Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

InstallShield malware/possibly rootkit


  • This topic is locked This topic is locked
6 replies to this topic

#1 dois1234

dois1234

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 21 January 2017 - 11:44 AM

One day I noticed my computer had a weird file running. I went into Task Manager and the file was called InstallShield under setup.exe. After the anti-virus not being able to find it, i reset my files and pc. After I did so, the virus remained so I assumed it was a rootkit. It also has been turning my Malwarebytes Real Time Protection off every time I try to turn it on. thanks in advance



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 22 January 2017 - 10:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs for my review.

Wait for further instructions.

#3 dois1234

dois1234
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 22 January 2017 - 01:19 PM

(AMD) C:\Windows\System32\atiesrxx.exe
Failed to access process -> tbaseprovisioning.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Conexant Systems, Inc.) C:\Windows\syswow64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_5\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\McCSPServiceHost.exe
(Lenovo) C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe
(Lenovo) C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\SkypePlugin.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
() C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hammer & Chisel, Inc.) C:\Users\izahe\AppData\Local\Discord\app-0.0.297\Discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SweetLabs, Inc) C:\Users\izahe\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.1\Lightshot.exe
(Hammer & Chisel, Inc.) C:\Users\izahe\AppData\Local\Discord\app-0.0.297\Discord.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Hammer & Chisel, Inc.) C:\Users\izahe\AppData\Local\Discord\app-0.0.297\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.LenovoCorporation.LenovoSettings_4642shxvsv8s2.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.LenovoCorporation.LenovoSettings_4642shxvsv8s2.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.E046963F.LenovoCompanion_k1h2ywk1493x8.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.LenovoCorporation.LenovoSettings_4642shxvsv8s2.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7812.42257.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7812.42257.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [230616 2015-11-20] (Realtek Semiconductor Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [791848 2016-04-11] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [110008 2015-07-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\Lenovo\Power2Go\VirtualDrive.exe [492472 2015-07-21] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2016-02-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKU\S-1-5-21-1117179267-2847722300-164330619-1001\...\Run: [Discord] => C:\Users\izahe\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1117179267-2847722300-164330619-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2dd99d32-6cd9-4304-8929-fd422e2ce3f6}: [DhcpNameServer] 150.204.1.3
Tcpip\..\Interfaces\{ce31506e-f42a-47a2-ac2f-d0d8cdbf4f31}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-1117179267-2847722300-164330619-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-1117179267-2847722300-164330619-1001 -> DefaultScope {1D1E4C5F-BA55-4C36-9534-5DB4BA565F93} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-11-18] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-11-18] (McAfee, Inc.)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-12-27]
Edge Extension: (NAME) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2017-01-14]
FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-13] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-11-18] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1117179267-2847722300-164330619-1001: @nsroblox.roblox.com/launcher -> C:\Users\izahe\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1117179267-2847722300-164330619-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\izahe\AppData\Local\Roblox\Versions\version-ecedadb4b6824712\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2016-02-19] (Advanced Micro Devices, Inc.)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [41176 2015-03-02] (Realtek Semiconductor Corporation)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1447944 2017-01-19] ()
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [127192 2015-11-19] ()
R2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [650680 2015-07-29] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3019968 2016-12-04] (Microsoft Corporation)
R2 GDCAgent; C:\Program Files (x86)\Lenovo\GDCAgentSetupRed\GDCAgent.exe [1155512 2015-07-29] (Lenovo)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [62792 2016-12-01] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271328 2016-01-25] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [379896 2015-07-03] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.2.351.0\\McCSPServiceHost.exe [1934968 2016-10-17] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1307752 2016-10-20] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1473128 2016-10-07] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1041512 2016-09-08] (Intel Security, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246376 2015-11-13] (Synaptics Incorporated)
S2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [54808 2016-02-09] (Advanced Micro Devices, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmcsp; C:\Windows\System32\drivers\amdkmcsp.sys [101112 2016-02-09] (Advanced Micro Devices, Inc. )
S3 amdkmdan; C:\Windows\system32\DRIVERS\atikmnag.sys [20268048 2016-03-01] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82704 2016-03-01] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [277240 2016-02-09] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-15] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-21] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85656 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [527496 2016-09-09] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
S3 MFE_RR; C:\Users\izahe\AppData\Local\Temp\mfe_rr.sys [24120 2017-01-20] (McAfee, Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 2015-08-19] (Realtek                                            )
S3 RtkAvrcp; C:\Windows\System32\drivers\RtkAvrcp.sys [67840 2015-09-09] (Realtek Semiconductor Corporation)
S3 RtkAvrcpCtrlr; C:\Windows\System32\drivers\RtkAvrcpCtrlr.sys [70672 2015-05-11] (Realtek Semiconductor Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [629056 2016-01-12] (Realtek Semiconductor Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [408280 2015-10-15] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3059416 2015-06-11] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-06-03] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-22 13:09 - 2017-01-22 13:11 - 00019643 _____ C:\Users\izahe\Desktop\FRST.txt
2017-01-22 13:08 - 2017-01-22 13:09 - 00000000 ____D C:\FRST
2017-01-22 13:08 - 2017-01-22 13:08 - 02420736 _____ (Farbar) C:\Users\izahe\Desktop\FRST64.exe
2017-01-22 13:06 - 2017-01-22 13:06 - 02420736 _____ (Farbar) C:\Users\izahe\Desktop\FRST64.exe.evhmpox.partial
2017-01-22 12:11 - 2017-01-22 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-21 13:54 - 2017-01-21 14:24 - 00000000 ____D C:\Users\izahe\BrawlhallaReplays
2017-01-21 13:41 - 2017-01-21 13:41 - 00000000 ____D C:\Users\izahe\AppData\Roaming\BrawlhallaAir
2017-01-21 13:39 - 2017-01-21 13:39 - 00000222 _____ C:\Users\izahe\Desktop\Brawlhalla.url
2017-01-20 11:54 - 2017-01-20 11:54 - 11427128 _____ (Bitdefender LLC) C:\Users\izahe\Downloads\BootkitRemoval_x64.exe
2017-01-20 11:53 - 2017-01-20 11:54 - 07269656 _____ (Bitdefender LLC) C:\Users\izahe\Downloads\BootkitRemoval_x86.exe
2017-01-20 11:45 - 2017-01-20 11:45 - 00784152 _____ (McAfee, Inc.) C:\Users\izahe\Downloads\rootkitremover.exe
2017-01-20 11:34 - 2017-01-20 11:34 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\54EC42BA.sys
2017-01-20 11:34 - 2017-01-20 11:34 - 00000000 ___HD C:\OneDriveTemp
2017-01-19 16:55 - 2017-01-19 16:55 - 00000000 ____D C:\Users\izahe\AppData\Roaming\LolClient
2017-01-19 14:33 - 2017-01-19 14:33 - 00000000 ____D C:\ProgramData\Riot Games
2017-01-19 14:31 - 2017-01-19 14:31 - 00001585 _____ C:\Users\Public\Desktop\League of Legends.lnk
2017-01-19 14:31 - 2017-01-19 14:31 - 00000000 ____D C:\Riot Games
2017-01-19 14:31 - 2017-01-19 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2017-01-19 14:31 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-01-19 14:31 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-01-19 14:31 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-01-19 14:31 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-01-19 14:31 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-01-19 14:25 - 2017-01-19 14:31 - 00000000 ____D C:\Users\izahe\AppData\Roaming\Riot Games
2017-01-19 14:25 - 2017-01-19 14:29 - 28411368 _____ (Riot Games) C:\Users\izahe\Downloads\LeagueofLegends_NA_Installer_2016_05_13.exe
2017-01-19 13:37 - 2017-01-19 13:37 - 00000000 ____D C:\Users\izahe\AppData\LocalLow\Smartly Dressed Games
2017-01-19 12:54 - 2017-01-21 13:39 - 00000000 ____D C:\Users\izahe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-19 12:54 - 2017-01-19 12:54 - 00000222 _____ C:\Users\izahe\Desktop\Unturned.url
2017-01-16 15:51 - 2017-01-16 15:55 - 365750542 _____ C:\Users\izahe\Desktop\monado boy.mp4
2017-01-16 15:11 - 2017-01-16 15:12 - 153362888 _____ C:\Users\izahe\Downloads\Shulk.mp4
2017-01-16 14:56 - 2017-01-16 14:56 - 00000000 _____ C:\Users\izahe\Downloads\harambe.mp4.lht7ryd.partial
2017-01-16 14:56 - 2017-01-16 14:56 - 00000000 _____ C:\Users\izahe\Downloads\harambe.mp4
2017-01-15 15:11 - 2017-01-21 11:21 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-15 15:11 - 2017-01-21 11:21 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-15 15:11 - 2017-01-21 11:21 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-15 15:11 - 2017-01-21 11:21 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-15 15:11 - 2017-01-15 15:11 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-15 15:10 - 2017-01-15 15:10 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-15 15:10 - 2017-01-15 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-15 15:10 - 2017-01-15 15:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-15 15:10 - 2017-01-15 15:10 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-15 15:10 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-15 15:09 - 2017-01-15 15:09 - 54199488 _____ (Malwarebytes ) C:\Users\izahe\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-15 15:05 - 2017-01-15 15:05 - 00000000 ___HD C:\$SysReset
2017-01-15 14:37 - 2017-01-15 14:37 - 00002136 _____ C:\Users\Public\Desktop\Lenovo Photo Master.lnk
2017-01-13 20:37 - 2017-01-13 20:37 - 00000000 ____D C:\Users\izahe\AppData\Local\Steam
2017-01-13 20:37 - 2017-01-13 20:37 - 00000000 ____D C:\Users\izahe\AppData\Local\Chromium
2017-01-13 20:37 - 2017-01-13 20:37 - 00000000 ____D C:\Users\izahe\AppData\Local\CEF
2017-01-13 20:32 - 2017-01-22 12:16 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-13 20:32 - 2017-01-13 20:32 - 00001039 _____ C:\Users\Public\Desktop\Steam.lnk
2017-01-13 20:32 - 2017-01-13 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-13 20:27 - 2017-01-13 20:31 - 01446792 _____ C:\Users\izahe\Downloads\SteamSetup.exe
2017-01-12 15:26 - 2017-01-12 15:26 - 00000000 ____D C:\ProgramData\PhotoMaster
2017-01-11 15:21 - 2017-01-11 15:21 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2017-01-11 15:20 - 2017-01-11 15:20 - 00000000 ____D C:\Users\izahe\AppData\Roaming\Lenovo
2017-01-11 15:20 - 2017-01-11 15:20 - 00000000 ____D C:\Users\izahe\.QtWebEngineProcess
2017-01-11 15:20 - 2017-01-11 15:20 - 00000000 ____D C:\Users\izahe\.LSC
2017-01-10 15:43 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2017-01-10 15:43 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-01-10 15:43 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-01-10 15:43 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-01-10 15:43 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2017-01-10 15:43 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2017-01-10 15:43 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-01-10 15:43 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-01-10 15:43 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-01-10 15:43 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-01-10 15:43 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-10 15:43 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2017-01-10 15:43 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-01-10 15:43 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2017-01-10 15:43 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2017-01-10 15:43 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-01-10 15:43 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2017-01-10 15:43 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-01-10 15:43 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-01-10 15:43 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-01-10 15:43 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-01-10 15:43 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 15:43 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-01-10 15:43 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2017-01-10 15:43 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 15:43 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-01-10 15:43 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 15:43 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 15:43 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2017-01-10 15:43 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2017-01-10 15:43 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 15:43 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Cred.dll
2017-01-10 15:43 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2017-01-10 15:43 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-01-10 15:43 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-01-10 15:43 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2017-01-10 15:43 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 15:43 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll
2017-01-10 15:43 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2017-01-10 15:43 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-01-10 15:43 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-01-10 15:43 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-10 15:43 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 15:43 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-01-10 15:43 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-01-10 15:43 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-01-10 15:43 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 15:43 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 15:43 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ScDeviceEnum.dll
2017-01-10 15:43 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-01-10 15:43 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-01-10 15:43 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\certprop.dll
2017-01-10 15:43 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-01-10 15:43 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 15:43 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 15:43 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-01-10 15:43 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-01-10 15:43 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 15:43 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-01-10 15:43 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-01-10 15:43 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 15:43 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-01-10 15:43 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2017-01-10 15:43 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2017-01-10 15:43 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-01-10 15:43 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-01-10 15:43 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-01-10 15:43 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-01-10 15:43 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 15:43 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-01-10 15:42 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-01-10 15:42 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2017-01-10 15:42 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-01-10 15:42 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-01-10 15:42 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-01-10 15:42 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-01-10 15:42 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2017-01-10 15:42 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2017-01-10 15:42 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2017-01-10 15:42 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2017-01-10 15:42 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2017-01-10 15:42 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll
2017-01-10 15:42 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2017-01-10 15:42 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 15:42 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-01-10 15:42 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 15:42 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2017-01-10 15:42 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2017-01-10 15:42 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2017-01-10 15:42 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2017-01-10 15:42 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-01-10 15:42 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2017-01-10 15:42 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2017-01-10 15:42 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-01-10 15:42 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2017-01-10 15:42 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-01-10 15:42 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\fhsettingsprovider.dll
2017-01-10 15:42 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\MSVP9DEC.dll
2017-01-10 15:42 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2017-01-10 15:42 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2017-01-10 15:42 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2017-01-10 15:42 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 15:42 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-01-10 15:42 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-01-10 15:42 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-01-10 15:42 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2017-01-10 15:42 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-01-10 15:42 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-01-10 15:42 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2017-01-10 15:42 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-01-10 15:42 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 15:42 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2017-01-10 15:42 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2017-01-10 15:42 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 15:42 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2017-01-10 15:42 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2017-01-10 15:42 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2017-01-10 15:42 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-01-10 15:42 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-01-10 15:42 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2017-01-10 15:42 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-01-10 15:42 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-01-10 15:42 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-01-10 15:42 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-01-10 15:42 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2017-01-10 15:42 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-01-10 15:42 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-01-10 15:42 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2017-01-10 15:42 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2017-01-10 15:42 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-01-10 15:42 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2017-01-10 15:42 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-01-10 15:42 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-01-10 15:42 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2017-01-10 15:42 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 15:42 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2017-01-10 15:42 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-01-10 15:42 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2017-01-10 15:42 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-01-10 15:42 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2017-01-10 15:42 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-01-10 15:42 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 15:42 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-01-10 15:42 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2017-01-10 15:42 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2017-01-10 15:42 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudBackupSettings.dll
2017-01-10 15:42 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 15:42 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2017-01-10 15:42 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2017-01-10 15:42 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2017-01-10 15:42 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\CloudBackupSettings.dll
2017-01-10 15:42 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-01-10 15:42 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-01-10 15:42 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-01-10 15:42 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2017-01-10 15:42 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2017-01-10 15:42 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2017-01-10 15:42 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2017-01-10 15:42 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-01-10 15:42 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-01-10 15:42 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-01-10 15:42 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-01-10 15:42 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-01-10 15:42 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-01-10 15:42 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-01-10 15:42 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-01-02 16:09 - 2017-01-02 16:10 - 76919619 _____ C:\Users\izahe\Desktop\Ganon Highlights.mp4
2017-01-02 16:00 - 2017-01-02 16:00 - 00052215 _____ C:\Users\izahe\Desktop\ganon highlightz.hfp
2017-01-02 14:39 - 2017-01-02 14:39 - 43632533 _____ C:\Users\izahe\Downloads\Ganon6.mp4
2017-01-02 14:38 - 2017-01-02 14:38 - 46167165 _____ C:\Users\izahe\Downloads\Ganon5.mp4
2017-01-02 14:37 - 2017-01-02 14:37 - 44883933 _____ C:\Users\izahe\Downloads\Ganon4.mp4
2017-01-02 14:34 - 2017-01-02 14:34 - 56806472 _____ C:\Users\izahe\Downloads\Ganon3.mp4
2017-01-02 14:33 - 2017-01-02 14:33 - 53884307 _____ C:\Users\izahe\Downloads\Ganon2.mp4
2017-01-02 14:33 - 2017-01-02 14:33 - 38647089 _____ C:\Users\izahe\Downloads\Ganon1.mp4
2017-01-01 16:15 - 2017-01-01 16:15 - 00032812 _____ C:\Users\izahe\Downloads\pokeprism.sa1
2017-01-01 16:14 - 2017-01-01 16:15 - 00002131 _____ C:\Users\izahe\Desktop\vba1.ini
2016-12-30 12:25 - 2016-12-30 12:25 - 00001467 _____ C:\Users\izahe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LenovoSettings.lnk
2016-12-30 01:00 - 2016-12-30 01:15 - 4018972287 _____ C:\Users\izahe\Desktop\December Full Modpack.zip
2016-12-29 18:49 - 2016-12-29 18:49 - 00000000 ____D C:\Users\izahe\Desktop\Smash
2016-12-29 18:15 - 2016-12-29 18:17 - 00000000 ____D C:\ddd
2016-12-29 17:14 - 2016-12-29 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-12-29 17:13 - 2016-12-29 17:14 - 00000000 ____D C:\Python27
2016-12-29 14:09 - 2016-12-29 14:09 - 00005920 _____ C:\Users\izahe\Downloads\sdfghjhg.png
2016-12-29 14:08 - 2016-12-29 14:08 - 00261475 _____ C:\Users\izahe\Downloads\infinite cry.jpg
2016-12-26 00:37 - 2016-12-26 00:37 - 00013733 _____ C:\Users\izahe\Downloads\c7b7e60f38c3458a8205d0c1c8aaca12.png
2016-12-26 00:05 - 2016-12-26 00:05 - 00000000 ____D C:\Users\izahe\Documents\Lightshot
2016-12-25 23:35 - 2016-12-25 23:35 - 00269464 _____ C:\Users\izahe\Downloads\greninja3_by_akiba80-d7nxs41.jpg
2016-12-25 18:11 - 2016-12-25 18:13 - 00000000 ____D C:\Users\izahe\Downloads\ygopro-percy
2016-12-25 18:11 - 2016-12-25 18:11 - 00000920 _____ C:\Users\izahe\Desktop\Ygopro.lnk
2016-12-25 18:08 - 2016-12-25 18:11 - 49837965 _____ C:\Users\izahe\Downloads\ygopro-1.033.A-Percy.exe
2016-12-25 09:54 - 2017-01-22 12:16 - 00028605 _____ C:\Windows\system32\InstallUtil.InstallLog
2016-12-25 00:45 - 2016-12-25 00:45 - 06164494 _____ C:\Users\izahe\Downloads\Qualityu.mp3
2016-12-24 23:13 - 2016-12-24 23:13 - 01270936 _____ C:\Users\izahe\Downloads\sdfg.jpg
2016-12-24 23:09 - 2016-12-24 23:09 - 00078199 _____ C:\Users\izahe\Downloads\untitled.png
2016-12-24 23:07 - 2016-12-24 23:07 - 00033677 _____ C:\Users\izahe\Downloads\180px-NSMB_BowserJr.png
2016-12-24 22:30 - 2016-12-24 22:30 - 66274598 _____ C:\Users\izahe\Downloads\SPECIAL ANNOUNCEMENT_ Smash 4 Subscriber Balloon Pop Montage_.mp4
2016-12-24 22:24 - 2016-12-24 22:24 - 05165497 _____ C:\Users\izahe\Downloads\Buff.mp4
2016-12-24 13:36 - 2016-12-24 13:36 - 04379858 _____ C:\Users\izahe\Downloads\December 24_ 2016.mp4
2016-12-24 12:46 - 2016-12-24 12:46 - 00524746 _____ C:\Users\izahe\Downloads\zxcvbgfds.mp4
2016-12-24 11:35 - 2016-12-24 11:35 - 05116979 _____ C:\Users\izahe\Downloads\J.mp4
2016-12-24 11:35 - 2016-12-24 11:35 - 02437756 _____ C:\Users\izahe\Downloads\Buiug.mp4
2016-12-24 11:34 - 2016-12-24 11:34 - 08933464 _____ C:\Users\izahe\Downloads\Lol.mp4
2016-12-24 02:44 - 2016-12-24 02:44 - 00016690 _____ C:\Users\izahe\Documents\My Movie.wlmp
2016-12-24 01:25 - 2016-12-24 01:25 - 03916426 _____ C:\Users\izahe\Downloads\69.mp4
2016-12-24 01:25 - 2016-12-24 01:25 - 02073517 _____ C:\Users\izahe\Downloads\Ez.mp4
2016-12-23 22:41 - 2016-12-23 22:42 - 51698994 _____ C:\Users\izahe\Downloads\e l o n g a t e d.mp4
2016-12-23 22:27 - 2016-12-23 22:27 - 02125656 _____ C:\Users\izahe\Downloads\No.mp4
2016-12-23 22:17 - 2016-12-23 22:17 - 04505268 _____ C:\Users\izahe\Downloads\Dfewdc.mp4
2016-12-23 21:46 - 2016-12-23 21:46 - 01657104 _____ C:\Users\izahe\Downloads\iji.png
2016-12-23 21:36 - 2017-01-08 04:22 - 00000420 _____ C:\Windows\Tasks\update-sys.job
2016-12-23 21:36 - 2017-01-08 04:22 - 00000420 _____ C:\Windows\Tasks\update-S-1-5-21-1117179267-2847722300-164330619-1001.job
2016-12-23 21:36 - 2016-12-23 21:36 - 00003408 _____ C:\Windows\System32\Tasks\update-S-1-5-21-1117179267-2847722300-164330619-1001
2016-12-23 21:36 - 2016-12-23 21:36 - 00003346 _____ C:\Windows\System32\Tasks\update-sys
2016-12-23 21:36 - 2016-12-23 21:36 - 00000424 _____ C:\Users\izahe\AppData\Local\UserProducts.xml
2016-12-23 21:36 - 2016-12-23 21:36 - 00000003 _____ C:\Users\izahe\AppData\Local\updater.log
2016-12-23 21:36 - 2016-12-23 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2016-12-23 21:36 - 2016-12-23 21:36 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2016-12-23 21:35 - 2016-12-23 21:35 - 02551888 _____ (Skillbrains ) C:\Users\izahe\Downloads\setup-lightshot.exe
2016-12-23 21:35 - 2016-12-23 21:35 - 00000000 ____D C:\Users\izahe\AppData\Local\Programs
2016-12-23 21:33 - 2016-12-23 21:33 - 00088336 _____ C:\Users\izahe\Desktop\maxresdefault.jpg
2016-12-23 21:32 - 2016-12-23 21:32 - 00000000 ____D C:\Users\izahe\AppData\LocalLow\Temp
2016-12-23 21:31 - 2017-01-22 12:13 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E7A91DA2-36D1-4A50-BFD4-83D4277DB7B0}
2016-12-23 19:21 - 2017-01-14 00:01 - 00001436 _____ C:\Users\izahe\Desktop\ROBLOX Player.lnk
2016-12-23 19:20 - 2017-01-14 00:01 - 00001251 _____ C:\Users\izahe\Desktop\ROBLOX Studio.lnk
2016-12-23 19:20 - 2017-01-14 00:01 - 00000000 ____D C:\Users\izahe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-12-23 19:20 - 2016-12-23 19:35 - 00000248 _____ C:\Users\izahe\AppData\LocalLow\rbxcsettings.rbx
2016-12-23 19:20 - 2016-12-23 19:23 - 00000000 ____D C:\Users\izahe\AppData\Local\Roblox
2016-12-23 19:20 - 2016-12-23 19:20 - 01110072 _____ (ROBLOX Corporation) C:\Users\izahe\Downloads\RobloxPlayerLauncher.exe
2016-12-23 18:21 - 2016-12-24 09:14 - 02365296 _____ (Microsoft Corporation) C:\Windows\system32\WudfUpdate_01011.dll
2016-12-23 12:58 - 2016-12-25 00:23 - 00186414 _____ C:\Users\izahe\Desktop\Elongated.hfp
2016-12-23 12:54 - 2017-01-22 12:57 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-12-23 12:54 - 2017-01-22 12:17 - 00004208 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-12-23 12:47 - 2016-12-23 12:47 - 00000000 ____D C:\Users\izahe\Documents\FXHOME
2016-12-23 12:47 - 2016-12-23 12:47 - 00000000 ____D C:\Users\izahe\AppData\Local\HitFilm 4 Express Activation
2016-12-23 12:47 - 2016-12-23 12:47 - 00000000 ____D C:\Users\izahe\AppData\Local\FXHOME Helper
2016-12-23 12:47 - 2016-12-23 12:47 - 00000000 ____D C:\Users\izahe\AppData\Local\Crashpad
2016-12-23 12:46 - 2016-12-23 12:46 - 00000000 ____D C:\Users\izahe\AppData\Local\FXHOME
2016-12-23 12:46 - 2016-12-23 12:46 - 00000000 ____D C:\Users\izahe\AppData\Local\AMD
2016-12-23 12:45 - 2016-12-23 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitFilm 4 Express
2016-12-23 12:44 - 2016-12-23 12:45 - 00000000 ____D C:\Program Files\Boris FX, Inc
2016-12-23 12:44 - 2016-12-23 12:44 - 00000000 ____D C:\ProgramData\FXHOME
2016-12-23 12:44 - 2016-12-23 12:44 - 00000000 ____D C:\Program Files\FXHOME
2016-12-23 12:44 - 2016-12-23 12:44 - 00000000 ____D C:\Program Files\Common Files\OFX
2016-12-23 12:44 - 2016-12-23 12:44 - 00000000 ____D C:\Program Files (x86)\Boris FX, Inc
2016-12-23 12:39 - 2016-12-23 12:43 - 455245824 _____ C:\Users\izahe\Downloads\HitFilm4Express_x64_4.0.5723.10801.msi
2016-12-23 12:00 - 2016-12-23 12:00 - 01276348 _____ C:\Users\izahe\Downloads\Akapnana.mp4
2016-12-23 11:40 - 2016-12-23 11:40 - 01964932 _____ C:\Users\izahe\Downloads\Elon1.mp4
2016-12-23 11:39 - 2016-12-23 11:39 - 02719319 _____ C:\Users\izahe\Downloads\Elon2.mp4
2016-12-23 11:39 - 2016-12-23 11:39 - 01528605 _____ C:\Users\izahe\Downloads\Jsiaansns.mp4
2016-12-23 11:37 - 2016-12-23 11:37 - 00737642 _____ C:\Users\izahe\Downloads\Elongatedsss.mp4
2016-12-23 11:17 - 2016-12-23 11:17 - 09289588 _____ C:\Users\izahe\Downloads\3DS Holiday – A Family of Helpers.mp4
2016-12-23 11:04 - 2016-12-23 11:04 - 00001454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-12-23 11:04 - 2016-12-23 11:04 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-12-23 11:04 - 2016-12-23 11:04 - 00000000 ____D C:\Windows\en
2016-12-23 11:04 - 2016-12-23 11:04 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-12-23 11:03 - 2016-12-23 11:04 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-12-23 11:03 - 2016-12-23 11:03 - 00000000 ____D C:\Windows\PCHEALTH
2016-12-23 11:03 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-12-23 11:03 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-12-23 11:03 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-12-23 11:03 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-12-23 11:03 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-12-23 11:03 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-12-23 11:03 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-12-23 11:03 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-12-23 11:03 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-12-23 11:03 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-12-23 11:02 - 2017-01-02 15:56 - 00000000 ____D C:\Users\izahe\AppData\Local\Windows Live
2016-12-23 11:02 - 2016-12-23 11:02 - 01239752 _____ (Microsoft Corporation) C:\Users\izahe\Downloads\wlsetup-web.exe
2016-12-23 11:02 - 2016-12-23 11:02 - 00000196 _____ C:\Windows\DirectX.log
2016-12-23 11:02 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-12-23 11:02 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-12-23 10:59 - 2016-12-23 10:59 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-22 12:18 - 2016-12-22 20:52 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-22 12:18 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\AppReadiness
2017-01-22 12:12 - 2016-12-22 19:10 - 00000000 ____D C:\Users\izahe\AppData\Local\Host App Service
2017-01-22 12:10 - 2016-12-22 19:16 - 00000000 ___RD C:\Users\izahe\OneDrive
2017-01-21 16:36 - 2016-12-22 21:30 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-01-21 13:54 - 2016-12-22 19:10 - 00000000 ____D C:\Users\izahe
2017-01-21 11:20 - 2016-12-22 20:25 - 00032768 _____ C:\Windows\system32\config\ELAM
2017-01-21 11:19 - 2016-12-22 21:31 - 00253809 _____ C:\Windows\SysWOW64\rootpa.e2e
2017-01-21 11:19 - 2016-12-22 21:31 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-18 16:12 - 2016-12-22 19:18 - 00003290 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-18 16:12 - 2016-12-22 19:16 - 00002370 _____ C:\Users\izahe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-18 15:06 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\LiveKernelReports
2017-01-18 15:06 - 2016-12-22 20:49 - 00000000 ____D C:\Windows\INF
2017-01-16 11:35 - 2016-04-11 16:10 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-16 11:35 - 2016-04-11 16:10 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-16 11:34 - 2016-12-22 21:35 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-01-16 11:34 - 2016-12-22 20:25 - 00524288 _____ C:\Windows\system32\config\BBI
2017-01-15 14:37 - 2016-04-11 16:05 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-01-15 14:37 - 2016-04-11 16:04 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-15 14:37 - 2016-04-11 16:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-01-15 14:32 - 2016-04-11 16:05 - 00000000 ____D C:\ProgramData\Temp
2017-01-15 14:32 - 2016-04-11 16:03 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-01-15 14:30 - 2016-04-11 16:07 - 00000000 ____D C:\ProgramData\CyberLink
2017-01-14 12:47 - 2016-12-22 19:12 - 00000000 ____D C:\Users\izahe\AppData\Local\Packages
2017-01-13 22:14 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\rescache
2017-01-13 21:20 - 2016-04-11 16:11 - 00000000 ____D C:\Program Files\mcafee
2017-01-13 21:11 - 2016-12-22 20:52 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-01-13 21:07 - 2016-12-22 23:39 - 00003126 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-01-12 15:33 - 2016-12-22 19:13 - 00000000 ____D C:\Users\izahe\AppData\Local\CyberLink
2017-01-12 14:29 - 2016-12-22 19:34 - 00000000 ____D C:\Users\izahe\AppData\Roaming\discord
2017-01-11 17:14 - 2016-12-22 19:34 - 00002240 _____ C:\Users\izahe\Desktop\Discord.lnk
2017-01-11 17:14 - 2016-12-22 19:34 - 00000000 ____D C:\Users\izahe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-11 17:14 - 2016-12-22 19:34 - 00000000 ____D C:\Users\izahe\AppData\Local\Discord
2017-01-11 15:22 - 2016-04-11 16:20 - 00000000 ____D C:\ProgramData\Lenovo
2017-01-11 14:44 - 2015-11-03 14:24 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 14:41 - 2016-12-22 21:29 - 00329384 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-11 14:39 - 2016-12-22 20:52 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-01-11 14:39 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-01-11 14:39 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\system32\oobe
2017-01-11 14:39 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\ShellExperiences
2017-01-11 14:39 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\Provisioning
2017-01-10 19:00 - 2016-12-22 20:32 - 00000000 ____D C:\Windows\CbsTemp
2017-01-10 18:51 - 2016-12-22 21:55 - 00000000 ____D C:\Windows\system32\MRT
2017-01-10 18:43 - 2016-12-22 21:54 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-08 04:27 - 2015-11-03 14:28 - 00940236 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-29 18:02 - 2016-12-22 20:51 - 00000000 ____D C:\Windows\system32\Drivers\UMDF
2016-12-28 12:52 - 2016-12-22 20:52 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-28 12:48 - 2016-04-11 15:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-26 20:30 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\system32\NDF
2016-12-26 01:33 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\Logs
2016-12-25 09:56 - 2016-12-22 19:14 - 00000000 ____D C:\Users\izahe\AppData\Local\Lenovo
2016-12-24 21:30 - 2016-04-11 16:04 - 00000000 ____D C:\Program Files\Lenovo
2016-12-24 11:29 - 2016-12-22 20:52 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-24 09:25 - 2016-12-22 19:10 - 00000000 ____D C:\Users\izahe\AppData\Local\Microsoft
2016-12-23 21:32 - 2016-12-22 19:12 - 00000000 ___SD C:\Users\izahe\AppData\LocalLow\Microsoft
2016-12-23 12:55 - 2016-04-11 16:10 - 00000000 ____D C:\ProgramData\McAfee
2016-12-23 12:44 - 2016-12-22 20:25 - 00000000 ____D C:\Program Files\Common Files
2016-12-23 11:04 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\System32\Tasks\Microsoft
2016-12-23 11:02 - 2016-12-22 20:52 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-23 10:57 - 2016-12-22 20:52 - 00000000 ____D C:\Windows\appcompat
2016-12-23 10:57 - 2016-12-22 19:12 - 00000000 ____D C:\Users\izahe\AppData\Local\ConnectedDevicesPlatform
==================== Files in the root of some directories =======
2016-12-22 19:12 - 2017-01-22 12:09 - 0115024 _____ () C:\Users\izahe\AppData\Local\BTServer.log
2016-12-23 21:36 - 2016-12-23 21:36 - 0000003 _____ () C:\Users\izahe\AppData\Local\updater.log
2016-12-23 21:36 - 2016-12-23 21:36 - 0000424 _____ () C:\Users\izahe\AppData\Local\UserProducts.xml
2016-12-22 21:35 - 2016-12-22 21:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
2016-12-22 19:15 - 2016-12-22 19:17 - 54267784 _____ (SweetLabs,Inc.) C:\Users\izahe\AppData\Local\Temp\octCDFD.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-19 00:24
==================== End of FRST.txt ============================

Attached Files



#4 dois1234

dois1234
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 22 January 2017 - 02:32 PM

Did I do it right?



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 22 January 2017 - 02:36 PM


Hi,

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Lenovo App Explorer (HKU\S-1-5-21-1117179267-2847722300-164330619-1001\...\Host App Service) (Version: 0.272.1.559 - SweetLabs for Lenovo)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(SweetLabs, Inc) C:\Users\izahe\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
Task: {194BE4CF-EF7A-43ED-B2B6-957DFD038951} - \Lenovo\Lenovo Solution Center Launcher -> No File <==== ATTENTION
Task: {1C928853-FD1F-4954-A48D-A083E754CF09} - \Lenovo\Lenovo Customer Feedback Program 64 35 -> No File <==== ATTENTION
Task: {34F9E2B3-C573-4C59-ACA9-FCE1B66B1963} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_TVSUUpdateTask -> No File <==== ATTENTION
Task: {6046EF8F-4CCA-4C26-9CD3-0D44EEE9940E} - \Microsoft\Windows\PLA\LSC Memory -> No File <==== ATTENTION
Task: {85B26A96-202B-4929-9D35-BC8BD9132C12} - \Lenovo\REACHit Agent Startup -> No File <==== ATTENTION
Task: {8C052C6D-8D4C-4984-84AB-906463B9AFBC} - \App Explorer -> No File <==== ATTENTION
Task: {98169162-3108-4473-A0C8-E145B7521DF2} - \PDVDServ12 Task -> No File <==== ATTENTION
Task: {A2BE712C-BD7C-4944-8D41-E5110A949F9D} - \Lenovo\LSC\LSCHardwareScan -> No File <==== ATTENTION
Task: {A9393881-D142-4AAF-87D8-D4805E577CBE} - \Lenovo\LSC\Lenovo Solution Center Notifications -> No File <==== ATTENTION
Task: {E0903E1F-916B-48A3-A6BC-0BE27D3CD3CB} - \Lenovo\REACHit Agent Update -> No File <==== ATTENTION
C:\Users\izahe\AppData\Local\Temp\octCDFD.tmp.exe
C:\Users\izahe\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#6 dois1234

dois1234
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 22 January 2017 - 04:35 PM

Thanks for your help, everything seems to be working fine now. Ill notify if any future problems occur

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:02 PM

Posted 23 January 2017 - 08:17 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users