\rcp-be-lol-store.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00548352 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-player-level-up\rcp-be-lol-player-level-up.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00523776 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-tencent-qt\rcp-be-lol-tencent-qt.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00601088 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-beta-opt-in\rcp-be-lol-beta-opt-in.dll
2016-11-23 16:26 - 2016-11-22 19:15 - 00577024 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-lol-player-messaging\rcp-be-lol-player-messaging.dll
2016-11-23 16:26 - 2016-11-16 18:06 - 00524800 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\Plugins\rcp-be-network-testing\rcp-be-network-testing.dll
2016-11-23 16:26 - 2016-11-23 16:26 - 55617528 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\libcef.dll
2016-11-23 16:26 - 2016-11-23 16:26 - 01876472 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\libglesv2.dll
2016-11-23 16:26 - 2016-11-23 16:26 - 00022008 _____ () C:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.35\deploy\libegl.dll
2016-09-07 19:59 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Leo\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-09-07 19:59 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Leo\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll
2016-11-08 19:52 - 2016-11-08 19:52 - 17772736 _____ () C:\Users\Leo\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-106863883-1702173518-3343362997-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Leo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: Cobian Backup 11 interface => "C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe" -service
MSCONFIG\startupreg: Discord => C:\Users\Leo\AppData\Local\Discord\app-0.0.283\Discord.exe
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Leo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Leo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EAB7D260-2376-4593-A07E-79DA050CF554}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{29639252-D434-4F96-837A-8B1539E2E7DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{F7AC004E-F0BB-4FB1-9C1F-EA94686A09F0}C:\users\leo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\leo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{9BA2114C-FC25-441A-9FB1-5E0F11C46B36}C:\users\leo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\leo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A38AC127-5CC9-4821-A318-3A22126CCECB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{96156BDA-1B43-4A26-878F-E2FBA39912D1}C:\users\leo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\leo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2944FA50-4A8E-421D-B90C-7D7E824E1A04}C:\users\leo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\leo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F602C60C-83A8-4C7A-8BB8-58CE56556737}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B8E2373D-2783-4C94-8E6F-1233DC204DCF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{8EA2BA49-2A19-4FDF-A02E-D1E8CC4F1AE3}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{F9EAA24C-07DF-4D64-8788-5F3FFDECE6B4}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{C6FF7BEA-5BD4-405F-852D-B77517174A1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{7E2F8A90-4EA8-4341-8465-35C8DE8F85BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Nuclear Throne\nuclearthrone.exe
FirewallRules: [{7CBFDEB9-9CA6-4433-A345-CF9AB9CED1F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{8D4ED152-E5F5-4F14-AA1B-AE8FE25DEA3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{AD71B129-44DA-430E-A84C-F094C8A1AD64}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{99B6C772-FC86-44B7-9A9D-7B7122981984}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{05FA8359-236C-41BF-9B23-3D20B7591754}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{ADDE1AAB-950B-4187-94CF-DB8C916A8715}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{BCC5621E-0C1C-4066-9D09-ED88F0E20B9C}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5471DCDF-0E8C-457E-855F-ED78B93AFFD1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FEC1BF41-3EA6-4056-8C6D-7DE4861F09B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{A67C33EE-ABDC-4991-A90F-856095E476C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{3D2AD315-10C8-426D-8970-CC472A32AAEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{FF145645-D357-4E78-AD92-71306A9C38E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A0FD30F3-E562-46D6-8AC6-E3B68D3777A1}] => (Allow) C:\Users\Leo\Desktop\New folder (2)\forge.exe
FirewallRules: [{06DABAE4-56CF-4D11-AE31-72C5CF110C1B}] => (Allow) C:\Users\Leo\Desktop\New folder (2)\forge.exe
FirewallRules: [{A19FF757-F21E-43B6-B9A8-B6FFA996783D}] => (Allow) C:\Users\Leo\Desktop\New folder (2)\forge.exe
FirewallRules: [{AB4DC991-893F-4C0A-B5C1-076BFDF32DA7}] => (Allow) C:\Users\Leo\Desktop\New folder (2)\forge.exe
FirewallRules: [{6A1BC2BC-A2DB-4564-BABE-440B2A415A4C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C71FDF46-3AEC-44AF-9AF5-17FB0442B27F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{59278326-B3C7-4B1E-A74C-1851913D9693}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{36122CE3-2DDD-47E5-BDF5-4FECE2F60D43}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5FC4F8EF-880B-44B2-8AF8-8AEFB51DB7B4}] => (Allow) E:\Games\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{ABA7F500-E9F5-4B2C-899D-8353A5A63081}] => (Allow) E:\Games\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{4C275BD3-C3A7-4183-B8B4-50E708A730B1}] => (Allow) E:\Games\steamapps\common\Ori\ori.exe
FirewallRules: [{38739864-8F49-4729-932F-0B9EB179967D}] => (Allow) E:\Games\steamapps\common\Ori\ori.exe
FirewallRules: [{30C9A89A-6749-4CE9-824E-B6C40A02D908}] => (Allow) E:\Games\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{F9E2A59F-FD8E-4646-B134-FE99F4983B98}] => (Allow) E:\Games\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{CA1406CE-14C6-4483-8AE5-D98C34C6C295}] => (Allow) E:\Games\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{2B8CB558-45CA-404B-B46A-1047E5D889F6}] => (Allow) E:\Games\steamapps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{2F814A86-2473-470B-97FA-0DB0CEB4CD55}] => (Allow) E:\Games\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{13550D8A-B60A-49A7-966A-B2C1F75A76DD}] => (Allow) E:\Games\steamapps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{CC033B6E-88D7-48A6-AFFA-528F66D0CFF8}] => (Allow) E:\Games\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{22007688-A5C0-430F-B8CA-D32A916FE3A3}] => (Allow) E:\Games\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DA5F6ED2-F762-4178-90C5-83221C8F04B2}] => (Allow) E:\Games\steamapps\common\NBA 2K16\NBA2K16.exe
FirewallRules: [{8B046D42-C4E2-46F6-9EBD-B915ACF5751B}] => (Allow) E:\Games\steamapps\common\NBA 2K16\NBA2K16.exe
FirewallRules: [{A2F20302-0814-4060-B792-7CACBEA72E2E}] => (Allow) E:\Games\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{541842B2-4853-4216-AB5A-234231FFF807}] => (Allow) E:\Games\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{6F151445-8E99-409D-9D1A-6D72947B47A6}] => (Allow) E:\Games\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{E3313C7E-3AB4-4DBF-943B-2996E4B9BFAE}] => (Allow) E:\Games\steamapps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{F5F99195-2219-47F1-82E4-625C66FA3112}] => (Allow) E:\Games\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{426F5C95-4A7F-483C-8699-7596E92107B6}] => (Allow) E:\Games\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{7E893543-740E-4CA0-8053-060D42F1B4DF}] => (Allow) E:\Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{D29732EB-E2EA-43DA-8D77-612E6B6F47B5}] => (Allow) E:\Games\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{C573B83C-BB62-4739-8BAC-AB509CDF5E74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{AFF552D9-146D-48D4-9B19-150F6A8C3CDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{1A81EA7E-FA7F-463E-9179-3D2098C77705}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8914B3CD-AE7A-42FB-B2C2-3AF04376E83C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{916604B4-2046-4D1D-97FA-FEFED7464270}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
23-11-2016 16:36:15 ASU_MSI_TRAN
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/23/2016 04:24:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/22/2016 08:09:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/22/2016 07:39:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/22/2016 07:13:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/21/2016 07:50:45 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
Error: (11/21/2016 06:28:01 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
Error: (11/21/2016 05:31:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/20/2016 09:13:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/20/2016 03:46:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/19/2016 08:44:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/22/2016 08:14:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (11/22/2016 08:14:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (11/22/2016 08:09:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (11/22/2016 08:09:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (11/22/2016 08:09:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/22/2016 08:09:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (11/22/2016 08:09:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/22/2016 08:09:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Profile Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (11/22/2016 08:09:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
 
Error: (11/22/2016 08:09:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 260 Processor
Percentage of memory in use: 65%
Total physical RAM: 4082.17 MB
Available physical RAM: 1412.49 MB
Total Virtual: 8162.52 MB
Available Virtual: 5196.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:2.85 GB) NTFS
Drive e: (AMK) (Fixed) (Total:931.51 GB) (Free:718.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 03407B0C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BFD287EA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:16 AM

Posted 24 November 2016 - 08:33 AM

Alkai:

Thank you for your patience while I analyzed your FRST logs. Since I originally took your topic, I have graduated from Bleeping Computer Study Hall, so it is no longer required that I consult with a Malware Response Instructor when preparing my replies in this Forum, which will lead to quicker response times.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please go to the Control Panel, Programs and Features, locate and unintall SparkTrust. It is a fake PC Cleaner, which is blocked by Malwarebytes Anti-Malware Premium. More details on how to uninstall a program can be found at this link.

.

:step2: Please copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the folder where FRST64.exe is located: C:\Users\Leo\Desktop\Magic image packs

NOTE: It's important that both files, FRST64.exe and fixlist.txt are in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:
CloseProcesses:

Tcpip\..\Interfaces\{4E0B7E0E-EFD7-4E18-9066-8978B9EC2980}: [DhcpNameServer] 192.168.2.1
ManualProxies:
CMD: netsh int ip reset c:\resetlog.txt
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2015-04-02 12:18 - 2015-04-02 12:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

EmptyTemp:

Right click FRST/FRST64, and select "Run as Administrator".
Then press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste it into your reply.

.

:step2: You need to clear some disk space on your C: drive. It is generally recommended that, as a minimum, you have 10 to 15 percent of your C: drive available as free space. Otherwise, Windows will thrash around trying to create temporary files and cache files because of the limited free space.
 

Drive c: () (Fixed) (Total:111.69 GB) (Free:2.85 GB) NTFS


I have included an "EmptyTemp: file command in the FRST fixlist.txt script, but I suspect that you will have to also consider deleting, or moving some unnecessary files to your Drive E:, which has plenty of free space. I see that you have an older version of CCleaner installed. You should update that program and run the Cleaner module only. Please do not have it scan your registry. The use of registry "cleaners/optimizers" is not recommended by Bleeping Computer or Microsoft. Please see this informative link, written by Quietman7, one of Bleeping Computer's foremost experts, for more information.

.

:step3: Please reboot your computer and provide me with an update as to how it is working now. If you are still having issues with the computer, please provide me with as much detail as possible to enable me to help you as effectively as possible.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:16 AM

Posted 27 November 2016 - 06:56 AM

Alkai:

 

Do you still require assistance?  I have not received a response from you in three days.  If you don't respond in another two days, this topic will be closed, in accordance with the policy for this Forum.  You can always send a Moderator a Personal Message to have the topic reopened, if it is concluded.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,361 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:02:16 AM

Posted 29 November 2016 - 07:50 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users