Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sister installed adware not sure if gone


  • This topic is locked This topic is locked
61 replies to this topic

#1 nomore568

nomore568

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 20 November 2016 - 03:36 PM

My sister went on my computer when i didn't know and tried to install a game but instead installed a bunch of adware. I did a scan with malwarebyets and removed what it found but its still acting weird. Just need to see if there is still anything instaled.

 

here are the frst logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by Dareon (administrator) on OWNER-PC (20-11-2016 13:25:04)
Running from C:\Users\Dareon.Owner-PC\Desktop
Loaded Profiles: Dareon (Available Profiles: Dareon & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-Agent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Hammer & Chisel, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\Discord.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-11-10] (Valve Corporation)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334528 2016-08-03] (Echobit LLC)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [MurGee.com Auto Clicker] => C:\Users\Dareon.Owner-PC\AppData\Roaming\Auto Clicker\AutoClicker.exe [124072 2016-04-20] (MurGee.com)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [Discord] => C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [autopsy] => "C:\Program Files (x86)\unevenness\autopsy.exe"
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\DAREON~1.OWN\Desktop\3DMAZE~1.SCR
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-22] (Microsoft Corporation)
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sights.lnk [2016-11-10]
ShortcutTarget: sights.lnk -> C:\Program Files (x86)\adjunct\patronize.exe (No File)
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sights.lnk [2016-11-10]
ShortcutTarget: sights.lnk -> C:\Program Files (x86)\adjunct\patronize.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{611C0765-E2BE-4264-AF52-8D85DACACA25}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0b970e84
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0b970e84
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-0b970e84
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1871851679-1302881600-127590598-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1871851679-1302881600-127590598-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-08-06] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1871851679-1302881600-127590598-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF DefaultProfile: etio5tsa.default
FF ProfilePath: C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default [2016-11-20]
FF NewTab: Mozilla\Firefox\Profiles\etio5tsa.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\etio5tsa.default -> Search Provided by Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\etio5tsa.default -> Search Provided by Bing
FF Homepage: Mozilla\Firefox\Profiles\etio5tsa.default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-0b970e84
FF Keyword.URL: Mozilla\Firefox\Profiles\etio5tsa.default -> user_pref("keyword.URL", true);
FF Extension: (MEGA) - C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default\Extensions\firefox@mega.co.nz.xpi [2016-11-20]
FF Extension: (Adblock Plus) - C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28]
FF SearchPlugin: C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default\searchplugins\search provided by bing.xml [2016-11-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-03-11] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default [2016-10-13]
CHR Extension: (Google Drive) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
S2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-08-03] (Echobit LLC)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-08-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2016-08-03] (Echobit, LLC)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-16] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [133248 2016-07-06] (BigNox Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [27648 2016-08-31] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 13:25 - 2016-11-20 13:25 - 00014595 _____ C:\Users\Dareon.Owner-PC\Desktop\FRST.txt
2016-11-20 13:25 - 2016-11-20 13:25 - 00000000 ____D C:\FRST
2016-11-20 13:24 - 2016-11-20 13:24 - 02412544 _____ (Farbar) C:\Users\Dareon.Owner-PC\Desktop\FRST64.exe
2016-11-20 13:13 - 2016-11-20 13:18 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-11-20 13:13 - 2016-11-20 13:18 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-11-20 13:13 - 2016-11-20 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-11-20 13:13 - 2016-11-20 13:13 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-11-20 13:13 - 2016-11-11 13:47 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-11-11 13:47 - 2016-11-11 13:47 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys
2016-11-10 21:28 - 2016-11-02 08:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-10 21:28 - 2016-11-02 08:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-10 21:28 - 2016-11-02 08:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-10 21:28 - 2016-11-02 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-10 21:28 - 2016-11-02 08:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-10 21:28 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-10 21:28 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-10 21:28 - 2016-11-02 08:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-10 21:28 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-10 21:28 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-10 21:28 - 2016-10-27 20:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-10 21:28 - 2016-10-27 20:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-10 21:28 - 2016-10-27 12:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-10 21:28 - 2016-10-27 12:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-10 21:28 - 2016-10-27 11:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-10 21:28 - 2016-10-27 11:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-10 21:28 - 2016-10-27 11:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-10 21:28 - 2016-10-27 11:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-10 21:28 - 2016-10-27 11:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-10 21:28 - 2016-10-27 11:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-10 21:28 - 2016-10-27 11:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-10 21:28 - 2016-10-27 11:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-10 21:28 - 2016-10-27 11:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-10 21:28 - 2016-10-27 11:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-10 21:28 - 2016-10-27 11:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-10 21:28 - 2016-10-27 11:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-10 21:28 - 2016-10-27 11:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-10 21:28 - 2016-10-27 11:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-10 21:28 - 2016-10-27 11:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-10 21:28 - 2016-10-27 11:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-10 21:28 - 2016-10-27 11:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-10 21:28 - 2016-10-27 11:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-10 21:28 - 2016-10-27 11:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-10 21:28 - 2016-10-27 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-10 21:28 - 2016-10-27 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-10 21:28 - 2016-10-27 11:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-10 21:28 - 2016-10-27 11:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-10 21:28 - 2016-10-27 10:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-10 21:28 - 2016-10-27 10:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-10 21:28 - 2016-10-27 10:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-10 21:28 - 2016-10-27 10:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-10 21:28 - 2016-10-27 10:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-10 21:28 - 2016-10-27 10:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-10 21:28 - 2016-10-27 10:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-10 21:28 - 2016-10-27 10:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-10 21:28 - 2016-10-27 09:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-10 21:28 - 2016-10-27 08:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-10 21:28 - 2016-10-25 08:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-10 21:28 - 2016-10-22 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-10 21:28 - 2016-10-22 10:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-10 21:28 - 2016-10-22 10:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-10 21:28 - 2016-10-22 10:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-10 21:28 - 2016-10-22 10:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-10 21:28 - 2016-10-22 10:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-10 21:28 - 2016-10-22 10:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-10 21:28 - 2016-10-22 10:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-10 21:28 - 2016-10-22 10:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-10 21:28 - 2016-10-22 10:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-10 21:28 - 2016-10-22 10:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-10 21:28 - 2016-10-22 10:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-10 21:28 - 2016-10-22 10:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-10 21:28 - 2016-10-22 10:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-10 21:28 - 2016-10-22 10:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-10 21:28 - 2016-10-22 10:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-10 21:28 - 2016-10-22 09:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-10 21:28 - 2016-10-22 09:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-10 21:28 - 2016-10-22 09:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-10 21:28 - 2016-10-22 09:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-10 21:28 - 2016-10-22 09:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-10 21:28 - 2016-10-22 09:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-10 21:28 - 2016-10-22 09:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-10 21:28 - 2016-10-22 09:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-10 21:28 - 2016-10-22 09:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-10 21:28 - 2016-10-22 09:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-10 21:28 - 2016-10-22 09:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-10 21:28 - 2016-10-22 09:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-10 21:28 - 2016-10-22 09:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-10 21:28 - 2016-10-15 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-10 21:28 - 2016-10-15 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-10 21:28 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-10 21:28 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-10 21:28 - 2016-10-11 08:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-10 21:28 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-10 21:28 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-10 21:28 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-10 21:28 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-10 21:28 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-10 21:28 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-10 21:28 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-10 21:28 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-10 21:28 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-10 21:28 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-10 21:28 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-10 21:28 - 2016-10-10 08:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-10 21:28 - 2016-10-10 08:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-10 21:28 - 2016-10-10 08:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-10 21:28 - 2016-10-10 08:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-10 21:28 - 2016-10-10 08:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-10 21:28 - 2016-10-10 08:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-10 21:28 - 2016-10-10 08:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-10 21:28 - 2016-10-10 07:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-10 21:28 - 2016-10-10 07:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-10 21:28 - 2016-10-10 07:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-10 21:28 - 2016-10-10 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-10 21:28 - 2016-10-10 07:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-10 21:28 - 2016-10-10 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-10 21:28 - 2016-10-07 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-10 21:28 - 2016-10-07 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-10 21:28 - 2016-10-07 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-10 21:28 - 2016-10-07 08:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-10 21:28 - 2016-10-07 08:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-10 21:28 - 2016-10-07 08:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-10 21:28 - 2016-10-07 08:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-10 21:28 - 2016-10-07 08:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-10 21:28 - 2016-10-07 08:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-10 21:28 - 2016-10-07 08:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-10 21:28 - 2016-10-07 07:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-10 21:28 - 2016-10-07 07:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-10 21:28 - 2016-10-07 07:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-10 21:28 - 2016-10-07 07:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-10 21:28 - 2016-10-07 07:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-10 21:28 - 2016-10-07 07:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 07:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 07:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 07:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-10 21:28 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-10 21:28 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-10 21:28 - 2016-09-13 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-10 21:28 - 2016-09-13 08:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-10 21:28 - 2016-09-09 11:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-10 21:28 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-10 21:28 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-05 23:07 - 2016-11-05 23:07 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\ElevatedDiagnostics
2016-11-05 22:01 - 2016-11-05 22:18 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\SecondLife
2016-11-05 21:48 - 2016-11-05 21:48 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\{22A014FC-0608-7844-6B90-5DAC4FF8A134}
2016-11-05 21:44 - 2016-11-05 22:23 - 00000000 _____ C:\Users\Dareon.Owner-PC\AppData\Local\patronize.txt
2016-11-05 21:44 - 2016-11-05 21:44 - 19397312 _____ (Adobe Systems Incorporated) C:\Users\Dareon.Owner-PC\AppData\Local\install_flash_player_21_active_x.exe
2016-11-05 21:41 - 2016-11-05 22:18 - 00000000 ____D C:\Program Files (x86)\syslogsp
2016-11-05 21:39 - 2016-11-05 21:39 - 00192986 _____ C:\Users\Dareon.Owner-PC\AppData\Local\92654.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 00127661 _____ C:\Users\Dareon.Owner-PC\AppData\Local\44962.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 00054793 _____ C:\Users\Dareon.Owner-PC\AppData\Local\55308.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 00048402 _____ C:\Users\Dareon.Owner-PC\AppData\Local\78134.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 00034216 _____ C:\Users\Dareon.Owner-PC\AppData\Local\13189.exe
2016-11-04 17:20 - 2016-11-10 21:22 - 00000930 _____ C:\Users\Dareon.Owner-PC\Desktop\Remote osu! Keyboard Server.lnk
2016-11-04 17:20 - 2016-11-04 17:20 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Remote osu! Keyboard Server
2016-11-04 17:20 - 2016-11-04 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote osu! Keyboard Server
2016-11-04 17:20 - 2016-11-04 17:20 - 00000000 ____D C:\Program Files\Remote osu! Keyboard Server
2016-11-01 10:46 - 2016-11-01 10:46 - 00004608 _____ C:\Users\Dareon.Owner-PC\AppData\Local\dnow.exe
2016-10-29 16:11 - 2016-11-05 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-29 14:59 - 2016-11-05 21:39 - 00002414 ____R C:\Users\Dareon.Owner-PC\Desktop\Firеfох.lnk
2016-10-29 01:21 - 2016-10-29 04:17 - 00000000 ____D C:\Program Files (x86)\sysupdm
2016-10-29 01:12 - 2016-10-29 01:12 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\CrashRpt
2016-10-29 01:11 - 2016-10-29 04:17 - 00000000 ____D C:\Program Files (x86)\sysupdp
2016-10-29 00:53 - 2016-10-29 00:53 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Clever Endeavour Games
2016-10-25 20:35 - 2016-10-25 20:35 - 01728735 _____ C:\Users\Dareon.Owner-PC\Desktop\OptiFine_1.9.4_HD_U_B6.jar
2016-10-25 20:20 - 2016-10-25 20:20 - 00538640 _____ C:\Users\Dareon.Owner-PC\Desktop\NotEnoughItems-1.9.4-2.0.1.132-universal.jar
2016-10-25 20:20 - 2016-10-25 20:20 - 00151509 _____ C:\Users\Dareon.Owner-PC\Desktop\CodeChickenCore-1.9.4-2.0.4.71-universal.jar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-20 13:19 - 2016-09-24 15:47 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\LogMeIn Hamachi
2016-11-20 13:19 - 2016-08-02 15:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-20 13:19 - 2009-07-13 21:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-20 13:19 - 2009-07-13 21:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-20 13:17 - 2009-07-13 22:13 - 00862152 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-20 13:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-11-20 13:09 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-12 10:40 - 2014-05-23 09:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-12 03:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-11-12 02:57 - 2016-08-02 15:59 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Steam
2016-11-12 02:54 - 2009-07-13 21:45 - 00316320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-10 21:39 - 2014-05-21 11:49 - 00000000 ____D C:\Windows\system32\MRT
2016-11-10 21:32 - 2014-05-21 11:49 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-10 21:22 - 2016-09-25 14:03 - 00001798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-11-10 21:22 - 2016-09-20 21:37 - 00000997 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk
2016-11-10 21:22 - 2016-09-19 20:39 - 00001206 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Cloud Penguin (CuP).lnk
2016-11-10 21:22 - 2016-09-16 22:37 - 00002210 _____ C:\Users\Dareon.Owner-PC\Desktop\Discord.lnk
2016-11-10 21:22 - 2016-09-14 22:17 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-10 21:22 - 2016-09-10 22:38 - 00000954 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-11-10 21:22 - 2016-08-03 23:25 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2016-11-10 21:22 - 2016-08-02 15:57 - 00000957 _____ C:\Users\Public\Desktop\Steam.lnk
2016-11-10 21:22 - 2014-05-23 09:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-10 21:22 - 2014-05-23 09:00 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2016-11-10 21:22 - 2014-05-21 10:50 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-10 21:22 - 2014-05-21 10:50 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-10 21:22 - 2009-07-13 22:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-11-10 21:22 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-10 21:22 - 2009-07-13 21:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-11-10 21:22 - 2009-07-13 21:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-11-10 21:22 - 2009-07-13 21:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-11-10 21:22 - 2009-07-13 21:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-11-10 21:22 - 2009-07-13 21:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-11-10 21:12 - 2014-07-06 14:51 - 00000000 ____D C:\Program Files\Google
2016-11-10 21:12 - 2014-05-23 09:01 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-10 21:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2016-11-10 21:10 - 2016-08-02 12:55 - 00000000 ____D C:\Users\Dareon.Owner-PC
2016-11-05 22:21 - 2016-09-14 22:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-05 22:15 - 2016-08-02 12:57 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Google
2016-11-05 22:13 - 2014-05-23 08:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-05 21:44 - 2016-10-10 03:24 - 00000003 _____ C:\Users\Dareon.Owner-PC\AppData\Local\run1.txt
2016-11-04 17:39 - 2016-09-10 22:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\osu!
2016-10-31 17:01 - 2016-08-02 14:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\.minecraft
2016-10-30 21:18 - 2016-08-03 10:21 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Growtopia
2016-10-29 22:59 - 2014-05-23 09:22 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-29 22:59 - 2014-05-23 09:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-29 22:59 - 2014-05-23 09:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-29 22:59 - 2014-05-23 09:22 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-29 22:17 - 2016-08-06 02:07 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Adobe
2016-10-29 18:31 - 2016-08-24 11:28 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-10-29 04:17 - 2016-10-09 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-10-29 04:17 - 2016-10-04 23:43 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Raynes School bleep
2016-10-29 04:17 - 2016-10-04 23:42 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Video Stuff
2016-10-29 04:17 - 2016-10-04 23:41 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Hax
2016-10-29 04:17 - 2016-10-04 23:41 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\GAMES
2016-10-29 04:17 - 2016-10-02 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2016-10-29 04:17 - 2016-09-22 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortForward.com
2016-10-29 04:17 - 2016-09-20 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPadian
2016-10-29 04:17 - 2016-09-16 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-10-29 04:17 - 2016-09-16 22:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-10-29 04:17 - 2016-09-14 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-29 04:17 - 2016-09-05 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney PRO
2016-10-29 04:17 - 2016-09-02 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder
2016-10-29 04:17 - 2016-09-01 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2016-10-29 04:17 - 2016-08-30 18:18 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Games Folders With Shortcuts
2016-10-29 04:17 - 2016-08-25 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-10-29 04:17 - 2016-08-24 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloneDVD 7 Ultimate
2016-10-29 04:17 - 2016-08-24 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker
2016-10-29 04:17 - 2016-08-21 15:12 - 00000000 ____D C:\Users\DefaultAppPool
2016-10-29 04:17 - 2016-08-18 17:30 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-10-29 04:17 - 2016-08-08 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2016-10-29 04:17 - 2016-08-08 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2016-10-29 04:17 - 2016-08-06 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit)
2016-10-29 04:17 - 2016-08-06 00:01 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-29 04:17 - 2016-08-06 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-29 04:17 - 2016-08-04 04:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-29 04:17 - 2016-08-03 10:21 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Growtopia
2016-10-29 04:17 - 2016-08-02 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-10-29 04:17 - 2016-08-02 15:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-10-29 04:17 - 2016-08-02 12:47 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-10-29 04:17 - 2014-05-23 09:13 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2016-10-29 04:17 - 2014-05-23 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-10-29 04:17 - 2014-05-23 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-10-29 04:17 - 2014-05-23 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-10-29 04:17 - 2014-05-23 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-29 04:17 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-29 04:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-10-29 04:16 - 2016-08-02 15:16 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Roblox
2016-10-29 02:43 - 2016-10-20 23:24 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Emulators
2016-10-29 02:32 - 2016-10-13 15:45 - 00000623 _____ C:\DelFix.txt
2016-10-25 15:59 - 2016-08-02 15:16 - 00000250 _____ C:\Users\Dareon.Owner-PC\AppData\LocalLow\rbxcsettings.rbx

==================== Files in the root of some directories =======

2016-08-28 23:37 - 2011-10-09 15:33 - 0000468 _____ () C:\Program Files (x86)\cod5key.reg
2016-08-28 23:37 - 2012-05-26 20:00 - 0000076 _____ () C:\Program Files (x86)\update-codwaw.bat
2016-08-24 20:09 - 2016-08-24 20:09 - 0099384 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\inst.exe
2016-10-10 03:24 - 2016-10-10 03:24 - 0140288 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\Installer.dat
2016-08-24 20:09 - 2016-08-24 20:09 - 0007859 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.cat
2016-08-24 20:09 - 2016-08-24 20:09 - 0001167 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.inf
2016-08-24 20:11 - 2016-08-24 20:11 - 0000034 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.log
2016-08-24 20:09 - 2016-08-24 20:09 - 0082816 _____ (VSO Software) C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.sys
2016-11-05 21:39 - 2016-11-05 21:39 - 0034216 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\13189.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 0127661 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\44962.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 0054793 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\55308.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 0048402 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\78134.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 0192986 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\92654.exe
2016-11-01 10:46 - 2016-11-01 10:46 - 0004608 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\dnow.exe
2016-10-10 03:27 - 2016-10-10 03:27 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\icka76680988.txt
2016-11-05 21:44 - 2016-11-05 21:44 - 19397312 _____ (Adobe Systems Incorporated) C:\Users\Dareon.Owner-PC\AppData\Local\install_flash_player_21_active_x.exe
2016-11-05 21:44 - 2016-11-05 22:23 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\patronize.txt
2016-08-21 22:47 - 2016-09-15 23:42 - 0007608 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Resmon.ResmonCfg
2016-10-10 03:24 - 2016-11-05 21:44 - 0000003 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\run1.txt
2016-08-15 21:07 - 2016-08-15 21:07 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Sethmumu.config
2016-08-18 20:46 - 2016-08-18 20:46 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Sethmumudata

Some files in TEMP:
====================
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-1516726813749502842.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6088732685625691334.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\libeay32.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\msvcr120.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-06 01:44

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by Dareon (20-11-2016 13:26:17)
Running from C:\Users\Dareon.Owner-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-21 05:54:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1871851679-1302881600-127590598-500 - Administrator - Disabled)
Dareon (S-1-5-21-1871851679-1302881600-127590598-1004 - Administrator - Enabled) => C:\Users\Dareon.Owner-PC
Guest (S-1-5-21-1871851679-1302881600-127590598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1871851679-1302881600-127590598-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ArtMoney PRO v7.37.2 (HKLM-x32\...\ArtMoney PRO_is1) (Version: 7.37 - System SoftLab)
Auto Clicker v2.2 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 2.2 - MurGee.com)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
CloneDVD 7 Ultimate 7.0.0.13 (HKLM-x32\...\CloneDVD 7 Ultimate_is1) (Version:  - Copyright © 2003-2013 CloneDVD Studio.)
Cloud Penguin (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Cloud Penguin) (Version: 2.0.6077.31355 - Cloud Penguin) <==== ATTENTION
Cubic Castles (HKLM\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
Deepworld (HKLM\...\Steam App 340810) (Version:  - Bytebin)
Discord (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DvDrum, Ultimate Drum Simulator! (HKLM\...\Steam App 385130) (Version:  - DarkTigerDevelop)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Game Corp DX (HKLM\...\Steam App 399670) (Version:  - Endless Loop Studios)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Growtopia) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gunscape (HKLM\...\Steam App 342480) (Version:  - Blowfish Studios)
Invasion (HKLM\...\Steam App 397980) (Version:  - Hipix Studio)
iPadian version 1.5 (HKLM-x32\...\{0DB90A1C-2C08-429C-8595-FD9848121D28}_is1) (Version: 1.5 - iPadian, Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
K-Lite Codec Pack 10.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.3.2 (HKLM-x32\...\ManyCam) (Version: 5.3.2 - Visicom Media Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mumble 1.2.17 (HKLM-x32\...\{95A0093C-0C81-4D0B-BCA7-3CE11755A6BD}) (Version: 1.2.17 - Thorvald Natvig)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{23069a6e-7873-4eaa-95d8-8eeaa2277df7}) (Version: latest - ppy Pty Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.5.2 - Portforward, LLC)
Remote osu! Keyboard Server version 1.3.2 (HKLM\...\{50E9CD66-5078-4347-B801-B2759D6E1823}_is1) (Version: 1.3.2 - TimiimiT)
ROBLOX Player for Dareon (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Search & Kill ☠ (HKLM\...\Steam App 496550) (Version:  - Antonio Renna)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
Take Thy Throne (HKLM\...\Steam App 491260) (Version:  - Charyb Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.12.0.14 - GOG.com)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
Unity (HKLM-x32\...\Unity) (Version: 5.4.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
World of Fishing (HKLM\...\Steam App 421960) (Version:  - Masangsoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {50597F2B-7F9B-4EBF-A45F-16820A76D66C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-02] (AVAST Software)
Task: {74E5BDD4-8F06-403F-9852-BCD438190ADE} - \Adobe Flash Player Updater -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dareon.Owner-PC\Desktop\Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat ()
Shortcut: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()

==================== Loaded Modules (Whitelisted) ==============

2014-05-21 11:34 - 2015-01-30 17:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-29 00:06 - 2016-08-29 00:06 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2016-09-16 22:36 - 2016-08-24 16:49 - 01950392 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-09-16 22:37 - 2016-11-20 13:12 - 01058816 _____ () \\?\C:\Users\Dareon.Owner-PC\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-09-16 22:37 - 2016-11-20 13:12 - 03801088 _____ () \\?\C:\Users\Dareon.Owner-PC\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-09-16 22:37 - 2016-09-16 22:37 - 00894136 _____ () \\?\C:\Users\Dareon.Owner-PC\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-11-20 13:13 - 2016-11-20 13:13 - 00170496 _____ () \\?\C:\Users\Dareon.Owner-PC\AppData\Local\Temp\5427.tmp.node
2016-09-16 22:39 - 2016-10-20 13:39 - 02147328 _____ () \\?\C:\Users\Dareon.Owner-PC\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-11-05 21:44 - 00000158 ____A C:\Windows\system32\Drivers\etc\hosts

162.222.194.13       cocomo.tremorhub.com
162.222.194.13       www.virustotal.com
162.222.194.13       virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C3CA3AE-F6DB-4CAC-95B1-79C3DC1AE8AD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EC06B62F-C5ED-42F7-AB6B-5006C3FD3329}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7C838D96-9BC9-4C38-BF71-C39CA8FA79DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6064CD48-DD3A-436D-8E83-378F0D1D1739}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{887C8000-3D19-43F5-80C2-DFE726B0543A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E4A36240-280B-4EF3-AAE5-CE7F3D84FE28}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{38256F7F-6420-4638-BC55-BBBA6B3AA5D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA07E272-E042-48BF-940F-07B5245F870D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2661AB7F-77EC-4373-ABE8-9B5F8988EF57}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{D086C947-FEB6-4E29-9A89-48E05EEFFCFA}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{ECD9F389-0D13-45B9-957B-781097DB3BD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA35CFE9-9F6F-4CD3-B64F-0466DC7EDC3B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC86687A-C6E0-4C7D-8318-28240F2AE97C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{788F36D9-B2DC-4BBC-AE87-AF7A3DDBB649}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0DBFD4D2-5D53-4970-AAB1-802FFE7493D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7A4A63CD-36A4-4026-BAA5-3E246FF9373B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{13E43990-65AA-4B25-AB9B-F0A750F52E3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{632701DC-9C51-447B-9E3D-95FD5EC1257E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{A76B7E8E-7337-4C51-B220-61D44A16AE77}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{6BF169FE-0864-4696-9866-663C03899D03}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{F4BFE29F-BD2C-4298-A1D1-068F68106FFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4CB8FE0B-6946-4F15-9859-4CD67245CA59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{6FD0CF64-D51F-4753-BCB6-713C65BD5734}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => (Allow) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [UDP Query User{F9649EB4-4B22-4C0A-A4C0-12A3B46A56A6}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => (Allow) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [TCP Query User{149D9ED3-5DC3-4064-B296-86D52469A637}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [UDP Query User{D2353706-5EE4-42C8-98F6-3909B7970E86}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [TCP Query User{C24F22B6-C6D9-430D-9B4A-BA791614404A}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => (Block) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [UDP Query User{A345760C-E443-4289-A8EB-8A54874298CD}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => (Block) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [TCP Query User{9CCE880D-613F-498F-A622-D6B506307CA9}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{16EDE507-16FB-4FE2-BE21-BD37157A937E}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{CD302F64-D56D-4502-9DBE-610E6EFC3B12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{B3FE73F9-AE11-4652-9BFF-7B671F983093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{2F82F3B6-E580-4687-8632-94C3A19C0CF0}] => (Allow) C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{3EAD2782-CCA9-43BC-AE78-04E94BC245E6}] => (Allow) C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{28B15313-6BF8-481F-8555-E32A9FFB4791}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => (Block) C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [UDP Query User{7545ED8C-F38D-4EBB-BD2B-310DA2DA3D31}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => (Block) C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [TCP Query User{72C31600-854A-4543-B7C5-F35CD1CB8AC4}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => (Allow) C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [UDP Query User{19FCAF99-3AC4-47A5-BF8A-8F1FB4A7B93B}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => (Allow) C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [TCP Query User{AFC9A25C-005E-4410-A75E-23F480A71675}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => (Block) C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [UDP Query User{1A62C563-DF65-41ED-9AE7-3B79EE09BF6D}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => (Block) C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [{B149FE65-B357-43A1-8FB5-F8D56FECE352}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe
FirewallRules: [TCP Query User{74817B19-8173-4436-9EBF-603F12627027}C:\gmod\srcds.exe] => (Allow) C:\gmod\srcds.exe
FirewallRules: [UDP Query User{3479D91B-ED2E-49B6-A398-DD9B0B1EB254}C:\gmod\srcds.exe] => (Allow) C:\gmod\srcds.exe
FirewallRules: [TCP Query User{4CE927BC-C739-492C-8686-31331F32A275}C:\r.g. catalyst\portal 2\portal2.exe] => (Allow) C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [UDP Query User{DFF75790-4263-4206-8DF1-0D807560A5E7}C:\r.g. catalyst\portal 2\portal2.exe] => (Allow) C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [{9E6D9A77-853D-40FF-8854-F89690C90776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [{F3223D9B-1143-499C-B73A-FD257B5B8679}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [TCP Query User{CC384B08-2C04-42D0-A23D-88536D0DD20F}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{F7DBDE2A-E11E-44D5-83C7-1E2A86FAB42D}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{512613A0-F442-4780-9E5A-7A1B64702DCD}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{F7DB8A2F-F123-4B43-85F7-B0BA64A1D66E}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{701425F2-9292-4F3B-8F30-F7772C29F0BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum.exe
FirewallRules: [{ECC71869-44B2-4550-9CAE-7FB999AB37E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum.exe
FirewallRules: [{9D7C2325-E86A-4FE1-9DAB-38515A1E57EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{C080E38B-6094-48EB-A286-5B4625DC021E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{9EE2F839-654E-4AE2-A5E8-9172BBAC120A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A7F3BB33-4574-43C3-8117-62E89DEE2D48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A5845E2D-028E-4303-A56D-A509D5140F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{A751502D-0FB8-43EF-B44C-4270544A4E08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{1D7B3203-2375-4BF4-A8DF-97902B1A33B8}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{D44DE305-F85D-49C1-98CB-E709A1678995}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{88FA3859-576A-46AB-B1E4-5F4759AB6878}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{59214904-9DAD-484E-A913-D35195525D30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{1E1E9253-F703-4AD1-8FE2-3A6561F7AEE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{F86DD4E5-2982-435B-A712-5B3A9AC1F70B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{47B16EBC-20AB-40B5-9179-A7F5728B1B97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{6F69F0A5-1B25-4A17-A47F-927C23B12212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{BABDF178-9062-4F2E-BA59-0E41685A9511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{6EDF0FF1-0413-41C5-8B69-BF9F1F41C711}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{AB2735CE-6458-42DB-A8E2-CBE1FD6AC6F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{93422FF3-3DDE-4C27-BDD8-A9ECB1F284E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{FC9B8DF8-2191-42C3-B1CF-13D2516D506F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [{FFBE5C9E-8663-475A-AD52-B997D0E23205}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [TCP Query User{A59AA992-4361-4E18-ABBD-BB5B18C19FE8}C:\program files (x86)\mumble\murmur.exe] => (Block) C:\program files (x86)\mumble\murmur.exe
FirewallRules: [UDP Query User{547C6B98-B7F1-4CBE-BD55-89688476920A}C:\program files (x86)\mumble\murmur.exe] => (Block) C:\program files (x86)\mumble\murmur.exe
FirewallRules: [{D0307FB1-191A-4CA5-B596-3B2FB116F922}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe
FirewallRules: [TCP Query User{CBAB2894-73BA-4C53-B9EC-1774DE5199CF}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{677962BC-31AF-493C-98E9-2253FEA140AC}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [{B286C7E0-28F3-4C4F-93AA-68D6DF3534AC}] => (Allow) C:\Program Files\Remote osu! Keyboard Server\Ro!KS.exe
FirewallRules: [{259DD9A5-EA37-478D-97F6-EC16B0C8A08A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜獹潬獧屰祓䱳杯偳攮數
FirewallRules: [{D0689789-2C0E-470F-B2D2-E803FB559945}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜獹潬獧屰祓䱳杯偳⹟硥e
FirewallRules: [{E3100AF9-CFE7-4A4A-B623-9C555460F4D8}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe
FirewallRules: [{8BD89251-ADC1-426A-B39E-D9EAE437E193}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe
FirewallRules: [{70FCB4FA-05BF-4B77-BD38-9495138DB412}] => (Allow) C:\Program Files (x86)\adjunct\patronize.exe
FirewallRules: [TCP Query User{82B09CB9-838C-43C3-9BC1-89A05E3055B0}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{D203FD8A-3C9D-4817-AF8D-F0E71AD45D76}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{2155D6CE-4815-4B7B-958F-B94C1612C027}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-10-2016 02:31:39 End of disinfection
06-11-2016 01:51:31 Scheduled Checkpoint
10-11-2016 21:31:11 Windows Update

==================== Faulty Device Manager Devices =============

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/20/2016 01:11:47 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (11/12/2016 03:44:35 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/10/2016 09:08:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).

Error: (11/05/2016 10:17:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP.exe, version: 12.1.1.1, time stamp: 0x58187ec9
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0x21e4
Faulting application start time: 0x01d237ed079346f8
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: 5b8451f8-a3e0-11e6-97b1-94fbb221c4f3

Error: (11/05/2016 10:13:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/05/2016 10:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP.exe, version: 12.1.1.1, time stamp: 0x58187ec9
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0xbd4
Faulting application start time: 0x01d237ea87e3b5c0
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: cccaa2b0-a3de-11e6-97b1-94fbb221c4f3

Error: (11/05/2016 09:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP.exe, version: 12.1.1.1, time stamp: 0x58187ec9
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0x1a58
Faulting application start time: 0x01d237e915647350
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: 6aeb3470-a3dd-11e6-97b1-94fbb221c4f3

Error: (11/05/2016 09:56:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP_.exe, version: 12.1.1.1, time stamp: 0x58187e93
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0x110c
Faulting application start time: 0x01d237e909bbd4d0
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP_.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: 5b1eb5d0-a3dd-11e6-97b1-94fbb221c4f3

Error: (11/05/2016 09:48:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP.exe, version: 12.1.1.1, time stamp: 0x58187ec9
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0x133c
Faulting application start time: 0x01d237e80df2bd30
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: 4f45fc10-a3dc-11e6-97b1-94fbb221c4f3

Error: (11/05/2016 09:48:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP_.exe, version: 12.1.1.1, time stamp: 0x58187e93
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0xe70
Faulting application start time: 0x01d237e80df24800
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP_.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: 41163d80-a3dc-11e6-97b1-94fbb221c4f3


System errors:
=============
Error: (11/20/2016 01:13:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/20/2016 01:10:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SCP DS3 Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/20/2016 01:10:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SCP DS3 Service service to connect.

Error: (11/12/2016 02:57:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/12/2016 02:57:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (11/10/2016 09:25:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/05/2016 10:14:54 PM) (Source: DCOM) (EventID: 10016) (User: Owner-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user Owner-PC\Dareon SID (S-1-5-21-1871851679-1302881600-127590598-1004) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/05/2016 09:43:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {ABC01078-F197-4B0B-ADBC-CFE684B39C82} did not register with DCOM within the required timeout.

Error: (11/01/2016 08:15:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (10/31/2016 07:54:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2016-11-20 13:09:36.576
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-20 13:09:36.405
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-12 11:09:50.155
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-12 11:09:49.968
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-12 10:40:03.530
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-12 10:40:03.342
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-12 02:54:26.442
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-12 02:54:26.224
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-12 02:52:06.163
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-12 02:52:05.992
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250u Processor
Percentage of memory in use: 43%
Total physical RAM: 3839.37 MB
Available physical RAM: 2174.61 MB
Total Virtual: 7676.92 MB
Available Virtual: 5970.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:373.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 311F8258)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:22 PM

Posted 20 November 2016 - 04:36 PM

Hello nomore568 and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Logs to include with next post:

AdwCleaner log
RKreport.txt
JRT.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 20 November 2016 - 06:28 PM

# AdwCleaner v6.030 - Logfile created 20/11/2016 at 16:23:32
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-20.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Dareon - OWNER-PC
# Running from : C:\Users\Dareon.Owner-PC\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\govids.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.govids.net


***** [ Web browsers ] *****

[-] [C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: chklaanhfefbnpoihckbnefhakgolnmc


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1274 Bytes] - [20/11/2016 16:23:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [1563 Bytes] - [20/11/2016 16:22:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1420 Bytes] ##########
 



#4 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 20 November 2016 - 06:35 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Dareon (Administrator) on Sun 11/20/2016 at 16:29:20.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 27

Successfully deleted: C:\Program Files (x86)\google\chrome\application\chrome.bat (File)
Successfully deleted: C:\Program Files (x86)\internet explorer\iexplore.bat (File)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1B0U326C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44ZTQ7OQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72GIAR7Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PCG5Q0K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHAOT1IZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DR5N2K4M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYF5ACHL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3L6MI1B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MO8TNW61 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGEQ9G4N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4VN729I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dareon.Owner-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTYT522H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1B0U326C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44ZTQ7OQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\72GIAR7Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PCG5Q0K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BHAOT1IZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DR5N2K4M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYF5ACHL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L3L6MI1B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MO8TNW61 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGEQ9G4N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4VN729I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTYT522H (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/20/2016 at 16:34:08.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#5 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 20 November 2016 - 07:27 PM

RogueKiller V12.8.1.0 (x64) [Nov 14 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dareon [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/20/2016 16:37:47 (Duration : 00:33:35)

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] ManyCamService.exe(1636) -- C:\ProgramData\ManyCam\Service\ManyCamService.exe[7] -> Found
[Suspicious.Path] (SVC) ManyCam Service -- C:\ProgramData\ManyCam\Service\ManyCamService.exe[7] -> Found

¤¤¤ Registry : 17 ¤¤¤
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3} (C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\RobloxProxy64.dll) -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\IM -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\IM -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ManyCam Service (C:\ProgramData\ManyCam\Service\ManyCamService.exe) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ManyCam Service (C:\ProgramData\ManyCam\Service\ManyCamService.exe) -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Main | Start Page :
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D0307FB1-191A-4CA5-B596-3B2FB116F922} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe,-10000| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E3100AF9-CFE7-4A4A-B623-9C555460F4D8} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe,-10000| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8BD89251-ADC1-426A-B39E-D9EAE437E193} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe|Name=A6893425|Desc=Allow|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe,-10000| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D0307FB1-191A-4CA5-B596-3B2FB116F922} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe,-10000| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E3100AF9-CFE7-4A4A-B623-9C555460F4D8} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe,-10000| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8BD89251-ADC1-426A-B39E-D9EAE437E193} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe|Name=A6893425|Desc=Allow|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe,-10000| [x] -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] etio5tsa.default : user_pref("browser.search.selectedEngine", "Search Provided by Bing"); -> Found
[PUM.SearchEngine][Firefox:Config] etio5tsa.default : user_pref("browser.search.defaultenginename", "Search Provided by Bing"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721064CLA SCSI Disk Device +++++
--- User ---
[MBR] fa4522d660170674e77006f989f3a967
[BSP] 86f8c5f72cde3154c43b52894df670e2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- SD/MMC/MS/MSPRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 



#6 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:22 PM

Posted 21 November 2016 - 03:21 AM

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan, click on Scan
  • click on the click on the “Registry” tab
  • make sure the following entries there are checked:


    [PUP] (X64) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\IM -> Found
    [PUP] (X86) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\IM -> Found
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
    [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Main | Start Page :
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Main | Start Page :
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D0307FB1-191A-4CA5-B596-3B2FB116F922} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe,-10000| [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E3100AF9-CFE7-4A4A-B623-9C555460F4D8} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe,-10000| [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8BD89251-ADC1-426A-B39E-D9EAE437E193} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe|Name=A6893425|Desc=Allow|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe,-10000| [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D0307FB1-191A-4CA5-B596-3B2FB116F922} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe,-10000| [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E3100AF9-CFE7-4A4A-B623-9C555460F4D8} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe,-10000| [x] -> Found
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8BD89251-ADC1-426A-B39E-D9EAE437E193} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe|Name=A6893425|Desc=Allow|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe,-10000| [x] -> Found

 

  • then press the Delete button and post the log it produces.

===================================================

Run Farbar Recovery Scan Tool

 

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

 

Logs to include with next post:

RogueKiller log
New Frst.txt
New Addition.txt


Thanks

Satchfan


Edited by satchfan, 21 November 2016 - 03:29 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 21 November 2016 - 01:41 PM

RogueKiller V12.8.1.0 (x64) [Nov 14 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dareon [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 11/21/2016 11:00:18 (Duration : 00:33:03)

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] ManyCamService.exe(2312) -- C:\ProgramData\ManyCam\Service\ManyCamService.exe[7] -> Found
[Suspicious.Path] (SVC) ManyCam Service -- C:\ProgramData\ManyCam\Service\ManyCamService.exe[7] -> Found

¤¤¤ Registry : 17 ¤¤¤
[Suspicious.Path] (X64) HKEY_CLASSES_ROOT\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3} (C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\RobloxProxy64.dll) -> Not selected
[PUP] (X64) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\IM -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\IM -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ManyCam Service (C:\ProgramData\ManyCam\Service\ManyCamService.exe) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ManyCam Service (C:\ProgramData\ManyCam\Service\ManyCamService.exe) -> Not selected
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Deleted
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1871851679-1302881600-127590598-1004\Software\Microsoft\Internet Explorer\Main | Start Page :
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D0307FB1-191A-4CA5-B596-3B2FB116F922} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe,-10000| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E3100AF9-CFE7-4A4A-B623-9C555460F4D8} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe,-10000| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8BD89251-ADC1-426A-B39E-D9EAE437E193} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe|Name=A6893425|Desc=Allow|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe,-10000| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D0307FB1-191A-4CA5-B596-3B2FB116F922} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnowyes.exe,-10000| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E3100AF9-CFE7-4A4A-B623-9C555460F4D8} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe|Name=ddnowyes|Desc=Allow internet|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\ddnow.exe,-10000| [x] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {8BD89251-ADC1-426A-B39E-D9EAE437E193} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe|Name=A6893425|Desc=Allow|EmbedCtxt=@C:\Users\Dareon.Owner-PC\AppData\Local\6893425.exe,-10000| [x] -> Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.SearchEngine][Firefox:Config] etio5tsa.default : user_pref("browser.search.selectedEngine", "Search Provided by Bing"); -> Not selected
[PUM.SearchEngine][Firefox:Config] etio5tsa.default : user_pref("browser.search.defaultenginename", "Search Provided by Bing"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721064CLA SCSI Disk Device +++++
--- User ---
[MBR] fa4522d660170674e77006f989f3a967
[BSP] 86f8c5f72cde3154c43b52894df670e2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 610378 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- SD/MMC/MS/MSPRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 



#8 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 21 November 2016 - 01:44 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
Ran by Dareon (administrator) on OWNER-PC (21-11-2016 11:41:59)
Running from C:\Users\Dareon.Owner-PC\Desktop
Loaded Profiles: Dareon (Available Profiles: Dareon & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [RazerCortex] => C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-11-10] (Valve Corporation)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334528 2016-08-03] (Echobit LLC)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [MurGee.com Auto Clicker] => C:\Users\Dareon.Owner-PC\AppData\Roaming\Auto Clicker\AutoClicker.exe [124072 2016-04-20] (MurGee.com)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [Discord] => C:\Users\Dareon.Owner-PC\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Run: [autopsy] => "C:\Program Files (x86)\unevenness\autopsy.exe"
HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\DAREON~1.OWN\Desktop\3DMAZE~1.SCR
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-22] (Microsoft Corporation)
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sights.lnk [2016-11-10]
ShortcutTarget: sights.lnk -> C:\Program Files (x86)\adjunct\patronize.exe (No File)
Startup: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sights.lnk [2016-11-10]
ShortcutTarget: sights.lnk -> C:\Program Files (x86)\adjunct\patronize.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{611C0765-E2BE-4264-AF52-8D85DACACA25}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1871851679-1302881600-127590598-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1871851679-1302881600-127590598-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0b970e84&q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-08-06] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1871851679-1302881600-127590598-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

FireFox:
========
FF DefaultProfile: etio5tsa.default
FF ProfilePath: C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default [2016-11-21]
FF NewTab: Mozilla\Firefox\Profiles\etio5tsa.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\etio5tsa.default -> Search Provided by Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\etio5tsa.default -> Search Provided by Bing
FF Homepage: Mozilla\Firefox\Profiles\etio5tsa.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\etio5tsa.default -> user_pref("keyword.URL", true);
FF Extension: (MEGA) - C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default\Extensions\firefox@mega.co.nz.xpi [2016-11-20]
FF Extension: (Adblock Plus) - C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Profiles\etio5tsa.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-29] ()
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-29] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @nsroblox.roblox.com/launcher64 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1871851679-1302881600-127590598-1004: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dareon.Owner-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default [2016-10-13]
CHR Extension: (Google Drive) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Dareon.Owner-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
S2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2016-08-03] (Echobit LLC)
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-08-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2016-08-29] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2016-08-03] (Echobit, LLC)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-09-16] (NVIDIA Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [133248 2016-07-06] (BigNox Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [27648 2016-08-31] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-21 07:01 - 2016-11-21 07:01 - 00415529 _____ C:\Users\Dareon.Owner-PC\Downloads\Messenger.htmMP.htm
2016-11-21 07:01 - 2016-11-21 07:01 - 00000000 ____D C:\Users\Dareon.Owner-PC\Downloads\Messenger.htmMP_files
2016-11-20 16:37 - 2016-11-21 11:00 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-20 16:37 - 2016-11-20 16:37 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-20 16:37 - 2016-11-20 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-20 16:37 - 2016-11-20 16:37 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-20 16:36 - 2016-11-20 19:03 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-20 16:34 - 2016-11-20 16:34 - 00004877 _____ C:\Users\Dareon.Owner-PC\Desktop\JRT.txt
2016-11-20 16:20 - 2016-11-20 16:23 - 00000000 ____D C:\AdwCleaner
2016-11-20 16:19 - 2016-11-20 16:21 - 34176608 _____ (Adlice Software ) C:\Users\Dareon.Owner-PC\Desktop\setup.exe
2016-11-20 16:19 - 2016-11-20 16:19 - 01631928 _____ (Malwarebytes) C:\Users\Dareon.Owner-PC\Desktop\JRT.exe
2016-11-20 16:18 - 2016-11-20 16:19 - 03910208 _____ C:\Users\Dareon.Owner-PC\Desktop\adwcleaner_6.030.exe
2016-11-20 13:40 - 2016-11-21 11:00 - 00006360 _____ C:\Users\Dareon.Owner-PC\Desktop\post.txt
2016-11-20 13:26 - 2016-11-20 13:27 - 00042364 _____ C:\Users\Dareon.Owner-PC\Desktop\Addition.txt
2016-11-20 13:25 - 2016-11-21 11:41 - 00013340 _____ C:\Users\Dareon.Owner-PC\Desktop\FRST.txt
2016-11-20 13:25 - 2016-11-21 11:41 - 00000000 ____D C:\FRST
2016-11-20 13:24 - 2016-11-20 13:24 - 02412544 _____ (Farbar) C:\Users\Dareon.Owner-PC\Desktop\FRST64.exe
2016-11-20 13:13 - 2016-11-20 16:23 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn Hamachi
2016-11-20 13:13 - 2016-11-20 16:23 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn Hamachi
2016-11-20 13:13 - 2016-11-20 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2016-11-20 13:13 - 2016-11-20 13:13 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2016-11-20 13:13 - 2016-11-11 13:47 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2016-11-11 13:47 - 2016-11-11 13:47 - 00034720 ____H (LogMeIn, Inc.) C:\Windows\system32\Drivers\hamachi.sys
2016-11-10 21:28 - 2016-11-02 08:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-10 21:28 - 2016-11-02 08:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-10 21:28 - 2016-11-02 08:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-10 21:28 - 2016-11-02 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-10 21:28 - 2016-11-02 08:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-10 21:28 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-10 21:28 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-10 21:28 - 2016-11-02 08:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-10 21:28 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-10 21:28 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-10 21:28 - 2016-10-27 20:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-10 21:28 - 2016-10-27 20:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-10 21:28 - 2016-10-27 12:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-10 21:28 - 2016-10-27 12:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-10 21:28 - 2016-10-27 11:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-10 21:28 - 2016-10-27 11:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-10 21:28 - 2016-10-27 11:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-10 21:28 - 2016-10-27 11:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-10 21:28 - 2016-10-27 11:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-10 21:28 - 2016-10-27 11:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-10 21:28 - 2016-10-27 11:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-10 21:28 - 2016-10-27 11:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-10 21:28 - 2016-10-27 11:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-10 21:28 - 2016-10-27 11:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-10 21:28 - 2016-10-27 11:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-10 21:28 - 2016-10-27 11:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-10 21:28 - 2016-10-27 11:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-10 21:28 - 2016-10-27 11:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-10 21:28 - 2016-10-27 11:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-10 21:28 - 2016-10-27 11:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-10 21:28 - 2016-10-27 11:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-10 21:28 - 2016-10-27 11:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-10 21:28 - 2016-10-27 11:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-10 21:28 - 2016-10-27 11:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-10 21:28 - 2016-10-27 11:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-10 21:28 - 2016-10-27 11:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-10 21:28 - 2016-10-27 11:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-10 21:28 - 2016-10-27 10:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-10 21:28 - 2016-10-27 10:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-10 21:28 - 2016-10-27 10:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-10 21:28 - 2016-10-27 10:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-10 21:28 - 2016-10-27 10:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-10 21:28 - 2016-10-27 10:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-10 21:28 - 2016-10-27 10:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-10 21:28 - 2016-10-27 10:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-10 21:28 - 2016-10-27 09:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-10 21:28 - 2016-10-27 08:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-10 21:28 - 2016-10-25 08:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-10 21:28 - 2016-10-22 10:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-10 21:28 - 2016-10-22 10:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-10 21:28 - 2016-10-22 10:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-10 21:28 - 2016-10-22 10:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-10 21:28 - 2016-10-22 10:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-10 21:28 - 2016-10-22 10:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-10 21:28 - 2016-10-22 10:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-10 21:28 - 2016-10-22 10:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-10 21:28 - 2016-10-22 10:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-10 21:28 - 2016-10-22 10:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-10 21:28 - 2016-10-22 10:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-10 21:28 - 2016-10-22 10:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-10 21:28 - 2016-10-22 10:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-10 21:28 - 2016-10-22 10:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-10 21:28 - 2016-10-22 10:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-10 21:28 - 2016-10-22 10:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-10 21:28 - 2016-10-22 09:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-10 21:28 - 2016-10-22 09:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-10 21:28 - 2016-10-22 09:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-10 21:28 - 2016-10-22 09:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-10 21:28 - 2016-10-22 09:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-10 21:28 - 2016-10-22 09:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-10 21:28 - 2016-10-22 09:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-10 21:28 - 2016-10-22 09:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-10 21:28 - 2016-10-22 09:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-10 21:28 - 2016-10-22 09:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-10 21:28 - 2016-10-22 09:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-10 21:28 - 2016-10-22 09:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-10 21:28 - 2016-10-22 09:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-10 21:28 - 2016-10-15 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-10 21:28 - 2016-10-15 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-10 21:28 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-10 21:28 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-10 21:28 - 2016-10-11 08:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-10 21:28 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-10 21:28 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-10 21:28 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-10 21:28 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-10 21:28 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-10 21:28 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-10 21:28 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-10 21:28 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-10 21:28 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-10 21:28 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-10 21:28 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-10 21:28 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-10 21:28 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-10 21:28 - 2016-10-10 08:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-10 21:28 - 2016-10-10 08:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-10 21:28 - 2016-10-10 08:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-10 21:28 - 2016-10-10 08:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-10 21:28 - 2016-10-10 08:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-10 21:28 - 2016-10-10 08:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-10 21:28 - 2016-10-10 08:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-10 21:28 - 2016-10-10 08:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-10 21:28 - 2016-10-10 08:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-10 21:28 - 2016-10-10 07:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-10 21:28 - 2016-10-10 07:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-10 21:28 - 2016-10-10 07:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-10 21:28 - 2016-10-10 07:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-10 21:28 - 2016-10-10 07:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-10 21:28 - 2016-10-10 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-10 21:28 - 2016-10-07 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-10 21:28 - 2016-10-07 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-10 21:28 - 2016-10-07 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-10 21:28 - 2016-10-07 08:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-10 21:28 - 2016-10-07 08:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-10 21:28 - 2016-10-07 08:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 08:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-10 21:28 - 2016-10-07 08:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-10 21:28 - 2016-10-07 08:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-10 21:28 - 2016-10-07 08:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-10 21:28 - 2016-10-07 08:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-10 21:28 - 2016-10-07 07:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-10 21:28 - 2016-10-07 07:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-10 21:28 - 2016-10-07 07:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-10 21:28 - 2016-10-07 07:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-10 21:28 - 2016-10-07 07:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-10 21:28 - 2016-10-07 07:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 07:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 07:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-10 21:28 - 2016-10-07 07:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-10 21:28 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-10 21:28 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-10 21:28 - 2016-09-13 08:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-10 21:28 - 2016-09-13 08:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-10 21:28 - 2016-09-09 11:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-10 21:28 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-10 21:28 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-05 23:07 - 2016-11-05 23:07 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\ElevatedDiagnostics
2016-11-05 22:01 - 2016-11-05 22:18 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\SecondLife
2016-11-05 21:48 - 2016-11-05 21:48 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\{22A014FC-0608-7844-6B90-5DAC4FF8A134}
2016-11-05 21:44 - 2016-11-05 22:23 - 00000000 _____ C:\Users\Dareon.Owner-PC\AppData\Local\patronize.txt
2016-11-05 21:44 - 2016-11-05 21:44 - 19397312 _____ (Adobe Systems Incorporated) C:\Users\Dareon.Owner-PC\AppData\Local\install_flash_player_21_active_x.exe
2016-11-05 21:41 - 2016-11-05 22:18 - 00000000 ____D C:\Program Files (x86)\syslogsp
2016-11-05 21:39 - 2016-11-05 21:39 - 00192986 _____ C:\Users\Dareon.Owner-PC\AppData\Local\92654.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 00127661 _____ C:\Users\Dareon.Owner-PC\AppData\Local\44962.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 00054793 _____ C:\Users\Dareon.Owner-PC\AppData\Local\55308.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 00048402 _____ C:\Users\Dareon.Owner-PC\AppData\Local\78134.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 00034216 _____ C:\Users\Dareon.Owner-PC\AppData\Local\13189.exe
2016-11-04 17:20 - 2016-11-10 21:22 - 00000930 _____ C:\Users\Dareon.Owner-PC\Desktop\Remote osu! Keyboard Server.lnk
2016-11-04 17:20 - 2016-11-04 17:20 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Remote osu! Keyboard Server
2016-11-04 17:20 - 2016-11-04 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote osu! Keyboard Server
2016-11-04 17:20 - 2016-11-04 17:20 - 00000000 ____D C:\Program Files\Remote osu! Keyboard Server
2016-11-01 10:46 - 2016-11-01 10:46 - 00004608 _____ C:\Users\Dareon.Owner-PC\AppData\Local\dnow.exe
2016-10-29 16:11 - 2016-11-05 22:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-29 14:59 - 2016-11-05 21:39 - 00002414 ____R C:\Users\Dareon.Owner-PC\Desktop\Firеfох.lnk
2016-10-29 01:21 - 2016-10-29 04:17 - 00000000 ____D C:\Program Files (x86)\sysupdm
2016-10-29 01:11 - 2016-10-29 04:17 - 00000000 ____D C:\Program Files (x86)\sysupdp
2016-10-29 00:53 - 2016-10-29 00:53 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\LocalLow\Clever Endeavour Games
2016-10-25 20:35 - 2016-10-25 20:35 - 01728735 _____ C:\Users\Dareon.Owner-PC\Desktop\OptiFine_1.9.4_HD_U_B6.jar
2016-10-25 20:20 - 2016-10-25 20:20 - 00538640 _____ C:\Users\Dareon.Owner-PC\Desktop\NotEnoughItems-1.9.4-2.0.1.132-universal.jar
2016-10-25 20:20 - 2016-10-25 20:20 - 00151509 _____ C:\Users\Dareon.Owner-PC\Desktop\CodeChickenCore-1.9.4-2.0.4.71-universal.jar

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-21 11:02 - 2009-07-13 21:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-21 11:02 - 2009-07-13 21:45 - 00023376 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-21 10:59 - 2014-05-23 09:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-21 10:59 - 2009-07-13 22:13 - 00862152 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-21 10:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-11-21 10:54 - 2016-09-24 15:47 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\LogMeIn Hamachi
2016-11-21 10:53 - 2016-08-02 15:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-21 10:53 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-21 02:15 - 2014-05-23 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-11-21 02:11 - 2016-08-02 12:57 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Google
2016-11-12 03:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-11-12 02:57 - 2016-08-02 15:59 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Steam
2016-11-12 02:54 - 2009-07-13 21:45 - 00316320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-10 21:39 - 2014-05-21 11:49 - 00000000 ____D C:\Windows\system32\MRT
2016-11-10 21:32 - 2014-05-21 11:49 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-10 21:22 - 2016-09-25 14:03 - 00001798 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-11-10 21:22 - 2016-09-20 21:37 - 00000997 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPadian.lnk
2016-11-10 21:22 - 2016-09-19 20:39 - 00001206 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Cloud Penguin (CuP).lnk
2016-11-10 21:22 - 2016-09-16 22:37 - 00002210 _____ C:\Users\Dareon.Owner-PC\Desktop\Discord.lnk
2016-11-10 21:22 - 2016-09-14 22:17 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-10 21:22 - 2016-09-10 22:38 - 00000954 _____ C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk
2016-11-10 21:22 - 2016-08-03 23:25 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolve.lnk
2016-11-10 21:22 - 2016-08-02 15:57 - 00000957 _____ C:\Users\Public\Desktop\Steam.lnk
2016-11-10 21:22 - 2014-05-23 09:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-11-10 21:22 - 2014-05-23 09:00 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2016-11-10 21:22 - 2014-05-21 10:50 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-10 21:22 - 2014-05-21 10:50 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-10 21:22 - 2009-07-13 22:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-11-10 21:22 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-10 21:22 - 2009-07-13 21:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-11-10 21:22 - 2009-07-13 21:57 - 00001330 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-11-10 21:22 - 2009-07-13 21:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-11-10 21:22 - 2009-07-13 21:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-11-10 21:22 - 2009-07-13 21:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-11-10 21:12 - 2014-07-06 14:51 - 00000000 ____D C:\Program Files\Google
2016-11-10 21:12 - 2014-05-23 09:01 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-10 21:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\tracing
2016-11-10 21:10 - 2016-08-02 12:55 - 00000000 ____D C:\Users\Dareon.Owner-PC
2016-11-05 22:21 - 2016-09-14 22:18 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-05 22:13 - 2014-05-23 08:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-05 21:44 - 2016-10-10 03:24 - 00000003 _____ C:\Users\Dareon.Owner-PC\AppData\Local\run1.txt
2016-11-04 17:39 - 2016-09-10 22:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\osu!
2016-10-31 17:01 - 2016-08-02 14:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\.minecraft
2016-10-30 21:18 - 2016-08-03 10:21 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Growtopia
2016-10-29 22:59 - 2014-05-23 09:22 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-29 22:59 - 2014-05-23 09:22 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-29 22:59 - 2014-05-23 09:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-29 22:59 - 2014-05-23 09:22 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-29 22:17 - 2016-08-06 02:07 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Adobe
2016-10-29 18:31 - 2016-08-24 11:28 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-10-29 04:17 - 2016-10-09 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2016-10-29 04:17 - 2016-10-04 23:43 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Raynes School bleep
2016-10-29 04:17 - 2016-10-04 23:42 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Video Stuff
2016-10-29 04:17 - 2016-10-04 23:41 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Hax
2016-10-29 04:17 - 2016-10-04 23:41 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\GAMES
2016-10-29 04:17 - 2016-10-02 18:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AbiWord Word Processor
2016-10-29 04:17 - 2016-09-22 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortForward.com
2016-10-29 04:17 - 2016-09-20 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPadian
2016-10-29 04:17 - 2016-09-16 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-10-29 04:17 - 2016-09-16 22:37 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-10-29 04:17 - 2016-09-14 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-29 04:17 - 2016-09-05 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtMoney PRO
2016-10-29 04:17 - 2016-09-02 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macro Recorder
2016-10-29 04:17 - 2016-09-01 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2016-10-29 04:17 - 2016-08-30 18:18 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Games Folders With Shortcuts
2016-10-29 04:17 - 2016-08-25 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-10-29 04:17 - 2016-08-24 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloneDVD 7 Ultimate
2016-10-29 04:17 - 2016-08-24 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker
2016-10-29 04:17 - 2016-08-21 15:12 - 00000000 ____D C:\Users\DefaultAppPool
2016-10-29 04:17 - 2016-08-18 17:30 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-10-29 04:17 - 2016-08-08 13:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2016-10-29 04:17 - 2016-08-08 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2016-10-29 04:17 - 2016-08-06 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 5.4.0f3 (64-bit)
2016-10-29 04:17 - 2016-08-06 00:01 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-29 04:17 - 2016-08-06 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-10-29 04:17 - 2016-08-04 04:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-29 04:17 - 2016-08-03 10:21 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Growtopia
2016-10-29 04:17 - 2016-08-02 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-10-29 04:17 - 2016-08-02 15:17 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-10-29 04:17 - 2016-08-02 12:47 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-10-29 04:17 - 2014-05-23 09:13 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2
2016-10-29 04:17 - 2014-05-23 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-10-29 04:17 - 2014-05-23 09:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-10-29 04:17 - 2014-05-23 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-29 04:17 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-10-29 04:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-10-29 04:16 - 2016-08-02 15:16 - 00000000 ____D C:\Users\Dareon.Owner-PC\AppData\Local\Roblox
2016-10-29 02:43 - 2016-10-20 23:24 - 00000000 ____D C:\Users\Dareon.Owner-PC\Desktop\Emulators
2016-10-29 02:32 - 2016-10-13 15:45 - 00000623 _____ C:\DelFix.txt
2016-10-25 15:59 - 2016-08-02 15:16 - 00000250 _____ C:\Users\Dareon.Owner-PC\AppData\LocalLow\rbxcsettings.rbx

==================== Files in the root of some directories =======

2016-08-28 23:37 - 2011-10-09 15:33 - 0000468 _____ () C:\Program Files (x86)\cod5key.reg
2016-08-28 23:37 - 2012-05-26 20:00 - 0000076 _____ () C:\Program Files (x86)\update-codwaw.bat
2016-08-24 20:09 - 2016-08-24 20:09 - 0099384 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\inst.exe
2016-10-10 03:24 - 2016-10-10 03:24 - 0140288 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\Installer.dat
2016-08-24 20:09 - 2016-08-24 20:09 - 0007859 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.cat
2016-08-24 20:09 - 2016-08-24 20:09 - 0001167 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.inf
2016-08-24 20:11 - 2016-08-24 20:11 - 0000034 _____ () C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.log
2016-08-24 20:09 - 2016-08-24 20:09 - 0082816 _____ (VSO Software) C:\Users\Dareon.Owner-PC\AppData\Roaming\pcouffin.sys
2016-11-05 21:39 - 2016-11-05 21:39 - 0034216 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\13189.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 0127661 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\44962.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 0054793 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\55308.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 0048402 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\78134.exe
2016-11-05 21:39 - 2016-11-05 21:39 - 0192986 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\92654.exe
2016-11-01 10:46 - 2016-11-01 10:46 - 0004608 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\dnow.exe
2016-10-10 03:27 - 2016-10-10 03:27 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\icka76680988.txt
2016-11-05 21:44 - 2016-11-05 21:44 - 19397312 _____ (Adobe Systems Incorporated) C:\Users\Dareon.Owner-PC\AppData\Local\install_flash_player_21_active_x.exe
2016-11-05 21:44 - 2016-11-05 22:23 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\patronize.txt
2016-08-21 22:47 - 2016-09-15 23:42 - 0007608 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Resmon.ResmonCfg
2016-10-10 03:24 - 2016-11-05 21:44 - 0000003 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\run1.txt
2016-08-15 21:07 - 2016-08-15 21:07 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Sethmumu.config
2016-08-18 20:46 - 2016-08-18 20:46 - 0000000 _____ () C:\Users\Dareon.Owner-PC\AppData\Local\Sethmumudata

Some files in TEMP:
====================
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-1516726813749502842.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\jansi-64-6088732685625691334.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\libeay32.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\msvcr120.dll
C:\Users\Dareon.Owner-PC\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-21 07:27

==================== End of FRST.txt ============================



#9 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 21 November 2016 - 01:46 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by Dareon (21-11-2016 11:43:08)
Running from C:\Users\Dareon.Owner-PC\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-21 05:54:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1871851679-1302881600-127590598-500 - Administrator - Disabled)
Dareon (S-1-5-21-1871851679-1302881600-127590598-1004 - Administrator - Enabled) => C:\Users\Dareon.Owner-PC
Guest (S-1-5-21-1871851679-1302881600-127590598-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1871851679-1302881600-127590598-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
ArtMoney PRO v7.37.2 (HKLM-x32\...\ArtMoney PRO_is1) (Version: 7.37 - System SoftLab)
Auto Clicker v2.2 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 2.2 - MurGee.com)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.4.44.6257 - BlueStack Systems, Inc.)
CloneDVD 7 Ultimate 7.0.0.13 (HKLM-x32\...\CloneDVD 7 Ultimate_is1) (Version:  - Copyright © 2003-2013 CloneDVD Studio.)
Cloud Penguin (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Cloud Penguin) (Version: 2.0.6077.31355 - Cloud Penguin) <==== ATTENTION
Cubic Castles (HKLM\...\Steam App 317470) (Version:  - Cosmic Cow LLC)
Deepworld (HKLM\...\Steam App 340810) (Version:  - Bytebin)
Discord (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DvDrum, Ultimate Drum Simulator! (HKLM\...\Steam App 385130) (Version:  - DarkTigerDevelop)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
Game Corp DX (HKLM\...\Steam App 399670) (Version:  - Endless Loop Studios)
Garry's Mod (HKLM\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Growtopia (remove only) (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\Growtopia) (Version:  - )
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Gunscape (HKLM\...\Steam App 342480) (Version:  - Blowfish Studios)
Invasion (HKLM\...\Steam App 397980) (Version:  - Hipix Studio)
iPadian version 1.5 (HKLM-x32\...\{0DB90A1C-2C08-429C-8595-FD9848121D28}_is1) (Version: 1.5 - iPadian, Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
K-Lite Codec Pack 10.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.541 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.541 - LogMeIn, Inc.) Hidden
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 5.3.2 (HKLM-x32\...\ManyCam) (Version: 5.3.2 - Visicom Media Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{02A39130-2CF3-30CA-8623-30F6071A4221}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mumble 1.2.17 (HKLM-x32\...\{95A0093C-0C81-4D0B-BCA7-3CE11755A6BD}) (Version: 1.2.17 - Thorvald Natvig)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Origin (HKLM-x32\...\Origin) (Version: 9.12.2.60376 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{23069a6e-7873-4eaa-95d8-8eeaa2277df7}) (Version: latest - ppy Pty Ltd)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.5.2 - Portforward, LLC)
Remote osu! Keyboard Server version 1.3.2 (HKLM\...\{50E9CD66-5078-4347-B801-B2759D6E1823}_is1) (Version: 1.3.2 - TimiimiT)
ROBLOX Player for Dareon (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RogueKiller version 12.8.1.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.1.0 - Adlice Software)
Search & Kill ☠ (HKLM\...\Steam App 496550) (Version:  - Antonio Renna)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
Take Thy Throne (HKLM\...\Steam App 491260) (Version:  - Charyb Games)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium)
Terraria (HKLM-x32\...\1207665503_is1) (Version: 2.12.0.14 - GOG.com)
Trove (HKLM\...\Steam App 304050) (Version:  - Trion Worlds)
Unity (HKLM-x32\...\Unity) (Version: 5.4.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1871851679-1302881600-127590598-1004\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Unturned (HKLM\...\Steam App 304930) (Version:  - Smartly Dressed Games)
WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)
World of Fishing (HKLM\...\Steam App 421960) (Version:  - Masangsoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1871851679-1302881600-127590598-1004_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Dareon.Owner-PC\AppData\Local\Roblox\Versions\version-2ceaab0743d341cd\RobloxProxy64.dll (ROBLOX Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {50597F2B-7F9B-4EBF-A45F-16820A76D66C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-08-02] (AVAST Software)
Task: {74E5BDD4-8F06-403F-9852-BCD438190ADE} - \Adobe Flash Player Updater -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Dareon.Owner-PC\Desktop\Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооglе Сhrоmе.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.bat (No File)
Shortcut: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (No File)
Shortcut: C:\Users\Dareon.Owner-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()

==================== Loaded Modules (Whitelisted) ==============

2014-05-21 11:34 - 2015-01-30 17:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-08-29 00:06 - 2016-08-29 00:06 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-11-05 21:44 - 00000158 ____A C:\Windows\system32\Drivers\etc\hosts

162.222.194.13       cocomo.tremorhub.com
162.222.194.13       www.virustotal.com
162.222.194.13       virustotal.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1871851679-1302881600-127590598-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Dareon.Owner-PC\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5C3CA3AE-F6DB-4CAC-95B1-79C3DC1AE8AD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{EC06B62F-C5ED-42F7-AB6B-5006C3FD3329}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7C838D96-9BC9-4C38-BF71-C39CA8FA79DA}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6064CD48-DD3A-436D-8E83-378F0D1D1739}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{887C8000-3D19-43F5-80C2-DFE726B0543A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E4A36240-280B-4EF3-AAE5-CE7F3D84FE28}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{38256F7F-6420-4638-BC55-BBBA6B3AA5D3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BA07E272-E042-48BF-940F-07B5245F870D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2661AB7F-77EC-4373-ABE8-9B5F8988EF57}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{D086C947-FEB6-4E29-9A89-48E05EEFFCFA}C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [{ECD9F389-0D13-45B9-957B-781097DB3BD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA35CFE9-9F6F-4CD3-B64F-0466DC7EDC3B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DC86687A-C6E0-4C7D-8318-28240F2AE97C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{788F36D9-B2DC-4BBC-AE87-AF7A3DDBB649}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0DBFD4D2-5D53-4970-AAB1-802FFE7493D5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7A4A63CD-36A4-4026-BAA5-3E246FF9373B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{13E43990-65AA-4B25-AB9B-F0A750F52E3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{632701DC-9C51-447B-9E3D-95FD5EC1257E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Gunscape\Gunscape.exe
FirewallRules: [{A76B7E8E-7337-4C51-B220-61D44A16AE77}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{6BF169FE-0864-4696-9866-663C03899D03}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{F4BFE29F-BD2C-4298-A1D1-068F68106FFF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4CB8FE0B-6946-4F15-9859-4CD67245CA59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{6FD0CF64-D51F-4753-BCB6-713C65BD5734}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => (Allow) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [UDP Query User{F9649EB4-4B22-4C0A-A4C0-12A3B46A56A6}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe] => (Allow) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x64\slimerancher.exe
FirewallRules: [TCP Query User{149D9ED3-5DC3-4064-B296-86D52469A637}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [UDP Query User{D2353706-5EE4-42C8-98F6-3909B7970E86}C:\program files\java\jre1.8.0_102\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_102\bin\javaw.exe
FirewallRules: [TCP Query User{C24F22B6-C6D9-430D-9B4A-BA791614404A}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => (Block) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [UDP Query User{A345760C-E443-4289-A8EB-8A54874298CD}C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe] => (Block) C:\users\dareon.owner-pc\desktop\igg-slime.rancher.v0.3.5b\x32\slimerancher.exe
FirewallRules: [TCP Query User{9CCE880D-613F-498F-A622-D6B506307CA9}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [UDP Query User{16EDE507-16FB-4FE2-BE21-BD37157A937E}C:\program files\unity\editor\unity.exe] => (Block) C:\program files\unity\editor\unity.exe
FirewallRules: [{CD302F64-D56D-4502-9DBE-610E6EFC3B12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{B3FE73F9-AE11-4652-9BFF-7B671F983093}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{2F82F3B6-E580-4687-8632-94C3A19C0CF0}] => (Allow) C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [{3EAD2782-CCA9-43BC-AE78-04E94BC245E6}] => (Allow) C:\Program Files (x86)\Mr DJ\The Sims 4 Deluxe Edition\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{28B15313-6BF8-481F-8555-E32A9FFB4791}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => (Block) C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [UDP Query User{7545ED8C-F38D-4EBB-BD2B-310DA2DA3D31}C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe] => (Block) C:\users\dareon.owner-pc\desktop\zilak - get gang beasts for free\zilak - get gang beasts for free\game\gang beasts\gang beasts.exe
FirewallRules: [TCP Query User{72C31600-854A-4543-B7C5-F35CD1CB8AC4}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => (Allow) C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [UDP Query User{19FCAF99-3AC4-47A5-BF8A-8F1FB4A7B93B}C:\program files (x86)\call of duty - world at war\cod5sp.exe] => (Allow) C:\program files (x86)\call of duty - world at war\cod5sp.exe
FirewallRules: [TCP Query User{AFC9A25C-005E-4410-A75E-23F480A71675}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => (Block) C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [UDP Query User{1A62C563-DF65-41ED-9AE7-3B79EE09BF6D}C:\program files (x86)\call of duty - world at war\cod5mp.exe] => (Block) C:\program files (x86)\call of duty - world at war\cod5mp.exe
FirewallRules: [{B149FE65-B357-43A1-8FB5-F8D56FECE352}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe
FirewallRules: [TCP Query User{74817B19-8173-4436-9EBF-603F12627027}C:\gmod\srcds.exe] => (Allow) C:\gmod\srcds.exe
FirewallRules: [UDP Query User{3479D91B-ED2E-49B6-A398-DD9B0B1EB254}C:\gmod\srcds.exe] => (Allow) C:\gmod\srcds.exe
FirewallRules: [TCP Query User{4CE927BC-C739-492C-8686-31331F32A275}C:\r.g. catalyst\portal 2\portal2.exe] => (Allow) C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [UDP Query User{DFF75790-4263-4206-8DF1-0D807560A5E7}C:\r.g. catalyst\portal 2\portal2.exe] => (Allow) C:\r.g. catalyst\portal 2\portal2.exe
FirewallRules: [{9E6D9A77-853D-40FF-8854-F89690C90776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [{F3223D9B-1143-499C-B73A-FD257B5B8679}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Invasion\Invasion.exe
FirewallRules: [TCP Query User{CC384B08-2C04-42D0-A23D-88536D0DD20F}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{F7DBDE2A-E11E-44D5-83C7-1E2A86FAB42D}C:\gog games\terraria\terrariaserver.exe] => (Allow) C:\gog games\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{512613A0-F442-4780-9E5A-7A1B64702DCD}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{F7DB8A2F-F123-4B43-85F7-B0BA64A1D66E}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{701425F2-9292-4F3B-8F30-F7772C29F0BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum.exe
FirewallRules: [{ECC71869-44B2-4550-9CAE-7FB999AB37E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum.exe
FirewallRules: [{9D7C2325-E86A-4FE1-9DAB-38515A1E57EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{C080E38B-6094-48EB-A286-5B4625DC021E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DvDrum, Ultimate Drum Simulator!\DvDrum_legacy.exe
FirewallRules: [{9EE2F839-654E-4AE2-A5E8-9172BBAC120A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A7F3BB33-4574-43C3-8117-62E89DEE2D48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe
FirewallRules: [{A5845E2D-028E-4303-A56D-A509D5140F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{A751502D-0FB8-43EF-B44C-4270544A4E08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Take Thy Throne\TakeThyThrone.exe
FirewallRules: [{1D7B3203-2375-4BF4-A8DF-97902B1A33B8}] => (Allow) C:\Users\Dareon.Owner-PC\AppData\Roaming\Nox\bin\Nox.exe
FirewallRules: [{D44DE305-F85D-49C1-98CB-E709A1678995}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{88FA3859-576A-46AB-B1E4-5F4759AB6878}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{59214904-9DAD-484E-A913-D35195525D30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Noob Squad\Noob Squad.exe
FirewallRules: [{1E1E9253-F703-4AD1-8FE2-3A6561F7AEE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{F86DD4E5-2982-435B-A712-5B3A9AC1F70B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\GameCorpDX.exe
FirewallRules: [{47B16EBC-20AB-40B5-9179-A7F5728B1B97}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{6F69F0A5-1B25-4A17-A47F-927C23B12212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Corp DX\thank_you3\ThankYou_TheGame3.exe
FirewallRules: [{BABDF178-9062-4F2E-BA59-0E41685A9511}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{6EDF0FF1-0413-41C5-8B69-BF9F1F41C711}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deepworld\Deepworld.exe
FirewallRules: [{AB2735CE-6458-42DB-A8E2-CBE1FD6AC6F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{93422FF3-3DDE-4C27-BDD8-A9ECB1F284E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cubic Castles\Cubic.exe
FirewallRules: [{FC9B8DF8-2191-42C3-B1CF-13D2516D506F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [{FFBE5C9E-8663-475A-AD52-B997D0E23205}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\World of Fishing\WOF_LogIn_STEAM.exe
FirewallRules: [TCP Query User{A59AA992-4361-4E18-ABBD-BB5B18C19FE8}C:\program files (x86)\mumble\murmur.exe] => (Block) C:\program files (x86)\mumble\murmur.exe
FirewallRules: [UDP Query User{547C6B98-B7F1-4CBE-BD55-89688476920A}C:\program files (x86)\mumble\murmur.exe] => (Block) C:\program files (x86)\mumble\murmur.exe
FirewallRules: [TCP Query User{CBAB2894-73BA-4C53-B9EC-1774DE5199CF}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{677962BC-31AF-493C-98E9-2253FEA140AC}C:\games\counter-strike global offensive\csgo.exe] => (Allow) C:\games\counter-strike global offensive\csgo.exe
FirewallRules: [{B286C7E0-28F3-4C4F-93AA-68D6DF3534AC}] => (Allow) C:\Program Files\Remote osu! Keyboard Server\Ro!KS.exe
FirewallRules: [{259DD9A5-EA37-478D-97F6-EC16B0C8A08A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜獹潬獧屰祓䱳杯偳攮數
FirewallRules: [{D0689789-2C0E-470F-B2D2-E803FB559945}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜獹潬獧屰祓䱳杯偳⹟硥e
FirewallRules: [{70FCB4FA-05BF-4B77-BD38-9495138DB412}] => (Allow) C:\Program Files (x86)\adjunct\patronize.exe
FirewallRules: [TCP Query User{82B09CB9-838C-43C3-9BC1-89A05E3055B0}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{D203FD8A-3C9D-4817-AF8D-F0E71AD45D76}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{2155D6CE-4815-4B7B-958F-B94C1612C027}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-10-2016 02:31:39 End of disinfection
06-11-2016 01:51:31 Scheduled Checkpoint
10-11-2016 21:31:11 Windows Update
20-11-2016 16:29:27 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2016 06:43:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/20/2016 01:11:47 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information.

Error: (11/12/2016 03:44:35 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/10/2016 09:08:47 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 90080108).

Error: (11/05/2016 10:17:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP.exe, version: 12.1.1.1, time stamp: 0x58187ec9
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0x21e4
Faulting application start time: 0x01d237ed079346f8
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: 5b8451f8-a3e0-11e6-97b1-94fbb221c4f3

Error: (11/05/2016 10:13:25 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (11/05/2016 10:06:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP.exe, version: 12.1.1.1, time stamp: 0x58187ec9
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0xbd4
Faulting application start time: 0x01d237ea87e3b5c0
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: cccaa2b0-a3de-11e6-97b1-94fbb221c4f3

Error: (11/05/2016 09:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP.exe, version: 12.1.1.1, time stamp: 0x58187ec9
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0x1a58
Faulting application start time: 0x01d237e915647350
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: 6aeb3470-a3dd-11e6-97b1-94fbb221c4f3

Error: (11/05/2016 09:56:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP_.exe, version: 12.1.1.1, time stamp: 0x58187e93
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0x110c
Faulting application start time: 0x01d237e909bbd4d0
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP_.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: 5b1eb5d0-a3dd-11e6-97b1-94fbb221c4f3

Error: (11/05/2016 09:48:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SysLogsP.exe, version: 12.1.1.1, time stamp: 0x58187ec9
Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba
Exception code: 0x80000003
Fault offset: 0x00087bd1
Faulting process id: 0x133c
Faulting application start time: 0x01d237e80df2bd30
Faulting application path: C:\Program Files (x86)\SysLogsP\SysLogsP.exe
Faulting module path: C:\Program Files (x86)\SysLogsP\libcef.dll
Report Id: 4f45fc10-a3dc-11e6-97b1-94fbb221c4f3


System errors:
=============
Error: (11/21/2016 10:54:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SCP DS3 Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/21/2016 10:54:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SCP DS3 Service service to connect.

Error: (11/21/2016 07:48:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SCP DS3 Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/21/2016 07:48:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SCP DS3 Service service to connect.

Error: (11/21/2016 07:30:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} did not register with DCOM within the required timeout.

Error: (11/20/2016 04:30:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/20/2016 04:23:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (11/20/2016 04:23:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (11/20/2016 04:23:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (11/20/2016 04:23:59 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).


CodeIntegrity:
===================================
  Date: 2016-11-21 10:52:50.264
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-21 10:52:50.093
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-21 09:03:41.828
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-21 09:03:41.656
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-21 07:46:57.857
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-21 07:46:57.670
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-21 01:18:02.842
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-21 01:18:02.654
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-20 16:25:35.857
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-20 16:25:35.670
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\womic.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250u Processor
Percentage of memory in use: 47%
Total physical RAM: 3839.37 MB
Available physical RAM: 2026.23 MB
Total Virtual: 7676.92 MB
Available Virtual: 6499.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:366.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 311F8258)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#10 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:22 PM

Posted 21 November 2016 - 04:29 PM

Thanks for the logs.

 

Can you give me any idea of what these are:

 

C:\Program Files (x86)\unevenness\autopsy.exe
C:\Program Files (x86)\adjunct\patronize.exe
FirewallRules: [{259DD9A5-EA37-478D-97F6-EC16B0C8A08A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜獹潬獧屰祓䱳杯偳攮數
FirewallRules: [{D0689789-2C0E-470F-B2D2-E803FB559945}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶獜獹潬獧屰祓䱳杯偳⹟硥e


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 21 November 2016 - 05:03 PM

i have no clue



#12 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 21 November 2016 - 05:23 PM

when my sister first got it all installed i saw in task manager patronize.exe was opened but its not anymore



#13 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:22 PM

Posted 21 November 2016 - 05:23 PM

I'll post the next instructioms tomorrow, (GMT), as I have a very early start in the morning.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 nomore568

nomore568
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:04:22 PM

Posted 21 November 2016 - 05:24 PM

same with autopsy


allright should i keep the pc on overnight or restart it



#15 satchfan

satchfan

  • Malware Response Team
  • 2,659 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:11:22 PM

Posted 21 November 2016 - 05:26 PM

You can turn it off.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users