Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cse.google redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 groovey

groovey

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 13 January 2017 - 11:36 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
Ran by Snickers (administrator) on SNICKERS-PC (13-01-2017 23:23:33)
Running from C:\Users\Snickers\Downloads\Programs
Loaded Profiles: Snickers (Available Profiles: Snickers & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Microsoft Corporation) C:\Windows\System32\runonce.exe
() C:\Windows\Temp\gE5.tmp.exe
(Trend Micro Inc.) C:\Users\Snickers\AppData\Local\Temp\HouseCall\HouseCallX_x64\HouseCallX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-15] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-12-14] (Malwarebytes Corporation)
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKLM\...\RunOnce: [wd] => C:\Windows\Temp\gE5.tmp.exe [248320 2017-01-13] () <===== ATTENTION
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-01-19] (Glarysoft Ltd)
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Run: [Zoom] => 0
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Run: [EF9B5E71814A93ECB4477FEADF6B264F19AC415D._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-01-07] (Siber Systems)
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [231936 2016-07-16] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\ExtTag\Jobeco.dll => No File
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2016-01-01]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Snickers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Media Browser Server.lnk [2017-01-07]
ShortcutTarget: Media Browser Server.lnk -> C:\Users\Snickers\AppData\Roaming\MediaBrowser-Server\System\MediaBrowser.ServerApplication.exe (No File)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2016-01-01]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1c9bfa2f-3b86-4671-9837-15bcfa896bf3}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pandasecurity.mystart.com/?pr=vmn&id=pandasecuritytb&v=4_3&utm_campaign=675&idate=2017-01-07&ent=hp_675&u=0CDA0A700181D59B65CAAD587122F5A9
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1846001380-1946299620-4167536978-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_3&idate=2017-01-07&ent=ch_675&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1846001380-1946299620-4167536978-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_3&idate=2017-01-07&ent=ch_675&q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-01-07] (Siber Systems Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-01-07] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-13] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-13] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-01-07] (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-01-07] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-1846001380-1946299620-4167536978-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Snickers\AppData\Roaming\Mozilla\Firefox\Profiles\wji432xu.default [2017-01-13]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\wji432xu.default -> Yahoo! Powered
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\wji432xu.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\wji432xu.default -> Search The Web
FF Homepage: Mozilla\Firefox\Profiles\wji432xu.default -> about:home
FF Extension: (Firebug) - C:\Users\Snickers\AppData\Roaming\Mozilla\Firefox\Profiles\wji432xu.default\Extensions\firebug@software.joehewitt.com.xpi [2016-10-11]
FF Extension: (ChatZilla) - C:\Users\Snickers\AppData\Roaming\Mozilla\Firefox\Profiles\wji432xu.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2017-01-05]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF SearchPlugin: C:\Users\Snickers\AppData\Roaming\Mozilla\Firefox\Profiles\wji432xu.default\searchplugins\yahoo! powered.xml [2016-08-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-12-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-01-07]
FF HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Snickers\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Snickers\AppData\Roaming\IDM\idmmzcc5 [2017-01-13] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1846001380-1946299620-4167536978-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Snickers\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-1846001380-1946299620-4167536978-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Snickers\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2015-05-08] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safeWeb
CHR Profile: C:\Users\Snickers\AppData\Local\Google\Chrome\User Data\Default [2017-01-13]
CHR Extension: (Adobe Acrobat) - C:\Users\Snickers\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-11]
CHR Extension: (IDM Integration Module) - C:\Users\Snickers\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-01-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Snickers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-08]
CHR Extension: (Chrome Media Router) - C:\Users\Snickers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-08]
CHR Extension: (RoboForm Password Manager) - C:\Users\Snickers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-01-08]
CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-12]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-12-24]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-01-12]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-12-24]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
S3 Emby; C:\Users\Snickers\AppData\Roaming\Emby-Server\system\MediaBrowser.ServerApplication.exe [152032 2016-12-29] ()
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2016-12-14] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-12-14] ()
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2014-12-20] (Glarysoft Ltd)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 msvad_simple; C:\WINDOWS\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R1 tmcomm; C:\WINDOWS\system32\DRIVERS\tmcomm.sys [332512 2016-08-22] (Trend Micro Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-13 22:57 - 2017-01-13 22:57 - 01209716 _____ C:\Users\Snickers\AppData\Local\census.cache
2017-01-13 22:02 - 2017-01-13 22:45 - 01308350 _____ C:\Users\Snickers\AppData\Local\ars.cache
2017-01-13 21:36 - 2017-01-13 22:15 - 00000010 _____ C:\Users\Snickers\AppData\Local\sponge.last.runtime.cache
2017-01-13 21:28 - 2017-01-13 21:28 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-01-13 21:28 - 2017-01-13 21:28 - 00000000 ____D C:\ProgramData\Trend Micro
2017-01-13 21:15 - 2017-01-13 21:27 - 00000000 ____D C:\Users\Snickers\Doctor Web
2017-01-13 21:09 - 2017-01-13 21:09 - 00000036 _____ C:\Users\Snickers\AppData\Local\housecall.guid.cache
2017-01-13 21:09 - 2016-08-22 14:20 - 00332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-01-13 20:40 - 2017-01-13 23:23 - 00000000 ____D C:\FRST
2017-01-12 20:15 - 2017-01-12 20:15 - 00851537 _____ C:\Users\Snickers\Downloads\www.macromastia.tv.torrent
2017-01-12 20:14 - 2017-01-12 20:14 - 00221093 _____ C:\Users\Snickers\Downloads\www.macromastia-blog.dk.torrent
2017-01-12 08:31 - 2017-01-12 08:31 - 00066997 _____ C:\Users\Snickers\Downloads\Unconfirmed 136509.crdownload
2017-01-12 08:28 - 2017-01-12 08:28 - 00066997 _____ C:\Users\Snickers\Downloads\IDMGCExt (1).crx
2017-01-12 08:25 - 2017-01-12 08:25 - 00066997 _____ C:\Users\Snickers\Downloads\Unconfirmed 786031.crdownload
2017-01-10 18:55 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 18:55 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 18:55 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 18:55 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 18:55 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 18:55 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 18:55 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 18:55 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 18:55 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 18:55 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 18:55 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 18:55 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 18:55 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 18:55 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 18:55 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 18:55 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 18:55 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 18:55 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 18:55 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 18:55 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 18:55 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 18:55 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 18:55 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 18:55 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 18:55 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 18:55 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 18:55 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 18:55 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 18:55 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 18:55 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 18:55 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 18:55 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 18:55 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 18:55 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 18:55 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 18:55 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 18:55 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 18:55 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 18:55 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 18:55 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 18:55 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 18:55 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 18:55 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 18:55 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 18:55 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 18:55 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 18:55 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 18:55 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 18:55 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 18:55 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 18:55 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 18:55 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 18:55 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 18:55 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 18:55 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 18:55 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 18:55 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 18:55 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 18:55 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 18:55 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 18:55 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 18:55 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 18:55 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 18:55 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 18:55 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:55 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 18:54 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 18:54 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 18:54 - 2016-12-21 02:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 18:54 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 18:54 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 18:54 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 18:54 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 18:54 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 18:54 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 18:54 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 18:54 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 18:54 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 18:54 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 18:54 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 18:54 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 18:54 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 18:54 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 18:54 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 18:54 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 18:54 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 18:54 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 18:54 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 18:54 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 18:54 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 18:54 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 18:54 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 18:54 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 18:54 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 18:54 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 18:54 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 18:54 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 18:54 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 18:54 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 18:54 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 18:54 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 18:54 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 18:54 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 18:54 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 18:54 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 18:54 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 18:54 - 2016-12-21 00:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 18:54 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 18:54 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 18:54 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 18:54 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 18:54 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 18:54 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 18:54 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 18:54 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:54 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 18:54 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 18:54 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 18:54 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 18:54 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 18:54 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 18:54 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 18:54 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 18:54 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 18:54 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 18:54 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 18:54 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 18:54 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 18:54 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 18:54 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 18:54 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 18:54 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 18:54 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 18:54 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 18:54 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 18:54 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 18:54 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 18:54 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 18:54 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 18:54 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 18:54 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 18:54 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 18:54 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 18:54 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 18:54 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 18:54 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 18:54 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 18:54 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:54 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 18:54 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 18:54 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 18:54 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 18:54 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:54 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 18:54 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 18:54 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 18:54 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 18:54 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 18:54 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 18:54 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 18:54 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 18:54 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 18:54 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 18:54 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 18:54 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 18:54 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 18:54 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 18:54 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 18:54 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 18:54 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 18:54 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 18:54 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-08 21:14 - 2017-01-08 21:14 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 21:14 - 2017-01-08 21:14 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-08 21:07 - 2017-01-08 21:07 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-08 20:50 - 2017-01-08 20:50 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-01-08 20:50 - 2017-01-08 20:50 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-08 20:50 - 2017-01-08 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-08 20:50 - 2017-01-08 20:50 - 00000000 ____D C:\Program Files\CCleaner
2017-01-07 12:19 - 2017-01-07 12:19 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Search The Web
2017-01-07 12:19 - 2017-01-07 12:19 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-01-07 12:18 - 2017-01-07 18:40 - 00000000 ____D C:\Program Files (x86)\Panda Security
2017-01-07 12:18 - 2017-01-07 12:28 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Panda Security
2017-01-07 12:17 - 2017-01-07 12:29 - 00000000 ____D C:\ProgramData\Panda Security
2017-01-07 10:12 - 2017-01-07 10:12 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-07 10:12 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-01-07 10:06 - 2017-01-07 10:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-07 10:05 - 2017-01-08 21:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-07 10:05 - 2017-01-08 21:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-07 08:46 - 2017-01-07 08:46 - 00000000 _____ C:\autoexec.bat
2017-01-06 20:04 - 2017-01-06 20:04 - 03017720 _____ (Google) C:\Users\Snickers\Downloads\chrome_cleanup_tool.exe
2017-01-06 20:02 - 2017-01-06 20:02 - 00016840 _____ C:\WINDOWS\System32\Tasks\77195f32508l54132z1
2017-01-06 20:02 - 2017-01-06 20:02 - 00000000 ___HD C:\ProgramData\77195f32508l54132z1
2017-01-06 19:57 - 2017-01-06 19:57 - 00016840 _____ C:\WINDOWS\System32\Tasks\10082f29377l33563z2
2017-01-06 19:57 - 2017-01-06 19:57 - 00000000 ___HD C:\ProgramData\10082f29377l33563z2
2017-01-06 19:56 - 2017-01-06 19:56 - 00016840 _____ C:\WINDOWS\System32\Tasks\23033f32633l95611z7
2017-01-06 19:56 - 2017-01-06 19:56 - 00000000 ___HD C:\ProgramData\23033f32633l95611z7
2017-01-06 19:13 - 2017-01-06 19:13 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-01-06 17:27 - 2017-01-06 17:27 - 01065376 _____ (Google Inc.) C:\Users\Snickers\Downloads\ChromeSetup.exe
2017-01-05 22:05 - 2017-01-05 23:00 - 00000000 ____D C:\Program Files (x86)\Schism
2017-01-05 22:04 - 2017-01-05 23:00 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2017-01-05 22:03 - 2017-01-05 22:03 - 00140288 _____ C:\Users\Snickers\AppData\Roaming\Installer.dat
2017-01-05 22:03 - 2017-01-05 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-01-05 22:03 - 2017-01-05 22:03 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-01-05 22:02 - 2017-01-05 22:02 - 00000000 ____D C:\Users\Snickers\AppData\Local\CrashRpt
2017-01-05 22:02 - 2017-01-05 22:02 - 00000000 _____ C:\TOSTACK
2017-01-05 20:26 - 2017-01-07 13:18 - 00007038 _____ C:\Users\Snickers\Desktop\Rkill.txt
2017-01-04 00:46 - 2016-12-16 19:41 - 32123393 _____ C:\Users\Snickers\Desktop\Choosing A Automation Tool-7395458.mp4
2017-01-03 23:59 - 2017-01-03 23:59 - 00000000 ____D C:\Users\Snickers\AppData\Local\pip
2017-01-03 23:32 - 2017-01-05 23:00 - 00000000 ____D C:\Python27
2017-01-03 22:39 - 2017-01-03 23:00 - 00000000 ____D C:\Users\Snickers\Desktop\instagram
2017-01-03 21:35 - 2017-01-03 21:35 - 00000000 ____D C:\Users\Snickers\.idlerc
2017-01-02 14:32 - 2017-01-05 23:00 - 00000000 ____D C:\ProgramData\20923f26538l44705z7
2017-01-01 23:11 - 2017-01-01 23:11 - 00014505 _____ C:\Users\Snickers\Downloads\bitcoin-0.13.1.torrent
2017-01-01 11:14 - 2017-01-01 11:14 - 00016840 _____ C:\WINDOWS\System32\Tasks\29047f45405l32383z6
2017-01-01 11:14 - 2017-01-01 11:14 - 00016840 _____ C:\WINDOWS\System32\Tasks\26622f46133l30152z5
2017-01-01 11:14 - 2017-01-01 11:14 - 00000000 ___HD C:\ProgramData\29047f45405l32383z6
2017-01-01 11:14 - 2017-01-01 11:14 - 00000000 ___HD C:\ProgramData\26622f46133l30152z5
2017-01-01 11:07 - 2017-01-08 21:38 - 00000000 ___HD C:\ProgramData\52a393b88
2017-01-01 11:07 - 2017-01-01 11:07 - 00016840 _____ C:\WINDOWS\System32\Tasks\32604f18522l94083z7
2017-01-01 11:07 - 2017-01-01 11:07 - 00016798 _____ C:\WINDOWS\System32\Tasks\52a393b88
2017-01-01 11:07 - 2017-01-01 11:07 - 00000000 ___HD C:\ProgramData\32604f18522l94083z7
2017-01-01 11:05 - 2017-01-05 23:00 - 00000000 ____D C:\Users\Snickers\Desktop\IDM 6.27 Build 2
2017-01-01 11:04 - 2017-01-01 11:04 - 00016840 _____ C:\WINDOWS\System32\Tasks\95754f15255l25342z8
2017-01-01 11:04 - 2017-01-01 11:04 - 00016840 _____ C:\WINDOWS\System32\Tasks\72194f81904l25502z7
2017-01-01 11:04 - 2017-01-01 11:04 - 00016828 _____ C:\WINDOWS\System32\Tasks\126f60541l44168z6
2017-01-01 11:04 - 2017-01-01 11:04 - 00000000 ___HD C:\ProgramData\95754f15255l25342z8
2017-01-01 11:04 - 2017-01-01 11:04 - 00000000 ___HD C:\ProgramData\72194f81904l25502z7
2017-01-01 11:04 - 2017-01-01 11:04 - 00000000 ___HD C:\ProgramData\126f60541l44168z6
2017-01-01 11:03 - 2017-01-12 08:41 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-01-01 11:03 - 2017-01-08 22:15 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\IDM
2017-01-01 11:03 - 2017-01-05 23:00 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-01-01 11:03 - 2017-01-05 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2017-01-01 10:39 - 2017-01-01 11:03 - 14589573 _____ C:\Users\Snickers\Downloads\IDM 6.27 Build 2.zip
2017-01-01 10:23 - 2017-01-01 10:23 - 00000000 ____D C:\ProgramData\Reprise
2016-12-30 17:27 - 2016-07-15 20:22 - 00000000 ____D C:\Users\Snickers\Desktop\Module 8_ Creating Newsletter
2016-12-24 12:44 - 2017-01-10 20:01 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Kodi
2016-12-24 12:43 - 2017-01-05 23:00 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-12-24 12:42 - 2016-12-24 12:43 - 00000000 ____D C:\Program Files (x86)\Kodi
2016-12-24 11:37 - 2017-01-05 22:51 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-19 19:55 - 2016-12-19 19:55 - 00930940 _____ C:\Users\Snickers\Desktop\mybaby.MP4
2016-12-15 22:42 - 2016-12-15 22:42 - 00020512 _____ C:\Users\Snickers\Desktop\Instagram Domination.torrent
2016-12-15 06:51 - 2016-10-17 10:35 - 00223464 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2016-12-14 23:34 - 2016-12-14 23:34 - 00003288 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-13 23:25 - 2015-12-24 05:47 - 00000000 ____D C:\Users\Snickers\Downloads\Video
2017-01-13 23:06 - 2014-11-30 15:39 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\DMCache
2017-01-13 23:05 - 2014-11-29 22:56 - 00000000 ____D C:\WINDOWS\AutoKMS
2017-01-13 23:03 - 2016-04-27 20:08 - 00131850 _____ C:\Users\Snickers\Desktop\checkbook-register.xlsx
2017-01-13 21:47 - 2014-11-29 16:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-13 21:44 - 2014-11-29 22:25 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-01-13 21:15 - 2016-09-14 20:51 - 00000000 ____D C:\Users\Snickers
2017-01-13 20:16 - 2014-12-20 22:02 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-01-13 20:15 - 2016-09-14 21:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-13 20:14 - 2016-07-16 01:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-13 20:11 - 2014-11-29 22:03 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\uTorrent
2017-01-13 20:03 - 2014-11-29 16:49 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Skype
2017-01-13 20:01 - 2016-09-14 20:41 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-13 19:47 - 2015-11-08 12:16 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\vlc
2017-01-13 19:44 - 2016-11-16 19:50 - 00000000 ____D C:\Users\Snickers\AppData\LocalLow\Mozilla
2017-01-13 18:58 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 18:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-13 06:59 - 2014-12-13 10:46 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\TeamViewer
2017-01-13 06:58 - 2015-11-29 07:15 - 00000000 ____D C:\Users\Snickers\AppData\Local\Packages
2017-01-13 02:00 - 2014-11-29 16:28 - 00000000 ____D C:\Users\Snickers\AppData\Local\Adobe
2017-01-12 18:41 - 2015-12-24 17:28 - 00000000 ____D C:\WINDOWS\pss
2017-01-12 09:19 - 2015-12-24 17:43 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-12 06:55 - 2014-12-21 20:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-01-12 06:54 - 2016-09-14 21:13 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-11 22:04 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 06:17 - 2015-11-29 07:15 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-10 21:31 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-10 21:20 - 2016-09-14 20:41 - 04942664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-10 21:20 - 2014-12-20 22:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-10 21:18 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-10 21:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-10 21:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-10 21:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-10 21:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 21:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-10 19:18 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 19:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-10 19:13 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-10 19:05 - 2015-01-06 21:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 19:00 - 2014-11-29 22:49 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 08:19 - 2016-11-15 23:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-08 21:14 - 2014-11-29 16:29 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-08 21:03 - 2016-09-15 00:40 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-08 20:28 - 2014-11-29 16:29 - 00000000 ____D C:\Users\Snickers\AppData\Local\Google
2017-01-07 20:32 - 2016-02-13 19:09 - 00000000 ____D C:\Users\Snickers\Desktop\movies
2017-01-07 18:42 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-07 15:57 - 2016-09-14 21:13 - 00004228 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2017-01-07 15:57 - 2016-09-14 21:13 - 00003590 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2017-01-07 15:57 - 2015-12-24 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2017-01-07 15:56 - 2016-11-16 21:44 - 00000982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LongTailPro.lnk
2017-01-07 15:56 - 2016-09-14 21:02 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-07 15:56 - 2016-08-06 14:26 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-07 15:56 - 2016-03-14 20:47 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2017-01-07 15:56 - 2015-12-12 23:29 - 00002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azon Top 100 Analyzer V4.lnk
2017-01-07 15:56 - 2015-11-29 07:23 - 00002415 _____ C:\Users\Snickers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-07 15:56 - 2015-11-18 19:39 - 00002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azon Review Finder V4.lnk
2017-01-07 15:56 - 2015-11-18 16:43 - 00002111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azon Product Inspector V4.lnk
2017-01-07 15:56 - 2015-11-18 16:36 - 00002111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azon Keyword Generator V4.lnk
2017-01-07 15:56 - 2015-02-14 22:07 - 00001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2017-01-07 15:56 - 2015-02-14 22:07 - 00001305 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2017-01-07 15:56 - 2014-12-22 20:26 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2017-01-07 15:56 - 2014-12-22 20:26 - 00002210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2017-01-07 15:56 - 2014-12-22 20:26 - 00002049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2017-01-07 15:56 - 2014-12-20 22:02 - 00001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2017-01-07 15:56 - 2014-12-20 22:01 - 00001254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Update Detector.lnk
2017-01-07 15:56 - 2014-12-06 00:42 - 00001225 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-01-07 15:56 - 2014-12-06 00:34 - 00001217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Prelude CS6.lnk
2017-01-07 15:56 - 2014-12-06 00:19 - 00001357 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2017-01-07 15:56 - 2014-12-06 00:18 - 00001134 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
2017-01-07 15:56 - 2014-12-02 22:28 - 00001097 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2017-01-07 15:56 - 2014-12-02 22:24 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2017-01-07 15:55 - 2016-08-17 06:30 - 00002079 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2017-01-07 15:55 - 2016-08-06 14:26 - 00001214 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-01-07 15:55 - 2016-08-02 22:11 - 00000975 _____ C:\Users\Snickers\Desktop\video-converter-ultimate-medi_setup_full975.exe.lnk
2017-01-07 15:55 - 2016-05-13 20:29 - 00001082 _____ C:\Users\Snickers\Desktop\Internet Download Manager.lnk
2017-01-07 15:55 - 2016-03-24 07:58 - 00001169 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-07 15:55 - 2014-11-29 22:05 - 00000971 _____ C:\Users\Snickers\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-01-07 15:54 - 2015-12-20 20:33 - 00000000 ____D C:\Users\Snickers\Downloads\Compressed
2017-01-07 12:51 - 2014-11-29 21:11 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2017-01-07 12:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-06 19:37 - 2016-07-16 09:14 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-01-05 23:00 - 2016-09-14 20:51 - 00000000 ____D C:\Users\DefaultAppPool
2017-01-05 23:00 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-01-05 23:00 - 2016-07-10 13:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Long Tail Pro Platinum
2017-01-05 23:00 - 2016-01-04 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-01-05 23:00 - 2015-12-27 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-01-05 23:00 - 2015-12-12 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azon Top 100 Analyzer V4
2017-01-05 23:00 - 2015-11-18 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azon Review Finder V4
2017-01-05 23:00 - 2015-11-18 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azon Product Inspector V4
2017-01-05 23:00 - 2015-11-18 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azon Keyword Generator V4
2017-01-05 23:00 - 2015-11-09 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV to AVI
2017-01-05 23:00 - 2015-11-08 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-01-05 23:00 - 2015-10-11 20:49 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-05 23:00 - 2015-10-11 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-01-05 23:00 - 2015-09-27 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB File Reader
2017-01-05 23:00 - 2015-08-08 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2017-01-05 23:00 - 2015-08-07 04:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2017-01-05 23:00 - 2015-08-07 04:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2017-01-05 23:00 - 2015-07-19 20:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-05 23:00 - 2015-05-11 19:05 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2017-01-05 23:00 - 2015-04-13 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2017-01-05 23:00 - 2015-03-22 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-05 23:00 - 2015-03-17 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-01-05 23:00 - 2015-03-06 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xenu's Link Sleuth
2017-01-05 23:00 - 2015-02-23 20:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OverDrive for Windows
2017-01-05 23:00 - 2015-02-22 15:09 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2017-01-05 23:00 - 2015-02-21 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-05 23:00 - 2015-01-26 08:29 - 00000000 ___HD C:\Users\Snickers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2017-01-05 23:00 - 2014-12-20 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2017-01-05 23:00 - 2014-12-16 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2017-01-05 23:00 - 2014-12-05 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-01-05 23:00 - 2014-12-05 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Builder 4.6
2017-01-05 23:00 - 2014-12-05 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2017-01-05 23:00 - 2014-12-02 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2017-01-05 23:00 - 2014-11-30 13:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-01-05 23:00 - 2014-11-30 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
2017-01-05 23:00 - 2014-11-29 21:20 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WM Capture 7
2017-01-05 23:00 - 2014-11-29 21:19 - 00000000 ____D C:\Program Files (x86)\WM Capture 7
2017-01-05 23:00 - 2014-11-29 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-01-05 22:52 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\registration
2017-01-01 10:21 - 2016-12-11 09:57 - 00000000 ____D C:\Users\Snickers\Desktop\UtubeBible
2017-01-01 10:16 - 2016-01-20 23:33 - 00000000 ____D C:\Users\Snickers\Desktop\If you only knew
2016-12-29 06:34 - 2016-09-27 20:36 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Emby-Server
2016-12-29 06:34 - 2015-07-11 14:39 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\Emby-InstallLogs
2016-12-25 08:45 - 2015-06-18 19:06 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-24 16:23 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-24 14:04 - 2015-06-04 06:11 - 00000700 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1846001380-1946299620-4167536978-1001.job
2016-12-24 14:04 - 2015-02-26 13:07 - 00000604 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1846001380-1946299620-4167536978-1001.job
2016-12-22 18:13 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 18:13 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-21 04:54 - 2014-11-29 19:14 - 00389396 __RSH C:\bootmgr
2016-12-20 08:32 - 2015-08-08 16:58 - 00004608 _____ C:\Users\Snickers\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-20 08:30 - 2016-12-09 15:49 - 00000000 ____D C:\Users\Snickers\Desktop\Anthony Carbone - Wolf Millionaire of Instagram
2016-12-19 20:05 - 2015-04-13 19:11 - 00000000 ____D C:\Users\Snickers\AppData\Roaming\HandBrake
2016-12-18 21:41 - 2016-08-06 14:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-16 15:22 - 2016-09-14 21:13 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 15:22 - 2016-09-14 21:13 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-14 23:34 - 2015-11-29 07:23 - 00000000 ___RD C:\Users\Snickers\OneDrive
2016-12-14 23:00 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-14 01:17 - 2016-09-14 20:41 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{b794f0cf-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms
2016-12-14 01:17 - 2016-09-14 20:41 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{b794f0cf-4b5d-11e6-80e4-e41d2d719790}.TM.blf
2016-12-14 01:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-14 01:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-14 01:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-14 01:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-14 01:14 - 2016-09-14 20:51 - 00524288 ___SH C:\Users\Snickers\NTUSER.DAT{d410dbd6-7aed-11e6-80c5-cd587c4e5110}.TMContainer00000000000000000002.regtrans-ms
2016-12-14 01:14 - 2016-09-14 20:51 - 00065536 ___SH C:\Users\Snickers\NTUSER.DAT{d410dbd6-7aed-11e6-80c5-cd587c4e5110}.TM.blf
 
==================== Files in the root of some directories =======
 
2015-09-20 18:42 - 2016-01-01 09:29 - 16790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-12-13 11:00 - 2015-12-13 11:00 - 0000088 _____ () C:\Users\Snickers\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2015-12-25 22:45 - 2015-12-25 22:45 - 0000088 _____ () C:\Users\Snickers\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2014-12-21 19:24 - 2014-12-21 19:24 - 0000132 _____ () C:\Users\Snickers\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-12-11 22:18 - 2016-11-30 19:10 - 0000132 _____ () C:\Users\Snickers\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-12-25 23:02 - 2016-03-20 19:53 - 0000088 _____ () C:\Users\Snickers\AppData\Roaming\GWMC-I92M
2014-12-24 21:33 - 2014-12-24 21:33 - 0099384 _____ () C:\Users\Snickers\AppData\Roaming\inst.exe
2017-01-05 22:03 - 2017-01-05 22:03 - 0140288 _____ () C:\Users\Snickers\AppData\Roaming\Installer.dat
2014-12-24 21:33 - 2014-12-24 21:33 - 0007859 _____ () C:\Users\Snickers\AppData\Roaming\pcouffin.cat
2014-12-24 21:33 - 2014-12-24 21:33 - 0001167 _____ () C:\Users\Snickers\AppData\Roaming\pcouffin.inf
2014-12-24 21:33 - 2014-12-24 21:33 - 0000055 _____ () C:\Users\Snickers\AppData\Roaming\pcouffin.log
2014-12-24 21:33 - 2014-12-24 21:33 - 0082816 _____ (VSO Software) C:\Users\Snickers\AppData\Roaming\pcouffin.sys
2015-12-13 11:00 - 2016-11-16 23:26 - 0000236 _____ () C:\Users\Snickers\AppData\Roaming\RO39-2M3Q
2016-08-02 23:20 - 2016-08-03 23:20 - 0000071 _____ () C:\Users\Snickers\AppData\Roaming\WB.CFG
2015-08-23 11:34 - 2015-08-23 11:34 - 0000064 _____ () C:\Users\Snickers\AppData\Local\36186f3d87dcc056fb010b236681d00e
2015-07-12 10:00 - 2015-07-12 10:00 - 0001456 _____ () C:\Users\Snickers\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-13 22:02 - 2017-01-13 22:45 - 1308350 _____ () C:\Users\Snickers\AppData\Local\ars.cache
2017-01-13 22:57 - 2017-01-13 22:57 - 1209716 _____ () C:\Users\Snickers\AppData\Local\census.cache
2015-08-08 16:58 - 2016-12-20 08:32 - 0004608 _____ () C:\Users\Snickers\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-13 21:09 - 2017-01-13 21:09 - 0000036 _____ () C:\Users\Snickers\AppData\Local\housecall.guid.cache
2015-08-04 07:18 - 2016-01-20 00:08 - 0000600 _____ () C:\Users\Snickers\AppData\Local\PUTTY.RND
2015-08-20 18:57 - 2015-08-20 18:57 - 0000843 _____ () C:\Users\Snickers\AppData\Local\recently-used.xbel
2015-10-18 14:30 - 2015-10-18 14:30 - 0007605 _____ () C:\Users\Snickers\AppData\Local\Resmon.ResmonCfg
2017-01-13 21:36 - 2017-01-13 22:15 - 0000010 _____ () C:\Users\Snickers\AppData\Local\sponge.last.runtime.cache
 
Files to move or delete:
====================
C:\Windows\Temp\gE5.tmp.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-09 21:36
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 16 January 2017 - 09:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Windows\Temp\gE5.tmp.exe
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [wd] => C:\Windows\Temp\gE5.tmp.exe [248320 2017-01-13] () <===== ATTENTION
AppInit_DLLs: C:\ProgramData\ExtTag\Jobeco.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShortcutTarget: Media Browser Server.lnk -> C:\Users\Snickers\AppData\Roaming\MediaBrowser-Server\System\MediaBrowser.ServerApplication.exe (No File)
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1846001380-1946299620-4167536978-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pandasecurity.mystart.com/?pr=vmn&id=pandasecuritytb&v=4_3&utm_campaign=675&idate=2017-01-07&ent=hp_675&u=0CDA0A700181D59B65CAAD587122F5A9
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1846001380-1946299620-4167536978-1001 -> DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_3&idate=2017-01-07&ent=ch_675&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1846001380-1946299620-4167536978-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://pandasecurity.mystart.com/results.php?pr=vmn&gen=ms&id=pandasecuritytb&v=4_3&idate=2017-01-07&ent=ch_675&q={searchTerms}
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\Snickers\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-08]
CHR Extension: (Chrome Media Router) - C:\Users\Snickers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-08]
U3 idsvc; no ImagePath
C:\Windows\Temp\gE5.tmp.exe

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please post the Fixlog.txt and include the Addition.txt file created by the Farbar tool.
Let me know what problem persists with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:31 PM

Posted 22 January 2017 - 08:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users