Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ament.ini (Pendrive Virus?) and other suspicious files


  • This topic is locked This topic is locked
5 replies to this topic

#1 Riddling

Riddling

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:11:15 PM

Posted 02 January 2017 - 11:25 PM

I ran the FRST and found Ament.ini, I searched it up and some people said that it was part of a pendrive virus? (https://answers.microsoft.com/en-us/windows/forum/windows_10-files/amentini/cf78f72f-1643-4f95-bf86-200e4aebe169) There are also other files such as 'xvrVaSdx0.dat' and 'sysqcl1131236454.dat'  which looked suspicious. Here are the logs:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Justin (administrator) on JUSTIN-STINKY (03-01-2017 11:29:33)
Running from C:\Users\Justin\Downloads
Loaded Profiles: Justin (Available Profiles: Justin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AESMSr64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60120 2016-11-25] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-821353271-122973869-2866904119-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-821353271-122973869-2866904119-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-09] (Piriform Ltd)
HKU\S-1-5-21-821353271-122973869-2866904119-1000\...\MountPoints2: {bfb0d49e-3082-11e4-a25b-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-21-821353271-122973869-2866904119-1000\...\MountPoints2: {f10a487d-3085-11e4-8f56-806e6f6e6963} - D:\SETUP.EXE
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-09-01]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-09-01]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe (D-Link Corp.)
BootExecute: autocheck autochk * 썰́
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{315A2273-3FFA-4368-A15A-A45852BEDA9F}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{6AB80104-ABD4-4C4C-8BA4-69AD8F6290C2}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{9516CA3A-4050-4230-B550-4B5B77294F14}: [DhcpNameServer] 192.168.1.1 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-821353271-122973869-2866904119-1000 -> DefaultScope {20B9D1AE-AD1A-38B4-87FE-AF278DA9861D} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\9k74m1pt.default [2016-12-21]
FF Extension: (No Name) - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\9k74m1pt.default\Extensions\abs@avira.com [2016-12-18]
FF Extension: (Exif Viewer) - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\9k74m1pt.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2016-07-06]
FF Extension: (Ghostery) - C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\9k74m1pt.default\Extensions\firefox@ghostery.com.xpi [2016-07-06]
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-11-25] (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2015-11-27] (Vizzed.com)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-11-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-821353271-122973869-2866904119-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Justin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-19] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.youtube.com/"
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default [2017-01-03]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-08-10]
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Avira Browser Safety) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-04]
CHR Extension: (Chrome Media Router) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
R2 AESMFilters; C:\Windows\system32\AESMSr64.exe [103112 2015-04-14] (Andrea Electronics Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [369608 2016-11-25] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-11-01] (Microsoft Corporation)
S4 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2117128 2016-11-15] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2178576 2016-11-15] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-10-21] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936 2008-06-27] () [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation                           )
S4 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2003-09-09] () [File not signed]
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
S3 BS2726425730; \??\C:\Users\Justin\AppData\Local\Temp\NTFS.sys [X]
S3 cpuz138; \??\C:\Users\Justin\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
S3 HWiNFO32; \??\C:\Users\Justin\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 SQ931UVC; System32\Drivers\capt931V.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-03 11:29 - 2017-01-03 11:29 - 00000000 ____D C:\Users\Justin\Downloads\FRST-OlderVersion
2017-01-03 11:13 - 2017-01-03 11:13 - 00031458 _____ C:\Users\Justin\Desktop\registry.txt
2017-01-02 21:57 - 2017-01-02 21:57 - 00103759 _____ C:\Users\Justin\Desktop\Untitled (5).wma
2016-12-31 23:14 - 2016-12-31 23:15 - 00001049 _____ C:\Users\Justin\Desktop\km8.txt
2016-12-31 23:09 - 2016-12-31 23:09 - 00012800 _____ (Microsoft Corporation) C:\Users\Justin\Downloads\systeminfo.exe.mui
2016-12-31 21:33 - 2016-12-31 21:34 - 54199488 _____ (Malwarebytes ) C:\Users\Justin\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-31 00:52 - 2016-12-31 00:53 - 00000000 ____D C:\Users\Justin\Desktop\steam games
2016-12-31 00:51 - 2016-12-31 00:51 - 01358842 _____ C:\Users\Justin\Downloads\Its not a lie if you believe it - George Costanza.png
2016-12-27 22:00 - 2016-12-27 22:00 - 00024617 _____ C:\Users\Justin\Downloads\vuvoTvc.jpg
2016-12-27 00:21 - 2016-12-30 09:17 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Tropico 4
2016-12-27 00:18 - 2016-12-27 00:18 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Kalypso Media
2016-12-26 15:30 - 2016-12-26 15:30 - 00000000 ____D C:\Users\Justin\AppData\Roaming\3909
2016-12-25 12:29 - 2016-12-25 13:03 - 00467424 _____ C:\Users\Justin\Downloads\Arsenal v Crystal Palace 1-1  Wenger Needs To Go Tonight!!! (Angry Rant) (1).mp4.sfk
2016-12-25 12:26 - 2016-12-25 12:29 - 63757103 _____ C:\Users\Justin\Downloads\Arsenal v Crystal Palace 1-1  Wenger Needs To Go Tonight!!! (Angry Rant) (1).mp4
2016-12-25 12:25 - 2016-12-25 12:25 - 00467488 _____ C:\Users\Justin\Downloads\Arsenal v Crystal Palace 1-1  Wenger Needs To Go Tonight!!! (Angry Rant).mp4.sfk
2016-12-25 12:24 - 2016-12-25 12:25 - 30201404 _____ C:\Users\Justin\Downloads\Arsenal v Crystal Palace 1-1  Wenger Needs To Go Tonight!!! (Angry Rant).mp4
2016-12-22 01:42 - 2016-12-22 01:42 - 00000000 ____D C:\Users\Justin\Desktop\random text file
2016-12-22 01:30 - 2016-12-22 01:30 - 00000000 _____ C:\Windows\SysWOW64\REN9B56.tmp
2016-12-21 23:15 - 2016-12-21 23:15 - 01663040 _____ (Malwarebytes) C:\Users\Justin\Downloads\JRT.exe
2016-12-21 22:51 - 2017-01-03 11:04 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{d12d20c7-c78b-11e6-98df-950417b2232f}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 22:51 - 2017-01-03 11:04 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{d12d20c7-c78b-11e6-98df-950417b2232f}.TM.blf
2016-12-21 22:51 - 2016-12-21 23:04 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{d12d20c7-c78b-11e6-98df-950417b2232f}.TMContainer00000000000000000002.regtrans-ms
2016-12-21 18:44 - 2016-12-21 18:44 - 10964351 _____ C:\Users\Justin\Downloads\Seinfeld in Parliament.mp4
2016-12-21 17:51 - 2016-12-21 17:51 - 00258162 _____ C:\Users\Justin\Downloads\soccer.jpg
2016-12-21 11:00 - 2016-12-21 11:00 - 00000000 ____D C:\Users\Justin\AppData\Local\ESET
2016-12-21 10:58 - 2016-12-21 10:59 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Justin\Downloads\esetonlinescanner_enu.exe
2016-12-20 18:37 - 2016-12-20 18:38 - 00000000 ____D C:\Users\Justin\Desktop\k
2016-12-20 11:42 - 2016-12-20 11:45 - 00059499 _____ C:\Users\Justin\Downloads\Addition.txt
2016-12-20 11:40 - 2017-01-03 11:31 - 00021753 _____ C:\Users\Justin\Downloads\FRST.txt
2016-12-20 11:40 - 2017-01-03 11:29 - 00000000 ____D C:\FRST
2016-12-20 11:39 - 2017-01-03 11:29 - 02418176 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe
2016-12-20 01:41 - 2017-01-02 19:46 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-20 01:40 - 2016-12-31 21:35 - 00001877 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-20 01:40 - 2016-12-31 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-20 01:40 - 2016-12-20 01:40 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-20 01:40 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-20 01:38 - 2016-12-20 01:39 - 51969976 _____ (Malwarebytes ) C:\Users\Justin\Downloads\mb3-setup-consumer-3.0.4.1269 (1).exe
2016-12-19 22:22 - 2016-12-31 23:20 - 00000000 ____D C:\AdwCleaner
2016-12-19 22:18 - 2016-12-19 22:19 - 03977168 _____ C:\Users\Justin\Downloads\adwcleaner_6.041.exe
2016-12-18 23:20 - 2016-12-18 23:20 - 02267848 _____ (wj32 ) C:\Users\Justin\Downloads\processhacker-2.39-setup.exe
2016-12-18 22:55 - 2016-12-18 22:55 - 00998093 _____ C:\Users\Justin\Downloads\ProcessMonitor.zip
2016-12-18 22:54 - 2016-12-18 22:55 - 02135712 _____ (Sysinternals - www.sysinternals.com) C:\Users\Justin\Downloads\Procmon.exe
2016-12-18 21:05 - 2016-12-18 21:07 - 34211496 _____ (Adlice Software ) C:\Users\Justin\Downloads\setup.exe
2016-12-18 19:28 - 2016-12-18 23:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-18 19:25 - 2016-12-18 23:32 - 00000000 ____D C:\Users\Justin\Desktop\mbar
2016-12-18 19:23 - 2016-12-18 19:23 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Justin\Downloads\mbar-1.09.3.1001.exe
2016-12-18 17:17 - 2016-12-18 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vizzed Retro Game Room
2016-12-18 17:17 - 2016-12-18 17:17 - 00000000 ____D C:\Program Files (x86)\Vizzed
2016-12-18 17:12 - 2016-12-18 17:16 - 82822144 _____ C:\Users\Justin\Downloads\VizzedRgrPlugin-2.41.msi
2016-12-18 11:06 - 2016-12-18 11:07 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Justin\Downloads\rkill (1).exe
2016-12-18 01:34 - 2016-12-18 01:34 - 00029169 _____ C:\ProgramData\agent.1481996086.bdinstall.bin
2016-12-18 01:26 - 2016-12-18 01:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-12-18 01:20 - 2016-12-24 07:59 - 00000000 ____D C:\ProgramData\Avira
2016-12-18 01:20 - 2016-12-24 07:59 - 00000000 ____D C:\Program Files (x86)\Avira
2016-12-18 01:20 - 2016-12-23 23:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-12-18 01:18 - 2016-12-18 01:18 - 04578888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Justin\Downloads\avira_en_av_585573001a3c8__ws.exe
2016-12-18 01:17 - 2016-12-18 01:17 - 04578888 _____ (Avira Operations GmbH & Co. KG) C:\Users\Justin\Downloads\avira_en_fass0_585573001a3c8__ws.exe
2016-12-18 00:33 - 2016-12-18 00:33 - 00049103 _____ C:\ProgramData\agent.1481992384.bdinstall.bin
2016-12-18 00:33 - 2016-12-18 00:33 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-12-18 00:26 - 2016-12-18 00:28 - 11842656 _____ C:\Users\Justin\Downloads\bitdefender_antivirus.exe
2016-12-17 23:34 - 2016-12-17 23:34 - 00000000 ____D C:\Users\Justin\AppData\Local\TempTaskUpdateDetection988155B3-4887-459A-82A6-AB2C99AE7093
2016-12-17 22:56 - 2016-12-17 22:56 - 00014059 _____ C:\Users\Justin\Desktop\chrome.exe - Shortcut.lnk
2016-12-17 22:18 - 2016-12-17 22:18 - 00000000 ____D C:\ProgramData\Emsisoft
2016-12-17 20:33 - 2016-12-18 10:09 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-12-17 20:28 - 2016-12-17 20:31 - 228173432 _____ (Emsisoft Ltd. ) C:\Users\Justin\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2016-12-17 18:37 - 2016-12-17 18:38 - 51969976 _____ (Malwarebytes ) C:\Users\Justin\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-17 18:13 - 2016-12-17 18:13 - 01932769 _____ C:\Users\Justin\Downloads\ProcessExplorer.zip
2016-12-17 18:10 - 2016-12-17 18:10 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Justin\Downloads\procexp.exe
2016-12-17 15:50 - 2016-12-17 15:50 - 00000000 ____D C:\Users\Justin\AppData\LocalLow\HardcorePinkAlpha
2016-12-17 15:41 - 2016-12-17 15:46 - 174442590 _____ C:\Users\Justin\Downloads\HardcorePink_0_0_5_Alpha_x86.zip
2016-12-14 16:13 - 2016-12-14 16:13 - 00062757 _____ C:\Users\Justin\Downloads\15390990_1137103616343515_2437272745881875148_n.jpg
2016-12-14 15:48 - 2016-12-14 15:48 - 00000000 ____D C:\Users\Justin\AppData\Local\Chromium
2016-12-14 15:35 - 2016-11-22 02:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-14 15:35 - 2016-11-22 02:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-14 15:35 - 2016-11-22 02:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-14 15:35 - 2016-11-22 02:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-14 15:35 - 2016-11-21 00:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-14 15:35 - 2016-11-21 00:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-14 15:35 - 2016-11-21 00:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-14 15:35 - 2016-11-21 00:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 15:35 - 2016-11-21 00:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-14 15:35 - 2016-11-21 00:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-14 15:35 - 2016-11-21 00:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-14 15:35 - 2016-11-20 23:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-14 15:35 - 2016-11-20 23:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-14 15:35 - 2016-11-20 23:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-14 15:35 - 2016-11-20 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-14 15:35 - 2016-11-20 23:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-14 15:35 - 2016-11-20 23:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-14 15:35 - 2016-11-20 22:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 15:35 - 2016-11-18 00:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-14 15:35 - 2016-11-15 07:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-14 15:35 - 2016-11-15 06:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-14 15:35 - 2016-11-13 03:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-14 15:35 - 2016-11-13 03:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-14 15:35 - 2016-11-13 03:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-14 15:35 - 2016-11-13 03:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-14 15:35 - 2016-11-13 03:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-14 15:35 - 2016-11-13 03:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-14 15:35 - 2016-11-13 03:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-14 15:35 - 2016-11-13 03:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-14 15:35 - 2016-11-13 03:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-14 15:35 - 2016-11-13 03:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-14 15:35 - 2016-11-13 03:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-14 15:35 - 2016-11-13 03:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-14 15:35 - 2016-11-13 03:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-14 15:35 - 2016-11-13 03:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-14 15:35 - 2016-11-13 03:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-14 15:35 - 2016-11-13 03:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-14 15:35 - 2016-11-13 02:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-14 15:35 - 2016-11-13 02:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-14 15:35 - 2016-11-13 02:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-14 15:35 - 2016-11-13 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-14 15:35 - 2016-11-13 02:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-14 15:35 - 2016-11-13 02:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-14 15:35 - 2016-11-13 02:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-14 15:35 - 2016-11-13 02:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-14 15:35 - 2016-11-13 02:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-14 15:35 - 2016-11-13 02:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-14 15:35 - 2016-11-13 02:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-14 15:35 - 2016-11-13 02:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-14 15:35 - 2016-11-13 02:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-14 15:35 - 2016-11-13 02:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-14 15:35 - 2016-11-13 02:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-14 15:35 - 2016-11-13 02:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-14 15:35 - 2016-11-13 02:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-14 15:35 - 2016-11-13 02:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-14 15:35 - 2016-11-13 02:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-14 15:35 - 2016-11-13 02:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-14 15:35 - 2016-11-13 02:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-14 15:35 - 2016-11-13 02:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-14 15:35 - 2016-11-13 02:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-14 15:35 - 2016-11-13 02:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-14 15:35 - 2016-11-13 02:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-14 15:35 - 2016-11-13 02:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-14 15:35 - 2016-11-13 02:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-14 15:35 - 2016-11-13 02:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-14 15:35 - 2016-11-13 02:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-14 15:35 - 2016-11-13 01:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-14 15:35 - 2016-11-13 01:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-14 15:35 - 2016-11-13 01:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-14 15:35 - 2016-11-13 01:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-14 15:35 - 2016-11-13 01:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-14 15:35 - 2016-11-13 01:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-14 15:35 - 2016-11-13 01:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-14 15:35 - 2016-11-13 01:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-14 15:35 - 2016-11-13 01:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-14 15:35 - 2016-11-13 01:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-14 15:35 - 2016-11-13 01:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-14 15:35 - 2016-11-13 01:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-14 15:35 - 2016-11-13 01:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-14 15:35 - 2016-11-13 01:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-14 15:35 - 2016-11-13 01:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-14 15:35 - 2016-11-13 01:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-14 15:35 - 2016-11-13 01:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-14 15:35 - 2016-11-13 01:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-14 15:35 - 2016-11-13 01:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-14 15:35 - 2016-11-11 00:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 15:35 - 2016-11-11 00:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 15:35 - 2016-11-10 00:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-14 15:35 - 2016-11-10 00:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 15:35 - 2016-11-10 00:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 15:35 - 2016-11-10 00:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-14 15:35 - 2016-11-10 00:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-14 15:35 - 2016-11-10 00:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-14 15:35 - 2016-11-10 00:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-14 15:35 - 2016-11-10 00:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 15:35 - 2016-11-10 00:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 15:35 - 2016-11-10 00:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-14 15:35 - 2016-11-10 00:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-14 15:35 - 2016-11-10 00:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-14 15:35 - 2016-11-10 00:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-14 15:35 - 2016-11-09 23:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-14 15:35 - 2016-11-07 00:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 15:35 - 2016-11-07 00:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 15:35 - 2016-11-07 00:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 15:35 - 2016-10-27 23:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-14 15:35 - 2016-10-27 23:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-14 15:35 - 2016-10-11 23:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-14 15:35 - 2016-10-11 23:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-14 15:35 - 2016-10-11 23:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-14 15:35 - 2016-10-11 23:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-14 15:35 - 2016-10-11 23:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-14 15:35 - 2016-10-11 23:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-14 15:35 - 2016-10-11 23:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-14 15:35 - 2016-10-11 23:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-14 15:35 - 2016-10-11 23:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-14 15:35 - 2016-10-11 23:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-14 15:35 - 2016-10-11 23:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-14 15:35 - 2016-10-11 23:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-14 15:35 - 2016-10-11 23:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-14 15:35 - 2016-10-11 23:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-14 15:35 - 2016-10-11 23:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 23:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 15:35 - 2016-10-11 23:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-14 15:35 - 2016-10-11 23:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 15:35 - 2016-10-11 22:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-14 15:35 - 2016-10-11 22:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-14 15:35 - 2016-10-11 22:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-14 15:35 - 2016-10-11 22:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-14 15:35 - 2016-10-11 22:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-14 15:35 - 2016-10-11 22:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-14 15:35 - 2016-10-11 22:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-14 15:35 - 2016-10-11 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-14 15:35 - 2016-10-11 22:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 22:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 22:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 22:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-14 15:35 - 2016-10-11 21:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-14 15:35 - 2016-10-11 21:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-14 15:35 - 2016-10-08 21:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-14 15:35 - 2016-10-04 23:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-14 15:35 - 2016-10-04 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-14 15:35 - 2016-10-04 23:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-14 15:35 - 2016-10-04 23:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-14 15:35 - 2016-10-04 23:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-14 15:35 - 2016-10-04 23:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-14 15:35 - 2016-10-04 23:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-14 15:35 - 2016-10-04 23:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-12 12:58 - 2016-12-12 12:58 - 01446651 _____ C:\Users\Justin\Downloads\Routine Inspection Dec 2016.pdf
2016-12-12 12:58 - 2016-12-12 12:58 - 01446651 _____ C:\Users\Justin\Downloads\Routine Inspection Dec 2016 (1).pdf
2016-12-10 17:04 - 2016-12-10 17:04 - 00016551 _____ C:\Users\Justin\Downloads\e1573808223a064f5bc925c008ddfaab.png
2016-12-07 23:37 - 2016-12-07 23:42 - 89339872 _____ C:\Users\Justin\Documents\seizethemeansofproduction.mp4
2016-12-07 23:35 - 2016-12-07 23:35 - 00054111 _____ C:\Users\Justin\Downloads\Kim-Jong-un-659312.jpg
2016-12-07 23:18 - 2016-12-07 23:18 - 00085456 _____ C:\Users\Justin\Downloads\SCREAMS - Man Screaming  SOUND EFFECT.mp3.sfk
2016-12-07 23:17 - 2016-12-07 23:17 - 01000008 _____ C:\Users\Justin\Downloads\SCREAMS - Man Screaming  SOUND EFFECT.mp3
2016-12-07 22:21 - 2016-12-07 22:32 - 00020192 _____ C:\Users\Justin\Downloads\Realistic Fire (Green Screen Footage).mp4.sfk
2016-12-07 22:21 - 2016-12-07 22:21 - 01984687 _____ C:\Users\Justin\Downloads\Realistic Fire (Green Screen Footage).mp4
2016-12-07 22:14 - 2016-12-07 22:14 - 00046921 _____ C:\Users\Justin\Downloads\179.jpg
2016-12-07 22:12 - 2016-12-07 22:12 - 00287267 _____ C:\Users\Justin\Downloads\26Apr_NKorea_800x600.jpg
2016-12-07 21:01 - 2016-12-07 21:01 - 00246618 _____ C:\Users\Justin\Downloads\tourist.png
2016-12-07 19:11 - 2016-12-07 19:11 - 05167582 _____ C:\Users\Justin\Downloads\Kim-Sung_II..jpg
2016-12-07 17:10 - 2016-12-07 17:10 - 00666477 _____ C:\Users\Justin\Downloads\12619582_l-1.png
2016-12-07 17:04 - 2016-12-07 17:04 - 00466008 _____ C:\Users\Justin\Downloads\Vintage Vector Banners.psd
2016-12-07 16:49 - 2016-12-07 16:49 - 00281728 _____ C:\Users\Justin\Downloads\Soviet Anthem Instrumental (OFFICIAL VERSION).mp3.sfk
2016-12-07 16:48 - 2016-12-07 16:48 - 03373953 _____ C:\Users\Justin\Downloads\Soviet Anthem Instrumental (OFFICIAL VERSION).mp3
2016-12-07 16:31 - 2016-12-07 16:32 - 00120818 _____ C:\Users\Justin\Downloads\maxresdefault (3).jpg
2016-12-07 16:09 - 2016-12-07 16:09 - 00000000 ____D C:\ProgramData\SquirrelMachineInstalls
2016-12-07 16:06 - 2016-12-07 16:06 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Justin\Downloads\DiscordSetup (1).exe
2016-12-05 00:53 - 2016-12-05 01:08 - 234741207 _____ C:\Users\Justin\Documents\you'renotfine.mp4
2016-12-05 00:45 - 2016-12-05 00:48 - 00082112 _____ C:\Users\Justin\Downloads\Door Knocking SOUND EFFECT - Heavy Door Knocks Anklopfen SOUNDS.mp3.sfk
2016-12-05 00:45 - 2016-12-05 00:45 - 00939008 _____ C:\Users\Justin\Downloads\Door Knocking SOUND EFFECT - Heavy Door Knocks Anklopfen SOUNDS.mp3
2016-12-05 00:30 - 2016-12-05 00:30 - 00437286 _____ C:\Users\Justin\Downloads\8f1444ff620bcad30e78552f2fecca17.png
2016-12-05 00:29 - 2016-12-05 00:29 - 00343024 _____ C:\Users\Justin\Downloads\da67df09600df9ea4068a78ad7b84813.png
2016-12-05 00:20 - 2016-12-05 00:20 - 00009496 _____ C:\Users\Justin\Downloads\You're Not Really Fine.mp3.sfk
2016-12-05 00:15 - 2016-12-05 00:18 - 00004744 _____ C:\Users\Justin\Downloads\Egg cracking sound effect.mp3.sfk
2016-12-05 00:15 - 2016-12-05 00:15 - 00087519 _____ C:\Users\Justin\Downloads\Egg cracking sound effect.mp3
2016-12-05 00:12 - 2016-12-05 00:12 - 00162432 _____ C:\Users\Justin\Downloads\You're Not Really Fine.mp3
2016-12-05 00:06 - 2016-12-05 00:07 - 00073256 _____ C:\Users\Justin\Downloads\Seinfeld Theme.mp3.sfk
2016-12-05 00:05 - 2016-12-05 00:06 - 00865488 _____ C:\Users\Justin\Downloads\Seinfeld Theme.mp3
2016-12-04 23:43 - 2016-12-04 23:43 - 00246920 _____ C:\Users\Justin\Downloads\Frédéric Chopin - Prelude in E-Minor (op.28 no. 4).mp3.sfk
2016-12-04 23:38 - 2016-12-04 23:38 - 03991168 _____ C:\Users\Justin\Downloads\Frédéric Chopin - Prelude in E-Minor (op.28 no. 4).mp3
2016-12-04 23:09 - 2016-12-04 23:13 - 00005608 _____ C:\Users\Justin\Documents\audio26.mp3.sfk
2016-12-04 23:09 - 2016-12-04 23:11 - 00064364 _____ C:\Users\Justin\Documents\audio26.mp3
2016-12-04 22:54 - 2016-12-04 22:55 - 00013928 _____ C:\Users\Justin\Documents\audio25.mp3.sfk
2016-12-04 22:54 - 2016-12-04 22:54 - 00160913 _____ C:\Users\Justin\Documents\audio25.mp3
2016-12-04 22:51 - 2016-12-04 22:51 - 00006472 _____ C:\Users\Justin\Documents\audio24.mp3.sfk
2016-12-04 22:49 - 2016-12-04 22:49 - 00074395 _____ C:\Users\Justin\Documents\audio24.mp3
2016-12-04 22:41 - 2016-12-04 22:42 - 00011512 _____ C:\Users\Justin\Documents\audio23.mp3.sfk
2016-12-04 22:40 - 2016-12-04 22:40 - 00132910 _____ C:\Users\Justin\Documents\audio23.mp3
2016-12-04 22:34 - 2016-12-04 22:34 - 00107832 _____ C:\Users\Justin\Documents\audio22.mp3
2016-12-04 22:34 - 2016-12-04 22:34 - 00009352 _____ C:\Users\Justin\Documents\audio22.mp3.sfk
2016-12-04 22:31 - 2016-12-04 22:31 - 00104070 _____ C:\Users\Justin\Documents\audio21.mp3
2016-12-04 22:31 - 2016-12-04 22:31 - 00009032 _____ C:\Users\Justin\Documents\audio21.mp3.sfk
2016-12-04 22:25 - 2016-12-04 22:25 - 00008344 _____ C:\Users\Justin\Documents\audio20.mp3.sfk
2016-12-04 22:24 - 2016-12-04 22:24 - 00096129 _____ C:\Users\Justin\Documents\audio20.mp3
2016-12-04 22:19 - 2016-12-04 22:19 - 00114101 _____ C:\Users\Justin\Documents\audio19.mp3
2016-12-04 22:19 - 2016-12-04 22:19 - 00009896 _____ C:\Users\Justin\Documents\audio19.mp3.sfk
2016-12-04 22:11 - 2016-12-04 22:14 - 00006832 _____ C:\Users\Justin\Documents\audio18.mp3.sfk
2016-12-04 22:11 - 2016-12-04 22:11 - 00078575 _____ C:\Users\Justin\Documents\audio18.mp3
2016-12-04 21:57 - 2016-12-04 21:57 - 00006112 _____ C:\Users\Justin\Documents\audio17.mp3.sfk
2016-12-04 21:56 - 2016-12-04 21:56 - 00070216 _____ C:\Users\Justin\Documents\audio17.mp3
2016-12-04 21:52 - 2016-12-04 21:52 - 00121625 _____ C:\Users\Justin\Documents\audio16.mp3
2016-12-04 21:52 - 2016-12-04 21:52 - 00010544 _____ C:\Users\Justin\Documents\audio16.mp3.sfk
2016-12-04 21:50 - 2016-12-04 21:50 - 00010504 _____ C:\Users\Justin\Documents\audio15.mp3.sfk
2016-12-04 21:49 - 2016-12-04 21:49 - 00121207 _____ C:\Users\Justin\Documents\audio15.mp3
2016-12-04 21:47 - 2016-12-04 21:48 - 00007408 _____ C:\Users\Justin\Documents\audio14.mp3.sfk
2016-12-04 21:46 - 2016-12-04 21:46 - 00085262 _____ C:\Users\Justin\Documents\audio14.mp3
2016-12-04 21:38 - 2016-12-04 21:39 - 11404567 _____ C:\Users\Justin\Documents\kasich.mp4
2016-12-04 21:34 - 2016-12-04 21:37 - 00047168 _____ C:\Users\Justin\Downloads\Hells kitchen Chef Ramsey Owns Giovanni HD.mp4.sfk
2016-12-04 21:33 - 2016-12-04 21:33 - 02655452 _____ C:\Users\Justin\Downloads\Hells kitchen Chef Ramsey Owns Giovanni HD.mp4
2016-12-04 21:24 - 2016-12-04 21:26 - 00005680 _____ C:\Users\Justin\Documents\audio13.mp3.sfk
2016-12-04 21:23 - 2016-12-04 21:23 - 00065200 _____ C:\Users\Justin\Documents\audio13.mp3
2016-12-04 21:02 - 2016-12-04 21:03 - 00007304 _____ C:\Users\Justin\Documents\audio12.mp3.sfk
2016-12-04 20:58 - 2016-12-04 20:58 - 00084008 _____ C:\Users\Justin\Documents\audio12.mp3
2016-12-04 20:51 - 2016-12-04 20:52 - 00006688 _____ C:\Users\Justin\Documents\audio11.mp3.sfk
2016-12-04 20:51 - 2016-12-04 20:51 - 00076903 _____ C:\Users\Justin\Documents\audio11.mp3
2016-12-04 20:36 - 2016-12-04 20:36 - 00008488 _____ C:\Users\Justin\Documents\audio10.mp3.sfk
2016-12-04 20:33 - 2016-12-04 20:34 - 00097801 _____ C:\Users\Justin\Documents\audio10.mp3
2016-12-04 16:15 - 2016-12-04 19:59 - 00004816 _____ C:\Users\Justin\Documents\audio9.mp3.sfk
2016-12-04 16:15 - 2016-12-04 16:15 - 00055169 _____ C:\Users\Justin\Documents\audio9.mp3
2016-12-04 16:14 - 2016-12-04 16:14 - 00006688 _____ C:\Users\Justin\Documents\audio8.mp3.sfk
2016-12-04 16:13 - 2016-12-04 16:13 - 00076903 _____ C:\Users\Justin\Documents\audio8.mp3
2016-12-04 15:55 - 2016-12-04 15:58 - 00006944 _____ C:\Users\Justin\Documents\audio7.mp3.sfk
2016-12-04 15:55 - 2016-12-04 15:55 - 00079829 _____ C:\Users\Justin\Documents\audio7.mp3
2016-12-04 15:53 - 2016-12-04 15:54 - 00010040 _____ C:\Users\Justin\Documents\audio6.mp3.sfk
2016-12-04 15:53 - 2016-12-04 15:53 - 00115773 _____ C:\Users\Justin\Documents\audio6.mp3
2016-12-04 15:51 - 2016-12-04 15:52 - 00014392 _____ C:\Users\Justin\Documents\audio5.mp3.sfk
2016-12-04 15:51 - 2016-12-04 15:51 - 00166346 _____ C:\Users\Justin\Documents\audio5.mp3
2016-12-04 15:49 - 2016-12-04 15:49 - 00007840 _____ C:\Users\Justin\Documents\audio4.mp3.sfk
2016-12-04 15:48 - 2016-12-04 15:48 - 00090278 _____ C:\Users\Justin\Documents\audio4.mp3
2016-12-04 15:23 - 2016-12-04 15:24 - 00006976 _____ C:\Users\Justin\Documents\audio3.mp3.sfk
2016-12-04 15:23 - 2016-12-04 15:23 - 00080247 _____ C:\Users\Justin\Documents\audio3.mp3
2016-12-04 15:20 - 2016-12-04 15:22 - 00009496 _____ C:\Users\Justin\Documents\audio2.mp3.sfk
2016-12-04 15:20 - 2016-12-04 15:20 - 00109504 _____ C:\Users\Justin\Documents\audio2.mp3
2016-12-04 15:16 - 2016-12-04 15:16 - 00152554 _____ C:\Users\Justin\Documents\audio1.mp3
2016-12-04 15:16 - 2016-12-04 15:16 - 00013208 _____ C:\Users\Justin\Documents\audio1.mp3.sfk
2016-12-04 15:13 - 2016-12-04 15:13 - 00152554 _____ C:\Users\Justin\Documents\1.mp3
2016-12-04 11:43 - 2016-12-04 11:43 - 00198262 _____ C:\Users\Justin\Downloads\ad2a6b80ad8767c88c85fd085a8d8d74.png
2016-12-04 11:26 - 2016-12-04 11:26 - 00047360 _____ C:\Users\Justin\Downloads\43d44d0a5cc20ef7d3b93eeb0f3269f3.png
2016-12-04 10:03 - 2016-12-04 10:03 - 00801226 _____ C:\Users\Justin\Documents\backgroundnoisethethreequel.mp3
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-03 11:30 - 2014-08-31 05:11 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Skype
2017-01-03 10:40 - 2009-07-14 12:45 - 00029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-03 10:40 - 2009-07-14 12:45 - 00029136 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-03 10:32 - 2015-05-16 10:15 - 00000000 ____D C:\Users\Justin\AppData\Local\LogMeIn Hamachi
2017-01-03 10:31 - 2015-06-04 10:08 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-03 10:27 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-03 00:38 - 2014-08-31 04:55 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-03 00:36 - 2015-05-18 16:09 - 00000000 ____D C:\Users\Justin\AppData\Local\CrashDumps
2017-01-02 21:57 - 2015-06-14 17:13 - 00000000 ____D C:\Users\Justin\AppData\Roaming\vlc
2017-01-02 21:53 - 2014-09-19 16:04 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-02 19:52 - 2014-09-01 05:10 - 00000000 ____D C:\Users\Justin\AppData\Local\Adobe
2017-01-02 19:46 - 2014-08-31 05:07 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-01-02 19:46 - 2014-08-31 05:07 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-02 19:46 - 2014-08-31 05:07 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-01 17:14 - 2014-09-26 23:33 - 00000000 ____D C:\Users\Justin\AppData\Roaming\TeamViewer
2017-01-01 08:40 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-12-31 23:07 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Logs
2016-12-31 21:35 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-31 21:35 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\drivers
2016-12-31 00:53 - 2016-11-30 21:36 - 00000000 ____D C:\Users\Justin\Desktop\New folder (5)
2016-12-29 22:09 - 2014-11-28 17:16 - 00000000 ____D C:\Users\Justin\Documents\My Games
2016-12-29 22:07 - 2015-11-28 20:26 - 00000000 __SHD C:\Config.Msi
2016-12-29 22:07 - 2014-08-31 04:26 - 00000000 __SHD C:\Windows\Installer
2016-12-29 22:07 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\winsxs
2016-12-27 00:21 - 2014-08-31 04:23 - 00000000 ___RD C:\Users\Justin\Pictures
2016-12-27 00:21 - 2014-08-31 04:23 - 00000000 ____D C:\Users\Justin\AppData\Roaming
2016-12-27 00:16 - 2009-07-14 11:20 - 00000000 __RSD C:\Windows\assembly
2016-12-26 15:17 - 2014-08-31 04:59 - 00000000 ____D C:\ProgramData\Skype
2016-12-26 15:16 - 2015-12-19 16:11 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-26 15:16 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-25 12:21 - 2014-08-30 07:19 - 00000000 ___RD C:\Users\Justin\Documents
2016-12-22 16:02 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-22 01:31 - 2009-07-14 11:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-22 01:31 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\System32
2016-12-22 01:31 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files (x86)
2016-12-22 01:30 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64
2016-12-22 01:20 - 2015-11-28 10:41 - 00000000 ____D C:\Users\Justin\AppData\Roaming\uTorrent
2016-12-22 01:15 - 2009-07-14 11:20 - 00000000 ___RD C:\Program Files
2016-12-22 01:12 - 2015-12-25 16:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-22 01:12 - 2015-06-04 20:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-22 00:52 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Tasks
2016-12-22 00:51 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Tasks
2016-12-21 23:17 - 2014-08-31 04:23 - 00000000 ____D C:\Users\Justin\AppData\LocalLow
2016-12-21 23:17 - 2009-07-14 11:20 - 00000000 ___HD C:\ProgramData
2016-12-21 22:38 - 2014-08-31 04:29 - 00766928 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-21 22:38 - 2009-07-14 13:13 - 00766928 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-21 22:38 - 2009-07-14 10:36 - 00654538 _____ C:\Windows\system32\perfh009.dat
2016-12-21 22:38 - 2009-07-14 10:36 - 00122410 _____ C:\Windows\system32\perfc009.dat
2016-12-21 18:50 - 2014-08-31 05:12 - 00524288 ___SH C:\Windows\system32\config\COMPONENTS{fed016dc-3089-11e4-ab71-74d435bc23ae}.TMContainer00000000000000000001.regtrans-ms
2016-12-21 18:50 - 2014-08-31 05:12 - 00065536 ___SH C:\Windows\system32\config\COMPONENTS{fed016dc-3089-11e4-ab71-74d435bc23ae}.TM.blf
2016-12-21 16:34 - 2014-08-31 04:20 - 00000000 ____D C:\Windows\SoftwareDistribution
2016-12-21 06:13 - 2014-09-13 16:19 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-21 06:11 - 2014-09-13 16:18 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-12-20 13:28 - 2014-08-31 04:23 - 00000000 ___RD C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-20 01:40 - 2014-08-31 05:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-18 17:17 - 2014-09-02 04:28 - 00000000 ____D C:\ProgramData\Vizzed
2016-12-18 17:01 - 2014-09-02 03:53 - 00000000 ____D C:\Users\Justin\AppData\Roaming\TS3Client
2016-12-18 16:53 - 2015-06-03 20:18 - 00000000 ____D C:\Windows\pss
2016-12-18 16:53 - 2014-08-31 04:24 - 00000000 ___RD C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-18 01:19 - 2014-09-01 05:14 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-18 00:16 - 2014-10-01 22:54 - 00000000 ____D C:\Windows\Minidump
2016-12-18 00:16 - 2009-07-14 12:45 - 00000000 ____D C:\Windows\debug
2016-12-17 08:29 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-12-17 05:18 - 2014-08-31 04:57 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-17 05:11 - 2015-10-04 17:40 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 16:14 - 2015-06-03 17:24 - 00002285 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 03:41 - 2009-07-14 12:45 - 05017488 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-15 03:41 - 2009-07-14 10:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-15 03:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
2016-12-15 03:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\en-US
2016-12-15 03:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-15 03:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\AppPatch
2016-12-15 03:37 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-15 03:37 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-15 03:20 - 2014-08-31 06:37 - 00000000 ____D C:\Windows\system32\MRT
2016-12-15 03:11 - 2014-08-31 06:37 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-14 15:49 - 2015-06-03 18:31 - 00000000 ____D C:\Users\Justin\AppData\Local\Steam
2016-12-14 15:23 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-07 16:09 - 2016-08-07 13:07 - 00000000 ____D C:\Users\Justin\AppData\Local\SquirrelTemp
2016-12-07 16:05 - 2016-08-07 13:08 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-12-07 16:04 - 2016-08-07 13:07 - 00000000 ____D C:\Users\Justin\AppData\Local\Discord
2016-12-05 00:31 - 2014-09-13 22:11 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Audacity
 
==================== Files in the root of some directories =======
 
2015-06-03 21:59 - 2015-06-04 10:02 - 0000187 _____ () C:\Users\Justin\AppData\Roaming\PBS2726425730.ini
2014-11-01 22:39 - 2014-12-09 20:50 - 0001181 _____ () C:\Users\Justin\AppData\Roaming\trace_FilterInstaller.1.txt
2014-11-01 22:39 - 2014-11-01 22:39 - 0001181 _____ () C:\Users\Justin\AppData\Roaming\trace_FilterInstaller.2.txt
2014-11-01 22:39 - 2014-12-13 08:04 - 0000919 _____ () C:\Users\Justin\AppData\Roaming\trace_FilterInstaller.txt
2014-11-01 22:39 - 2014-12-13 08:04 - 0000000 _____ () C:\Users\Justin\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-08-01 17:37 - 2016-02-22 22:15 - 0007627 _____ () C:\Users\Justin\AppData\Local\resmon.resmoncfg
2015-05-18 17:45 - 2015-05-18 17:47 - 0000810 _____ () C:\Users\Justin\AppData\Local\Temp-log.txt
2016-12-18 00:33 - 2016-12-18 00:33 - 0049103 _____ () C:\ProgramData\agent.1481992384.bdinstall.bin
2016-12-18 01:34 - 2016-12-18 01:34 - 0029169 _____ () C:\ProgramData\agent.1481996086.bdinstall.bin
2014-09-13 19:09 - 2014-09-13 19:09 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-04-11 14:46 - 2016-04-11 14:46 - 0004908 _____ () C:\ProgramData\lbogtyso.zat
2015-06-18 20:04 - 2015-06-18 20:04 - 0000008 __RSH () C:\ProgramData\sysqcl1131236454.dat
2015-05-03 13:41 - 2015-06-04 09:53 - 0000112 _____ () C:\ProgramData\xvrVaSdx0.dat
 
Files to move or delete:
====================
C:\ProgramData\sysqcl1131236454.dat
C:\ProgramData\xvrVaSdx0.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2015-03-09 11:42
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 AM

Posted 04 January 2017 - 11:52 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR Extension: (Avira Browser Safety) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S3 BS2726425730; \??\C:\Users\Justin\AppData\Local\Temp\NTFS.sys [X]
S3 cpuz138; \??\C:\Users\Justin\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
S3 HWiNFO32; \??\C:\Users\Justin\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 SQ931UVC; System32\Drivers\capt931V.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\sysqcl1131236454.dat
C:\ProgramData\xvrVaSdx0.dat

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem you are experiencing with this computer.

#3 Riddling

Riddling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:11:15 PM

Posted 04 January 2017 - 12:30 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Justin (05-01-2017 01:06:09) Run:1
Running from C:\Users\Justin\Downloads
Loaded Profiles: Justin (Available Profiles: Justin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX64.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Justin\AppData\Local\MEGAsync\ShellExtX32.dll -> No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR Extension: (Avira Browser Safety) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
S3 BS2726425730; \??\C:\Users\Justin\AppData\Local\Temp\NTFS.sys [X]
S3 cpuz138; \??\C:\Users\Justin\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 epp; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [X]
S3 HWiNFO32; \??\C:\Users\Justin\AppData\Local\Temp\HWiNFO64A.SYS [X]
S3 SQ931UVC; System32\Drivers\capt931V.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\sysqcl1131236454.dat
C:\ProgramData\xvrVaSdx0.dat
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found. 
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found. 
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2 => key removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@esn/npbattlelog,version=2.6.2 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key removed successfully
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key removed successfully
HKLM\System\CurrentControlSet\Services\BS2726425730 => key removed successfully
BS2726425730 => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz138 => key removed successfully
cpuz138 => service removed successfully
HKLM\System\CurrentControlSet\Services\EagleX64 => key removed successfully
EagleX64 => service removed successfully
HKLM\System\CurrentControlSet\Services\epp => key removed successfully
epp => service removed successfully
HKLM\System\CurrentControlSet\Services\HWiNFO32 => key removed successfully
HWiNFO32 => service removed successfully
HKLM\System\CurrentControlSet\Services\SQ931UVC => key removed successfully
SQ931UVC => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\sysqcl1131236454.dat => moved successfully
C:\ProgramData\xvrVaSdx0.dat => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6960519 B
Java, Flash, Steam htmlcache => 748778664 B
Windows/system/drivers => 13691744 B
Edge => 0 B
Chrome => 834147647 B
Firefox => 122617324 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 967535 B
LocalService => 66228 B
NetworkService => 73624226 B
Justin => 16124316 B
 
RecycleBin => 3176295851 B
EmptyTemp: => 4.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 01:08:16 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 AM

Posted 05 January 2017 - 08:31 AM

How is the computer running now?

#5 Riddling

Riddling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Perth, Western Australia
  • Local time:11:15 PM

Posted 05 January 2017 - 09:58 AM

Its running pretty good, the only annoying thing is that whenever microsoft security essentials (windows defender) runs a scan and after it finishes the scan it uses up a lot of memory (around 200,000kb as told by process explorer), I assume its the real time protection, so if I want to run programs that uses up a lot of memory such as steam games I usually have to reboot (probably because I have only have a crappy 4gb of ram), but other than that its running fine.


Edited by Riddling, 05 January 2017 - 10:03 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,930 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:15 AM

Posted 06 January 2017 - 09:30 AM

This protection was superseded by the Windows Defender.
AS: Microsoft Security Essentials (Enabled - Up to date)

There is no need to run the Windows Defender.

Microsoft Security Essentials will automatically disable Windows Defender. That is normal.
Both cannot work in simultaneously. When you restart the computer Windows Defender is disabled and you can work normally with the computer.

You cannot remove Windows Defender. Should you have any difficulties with Security Essentials the you can use WD.

===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

Edited by nasdaq, 06 January 2017 - 09:31 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users