Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cmd windows pop (BITSADMIN)


  • This topic is locked This topic is locked
14 replies to this topic

#1 Handcrafted

Handcrafted

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 27 February 2017 - 06:27 AM

Hi, (and excuse me for my english)

 

Sometimes I have a cmd window that pop and say:

 

BITSADMIN version 3.0 

BITS administration utility.

<C> Copyright 2000-2006

 

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the Bits service are now provided by BITS Powershell cm

dlets.

 

Found 3 jobs named "task3".

Use the job identifier instead of the job name.

 

I don't know where it comes from but the fix seems to depend of the system we use, we need to give FRST logs to admins so they can create a fixlist.txt to fix the problem. I joined you MBAM, rootkill and FRST logs and  I hope you will be able to help me

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 28 February 2017 - 06:03 PM

Greetings Handcrafted and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

I would like to get the FRST reports in English so that it is easier for me to review. Please right click on the FRST icon, select Rename, and rename it to FRSTenglish or FRST64english depending on which version you are using. Be sure Addition.txt is checked before you click scan and then copy and paste both documents in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Handcrafted

Handcrafted
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 01 March 2017 - 05:07 AM

Oh sorry, here you go and thank you for your help

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-02-2017 01
Ran by louis (administrator) on LOUIS (01-03-2017 11:01:19)
Running from C:\Users\louis\Downloads\FRST-OlderVersion
Loaded Profiles: louis (Available Profiles: louis)
Platform: Windows 8.1 (Update) (X64) Language: Français (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Video DSP\DriverMFTService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Farbar) C:\Users\louis\Downloads\FRST-OlderVersion\FRST64english.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804360 2016-04-21] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-19] (Valve Corporation)
HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd)
HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
ShellExecuteHooks: No Name - {2DB64282-F442-11E6-933A-64006A5CFC23} - -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2713A9FE-5B88-4A0D-89B4-1116C734DAEF}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{2713A9FE-5B88-4A0D-89B4-1116C734DAEF}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{3522ED66-E109-43F1-939B-9EF7F0480080}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9CEA70D9-982D-4653-B78C-BD60497A9333}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{9CEA70D9-982D-4653-B78C-BD60497A9333}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{A53F4CCF-9963-40B6-91ED-2B098C6ACFAB}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{bbed3e08-0b41-11e3-8249-806e6f6e6963}: [NameServer] 8.8.8.8

Internet Explorer:
==================
SearchScopes: HKLM-x32 -> DefaultScope value is missing

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-09-03] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-25] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default [2017-02-25]
CHR Extension: (Google Slides) - C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-25]
CHR Extension: (Google Docs) - C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-25]
CHR Extension: (Google Drive) - C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-25]
CHR Extension: (YouTube) - C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-25]
CHR Extension: (Google Sheets) - C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-25]
CHR Extension: (Google Docs hors connexion) - C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-25]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-25]
CHR Extension: (Gmail) - C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-25]
CHR Extension: (Chrome Media Router) - C:\Users\louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-25]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
R2 DriverMFTService; C:\Program Files (x86)\Asus\ASUS Video DSP\DriverMFTService.exe [9728 2014-10-29] (ASUSTek Computer Inc.) [File not signed]
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [828656 2013-11-18] (Condusiv Technologies)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2014-12-15] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-09-03] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-10-29] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-02-25] ()
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [89880 2016-09-30] (Reason Software Company Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3818704 2014-10-29] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [73512 2014-11-21] (ASUS Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [141624 2014-05-13] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1424184 2014-06-17] (Motorola Solutions, Inc.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-02-21] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-02-21] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25840 2013-11-18] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [117488 2013-11-18] (Condusiv Technologies)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [229632 2016-11-28] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79528 2014-10-16] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-24] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-25] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-25] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-25] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [91584 2017-02-26] (Malwarebytes)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3482600 2014-11-17] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [827096 2015-03-12] (Realsil Semiconductor Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-28 16:52 - 2017-02-28 16:52 - 00000000 ____D C:\Users\louis\.jssc
2017-02-28 16:25 - 2017-02-28 16:27 - 00552823 _____ C:\Users\louis\Downloads\ADC-master.zip
2017-02-28 16:19 - 2017-02-28 16:52 - 00000000 ____D C:\Users\louis\AppData\Local\Arduino15
2017-02-28 16:19 - 2017-02-28 16:19 - 00000000 ____D C:\Users\louis\Documents\Arduino
2017-02-28 16:19 - 2017-02-28 16:19 - 00000000 ____D C:\ProgramData\Oracle
2017-02-28 00:46 - 2017-02-28 00:46 - 00000000 ___SH C:\DkHyperbootSync
2017-02-27 13:05 - 2017-03-01 11:01 - 00000000 ____D C:\Users\louis\Downloads\FRST-OlderVersion
2017-02-27 12:15 - 2017-02-27 12:18 - 00738368 _____ (Oracle Corporation) C:\Users\louis\Desktop\jre-8u121-windows-i586-iftw.exe
2017-02-25 18:12 - 2017-02-25 18:12 - 00002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-25 18:12 - 2017-02-25 18:12 - 00002239 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-25 17:53 - 2017-02-25 18:12 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-25 17:53 - 2017-02-25 17:53 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-25 17:53 - 2017-02-25 17:53 - 00003372 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-25 17:49 - 2017-02-25 17:49 - 00002734 _____ C:\Users\louis\Desktop\Malwarebytes Export.txt
2017-02-25 15:47 - 2017-02-25 15:48 - 00038287 _____ C:\Users\louis\Desktop\Addition.txt
2017-02-25 15:46 - 2017-03-01 11:01 - 00000000 ____D C:\FRST
2017-02-25 15:46 - 2017-02-25 15:48 - 00545403 _____ C:\Users\louis\Desktop\FRST.txt
2017-02-25 15:44 - 2017-02-25 15:45 - 00003948 _____ C:\Users\louis\Desktop\Rkill.txt
2017-02-25 15:41 - 2017-02-27 13:05 - 02413568 _____ C:\Users\louis\Downloads\FRST64.exe
2017-02-25 15:41 - 2017-02-25 15:42 - 00912452 _____ C:\Users\louis\Downloads\rkill.zip
2017-02-25 15:40 - 2017-02-25 15:40 - 01129376 _____ (Google Inc.) C:\Users\louis\Downloads\ChromeSetup.exe
2017-02-25 15:33 - 2017-02-25 15:33 - 00014915 _____ C:\Users\louis\Downloads\5807adca2f7ac_AdwCleanerC0.txt
2017-02-25 15:25 - 2017-02-25 15:25 - 00000000 ____D C:\ProgramData\Reason
2017-02-25 15:24 - 2017-02-25 15:24 - 00003528 _____ C:\Windows\System32\Tasks\ReasonSecurityScheduledScan
2017-02-25 15:24 - 2017-02-25 15:24 - 00003388 _____ C:\Windows\System32\Tasks\ReasonSecurityStart
2017-02-25 15:23 - 2017-02-25 15:23 - 00000921 _____ C:\Users\Public\Desktop\Reason Core Security.lnk
2017-02-25 15:23 - 2017-02-25 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security
2017-02-25 15:23 - 2017-02-25 15:23 - 00000000 ____D C:\Program Files\Reason
2017-02-25 15:17 - 2017-02-25 15:20 - 06406240 _____ (Reason Software Company Inc.) C:\Users\louis\Downloads\reason-core-security-setup.exe
2017-02-24 17:12 - 2017-02-24 17:12 - 00000000 ____D C:\ProgramData\Sophos
2017-02-24 17:11 - 2017-02-24 17:11 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2017-02-24 17:11 - 2017-02-24 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2017-02-24 17:11 - 2017-02-24 17:11 - 00000000 ____D C:\Program Files (x86)\Sophos
2017-02-24 17:03 - 2017-02-24 17:11 - 162339664 _____ (Sophos Limited) C:\Users\louis\Downloads\Sophos Virus Removal Tool.exe
2017-02-24 15:57 - 2017-02-24 15:57 - 00000000 ____D C:\Users\louis\Documents\Apowersoft
2017-02-24 15:49 - 2017-02-24 15:57 - 00000000 ____D C:\Users\louis\AppData\Roaming\Apowersoft
2017-02-24 15:49 - 2017-02-24 15:57 - 00000000 ____D C:\Users\louis\AppData\Local\Apowersoft
2017-02-24 15:48 - 2017-02-24 15:49 - 01226104 _____ (Apowersoft Ltd. ) C:\Users\louis\Downloads\apowersoft-online-launcher.exe
2017-02-24 15:44 - 2017-02-24 15:45 - 02211840 _____ C:\Users\louis\Downloads\Movavi Screen Capture Studio 80 Activation Key Download With Crack.iso
2017-02-24 15:33 - 2017-02-24 15:33 - 00000000 ____D C:\Users\louis\AppData\Local\ScreenCapture
2017-02-24 15:33 - 2017-02-24 15:33 - 00000000 ____D C:\Users\louis\AppData\Local\Movavi
2017-02-24 15:33 - 2017-02-24 15:33 - 00000000 ____D C:\ProgramData\Movavi
2017-02-24 15:32 - 2017-02-24 15:32 - 00005082 _____ C:\ProgramData\nakuvtjg.ewu
2017-02-24 15:32 - 2017-02-24 15:32 - 00000016 _____ C:\ProgramData\mntemp
2017-02-24 15:32 - 2017-02-24 15:32 - 00000000 ____D C:\ProgramData\Movavi Screen Capture 8
2017-02-24 15:17 - 2017-02-24 15:30 - 57439864 _____ (Movavi) C:\Users\louis\Downloads\MovaviScreenRecorderSetupO.exe
2017-02-24 15:09 - 2017-02-25 11:02 - 00000000 ____D C:\Users\louis\Documents\ezvid
2017-02-24 14:58 - 2017-02-24 14:59 - 01002112 _____ (Ezvid, inc. ) C:\Users\louis\Downloads\ezvid1.003b04.exe
2017-02-24 14:49 - 2017-02-24 14:50 - 04286744 _____ (Microsoft Corporation) C:\Users\louis\Downloads\vcredist_x64 (2).exe
2017-02-24 14:49 - 2017-02-24 14:49 - 02688280 _____ (Microsoft Corporation) C:\Users\louis\Downloads\vcredist_x86 (2).exe
2017-02-24 14:44 - 2017-02-24 14:45 - 04880392 _____ (Microsoft Corporation) C:\Users\louis\Downloads\vcredist_x64 (1).exe
2017-02-24 14:43 - 2017-02-24 14:44 - 04131336 _____ (Microsoft Corporation) C:\Users\louis\Downloads\vcredist_x86 (1).exe
2017-02-24 14:40 - 2017-02-24 14:40 - 00000020 _____ C:\Users\louis\Downloads\CamStudio_Setup_v2.7.2_r326_(build_19Oct2013).exe
2017-02-24 14:38 - 2017-02-24 14:38 - 00000000 ____D C:\Users\louis\AppData\Roaming\NVIDIA
2017-02-24 14:34 - 2017-02-24 14:38 - 06504792 _____ (Microsoft Corporation) C:\Users\louis\Downloads\vcredist_x86.exe
2017-02-24 14:34 - 2017-02-24 14:38 - 01421648 _____ (Microsoft Corporation) C:\Users\louis\Downloads\vcredist_arm.exe
2017-02-24 11:34 - 2017-02-24 11:34 - 00993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-02-24 11:34 - 2017-02-24 11:34 - 00987848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-02-24 11:34 - 2017-02-24 11:34 - 00690016 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-02-24 11:34 - 2017-02-24 11:34 - 00484552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2017-02-24 11:34 - 2017-02-24 11:34 - 00030912 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-02-24 11:34 - 2017-02-24 11:34 - 00029376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-02-24 11:34 - 2017-02-24 11:34 - 00018600 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-02-24 11:34 - 2017-02-24 11:34 - 00018592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-02-24 11:21 - 2017-02-24 11:35 - 14456872 _____ (Microsoft Corporation) C:\Users\louis\Downloads\vc_redist.x86.exe
2017-02-24 11:20 - 2017-02-24 11:28 - 15301888 _____ (Microsoft Corporation) C:\Users\louis\Downloads\vc_redist.x64.exe
2017-02-24 11:15 - 2017-02-24 11:17 - 05718872 _____ (Microsoft Corporation) C:\Users\louis\Downloads\vcredist_x64.exe
2017-02-24 11:11 - 2017-02-24 11:31 - 62008080 _____ (Microsoft Corporation) C:\Users\louis\Downloads\NDP462-KB3151800-x86-x64-AllOS-ENU.exe
2017-02-24 11:03 - 2017-02-24 11:03 - 00292184 _____ (Microsoft Corporation) C:\Users\louis\Downloads\dxwebsetup.exe
2017-02-22 20:11 - 2017-02-25 15:42 - 00000000 ____D C:\Users\louis\AppData\Roaming\ZHP
2017-02-22 20:11 - 2017-02-22 20:11 - 00000877 _____ C:\Users\louis\Desktop\ZHPCleaner.lnk
2017-02-22 09:42 - 2017-02-22 09:42 - 00000687 _____ C:\Users\Public\Desktop\Far Cry - Primal.lnk
2017-02-21 20:34 - 2017-02-21 20:34 - 00000000 ____D C:\Users\louis\AppData\Local\Disc_Soft_Ltd
2017-02-21 20:33 - 2017-02-21 20:33 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-02-21 20:29 - 2017-02-21 20:29 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-21 20:10 - 2017-02-03 18:37 - 00093360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-21 20:10 - 2017-02-02 15:37 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-21 20:10 - 2017-01-18 15:35 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-21 20:10 - 2017-01-18 15:35 - 01286144 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-21 20:10 - 2017-01-18 15:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-21 20:10 - 2017-01-18 15:35 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-21 20:10 - 2017-01-18 15:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-21 20:10 - 2017-01-18 15:35 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-21 20:10 - 2017-01-18 15:35 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-21 20:10 - 2016-06-03 18:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-02-21 14:20 - 2017-02-21 14:20 - 00001835 _____ C:\Users\louis\Desktop\MirrorsEdgeCatalyst.exe - Raccourci.lnk
2017-02-21 13:03 - 2017-02-22 14:41 - 00000000 ____D C:\Users\louis\Documents\Mirrors Edge Catalyst
2017-02-21 12:51 - 2017-02-21 13:02 - 00000000 ____D C:\Program Files (x86)\Mirror's Edge Catalyst
2017-02-21 12:49 - 2017-02-21 12:49 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-02-21 12:49 - 2017-02-21 12:49 - 00000000 ____D C:\ProgramData\Origin
2017-02-21 12:48 - 2017-02-21 12:48 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-02-21 12:47 - 2017-02-24 15:45 - 00000000 ____D C:\Users\louis\AppData\Roaming\DAEMON Tools Lite
2017-02-21 12:47 - 2017-02-21 12:49 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-02-21 12:47 - 2017-02-21 12:47 - 00001787 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-02-21 12:47 - 2017-02-21 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-02-21 12:46 - 2017-02-21 12:46 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-02-20 22:59 - 2017-02-22 20:02 - 00000000 ____D C:\Users\louis\Downloads\Far.Cry.Primal.PC
2017-02-20 21:59 - 2017-02-22 10:04 - 00000000 ____D C:\Users\louis\Documents\CPY_SAVES
2017-02-20 21:57 - 2017-02-20 21:55 - 04015056 _____ C:\Users\louis\Desktop\adwcleaner_6.043 (2).exe
2017-02-20 21:42 - 2017-02-26 16:01 - 00000000 ____D C:\AdwCleaner
2017-02-20 16:52 - 2017-02-25 19:47 - 00000000 ____D C:\Users\louis\AppData\Roaming\vlc
2017-02-20 15:16 - 2017-02-20 15:16 - 00001223 _____ C:\Users\louis\Desktop\Uplay.lnk
2017-02-20 15:16 - 2017-02-20 15:16 - 00000000 ____D C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2017-02-20 15:16 - 2017-02-20 15:16 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2017-02-20 14:55 - 2017-02-20 14:55 - 00001428 _____ C:\Users\louis\Desktop\arduino.exe - Raccourci.lnk
2017-02-20 13:46 - 2017-02-20 22:38 - 00000000 ____D C:\Users\louis\AppData\Local\Ubisoft Game Launcher
2017-02-20 13:46 - 2017-02-20 13:46 - 00000000 ____D C:\cache
2017-02-20 13:44 - 2017-02-20 13:46 - 00000000 ____D C:\Program Files (x86)\Arduino
2017-02-20 12:59 - 2017-02-20 13:06 - 00000000 ____D C:\Program Files (x86)\Far Cry Primal
2017-02-18 15:49 - 2017-02-24 11:03 - 00000000 ____D C:\Windows\SysWOW64\directx
2017-02-18 15:06 - 2017-02-18 15:06 - 00000000 ____D C:\Users\louis\AppData\Roaming\WinRAR
2017-02-18 14:03 - 2017-02-18 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2017-02-18 12:37 - 2017-02-18 12:37 - 00001238 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
2017-02-18 12:36 - 2017-02-18 12:36 - 00003180 _____ C:\Windows\System32\Tasks\RtHDVBg_ListenToDevice
2017-02-18 12:32 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2017-02-18 12:32 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2017-02-18 12:32 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2017-02-18 12:32 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2017-02-18 12:28 - 2017-02-18 12:28 - 00001415 _____ C:\Users\louis\Desktop\Opera.lnk
2017-02-18 12:20 - 2017-02-28 23:40 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-18 12:20 - 2017-02-26 00:17 - 00001064 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-18 12:20 - 2017-02-18 12:20 - 00004022 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-18 12:20 - 2017-02-18 12:20 - 00003890 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-02-18 12:19 - 2017-02-18 12:19 - 00000000 ____D C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-18 12:19 - 2017-02-18 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-18 12:19 - 2017-02-18 12:19 - 00000000 ____D C:\Program Files (x86)\WinRAR
2017-02-18 12:13 - 2017-02-18 12:20 - 00000000 ____D C:\Users\louis\AppData\Local\Adobe
2017-02-18 12:11 - 2017-02-26 00:07 - 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-18 12:11 - 2017-02-25 17:46 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-18 12:11 - 2017-02-25 17:46 - 00110536 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-18 12:11 - 2017-02-25 17:46 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-18 12:11 - 2017-02-24 17:08 - 00176584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-18 12:11 - 2017-02-18 12:11 - 00001885 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-18 12:11 - 2017-02-18 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-18 12:11 - 2017-02-18 12:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-18 12:11 - 2017-02-18 12:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-18 12:11 - 2017-01-20 07:47 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-18 12:01 - 2017-02-25 15:42 - 00000000 ____D C:\ProgramData\Plusdax
2017-02-18 12:01 - 2017-02-18 12:01 - 00000000 ____D C:\Users\louis\AppData\Roaming\Mozilla
2017-02-18 12:01 - 2017-02-18 12:01 - 00000000 ____D C:\ProgramData\Plusdaxs
2017-02-18 11:57 - 2017-02-18 11:57 - 00021522 _____ C:\Windows\System32\Tasks\oTBzqdOfWA4l
2017-02-18 11:52 - 2017-02-18 11:52 - 00000000 ____D C:\Users\louis\AppData\Roaming\Drebpycerrerward
2017-02-18 11:51 - 2017-02-18 11:51 - 00000000 ____D C:\Users\louis\AppData\Local\Reodeght
2017-02-18 11:47 - 2017-02-22 20:02 - 00000000 ____D C:\Users\louis\Downloads\Mirrors.Edge.Catalyst-CPY
2017-02-18 11:47 - 2017-02-18 11:47 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-02-18 11:47 - 2017-02-18 11:47 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-02-18 11:47 - 2017-02-18 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-18 11:47 - 2017-02-18 11:47 - 00000000 ____D C:\Program Files\CCleaner
2017-02-18 11:45 - 2017-02-18 11:45 - 00001517 ___RS C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехрlorеr.lnk
2017-02-18 11:42 - 2017-02-18 12:27 - 00000000 ____D C:\Program Files\Google
2017-02-18 11:38 - 2017-02-25 18:39 - 00000000 ____D C:\Users\louis\AppData\Local\Google
2017-02-18 11:27 - 2017-02-22 10:29 - 00000000 ____D C:\Users\louis\AppData\Roaming\qBittorrent
2017-02-18 11:27 - 2017-02-18 11:29 - 00000000 ____D C:\Users\louis\AppData\Local\qBittorrent
2017-02-18 11:27 - 2017-02-18 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-02-18 11:27 - 2017-02-18 11:27 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2017-02-18 11:26 - 2017-02-18 11:26 - 00000000 ____D C:\Users\louis\AppData\Roaming\Skype
2017-02-18 11:26 - 2017-02-18 11:26 - 00000000 ____D C:\Users\louis\AppData\Local\Skype
2017-02-18 11:26 - 2014-11-17 21:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2017-02-18 11:26 - 2014-11-14 07:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2017-02-18 11:18 - 2015-06-09 23:39 - 00081920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2017-02-18 11:18 - 2015-06-09 23:39 - 00053248 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2017-02-18 11:18 - 2015-06-09 23:38 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2017-02-18 11:04 - 2017-02-06 20:41 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-18 11:04 - 2017-02-06 20:41 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-18 10:59 - 2017-02-21 20:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-18 10:11 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-18 10:11 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-18 01:12 - 2017-02-24 11:37 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-18 01:12 - 2017-02-24 11:37 - 00000000 ____D C:\Windows\system32\MRT
2017-02-18 01:02 - 2016-10-28 02:22 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-02-17 22:29 - 2017-02-17 22:29 - 00000222 _____ C:\Users\louis\Desktop\Rocket League.url
2017-02-17 22:28 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-02-17 22:28 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-02-17 22:28 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-02-17 22:28 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-02-17 22:28 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-02-17 22:28 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-02-17 22:28 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-02-17 22:28 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-02-17 22:28 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-02-17 22:28 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-02-17 22:28 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-02-17 22:28 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-02-17 22:28 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-02-17 22:28 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-02-17 22:28 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-02-17 22:28 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-02-17 22:28 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-02-17 22:28 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-02-17 22:28 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-02-17 22:28 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-02-17 22:28 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-02-17 22:28 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-02-17 22:28 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-02-17 22:28 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-02-17 22:28 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-02-17 22:28 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-02-17 22:28 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-02-17 22:28 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-02-17 22:28 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-02-17 22:28 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-02-17 22:28 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-02-17 22:28 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-02-17 22:28 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-02-17 22:28 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-02-17 22:28 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-02-17 22:28 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-02-17 22:28 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-02-17 22:28 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-02-17 22:28 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-02-17 22:28 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-02-17 22:28 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-02-17 22:28 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-02-17 22:28 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-02-17 22:28 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-02-17 22:28 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-02-17 22:28 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-02-17 22:28 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-02-17 22:28 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-02-17 22:28 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-02-17 22:28 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-02-17 22:28 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-02-17 22:28 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-02-17 22:28 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-02-17 22:28 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-02-17 22:28 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-02-17 22:28 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-02-17 22:28 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-02-17 22:28 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-02-17 22:28 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-02-17 22:28 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-02-17 22:28 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-02-17 22:28 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-02-17 22:28 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-02-17 22:28 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-02-17 22:28 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-02-17 22:28 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-02-17 22:28 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-02-17 22:28 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-02-17 22:28 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-02-17 22:28 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-02-17 22:28 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-02-17 22:28 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-02-17 22:28 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-02-17 22:28 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-02-17 22:28 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-02-17 22:28 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-02-17 22:28 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-02-17 22:28 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-02-17 22:28 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-02-17 22:28 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-02-17 22:28 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-02-17 22:28 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-02-17 22:28 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-02-17 22:28 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-02-17 22:28 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-02-17 22:28 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-02-17 22:28 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-02-17 22:28 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-02-17 22:28 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-02-17 22:28 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-02-17 22:28 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-02-17 22:28 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-02-17 22:28 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-02-17 22:28 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-02-17 22:28 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-02-17 22:28 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-02-17 22:28 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-02-17 22:28 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-02-17 22:28 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-02-17 22:28 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-02-17 22:28 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-02-17 22:28 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-02-17 22:28 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-02-17 22:28 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-02-17 22:28 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-02-17 22:28 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-02-17 22:28 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-02-17 22:28 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-02-17 22:28 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-02-17 22:28 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-02-17 22:28 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-02-17 22:28 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-02-17 22:28 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-02-17 22:28 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-02-17 22:28 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-02-17 22:28 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-02-17 22:28 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-02-17 22:28 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-02-17 22:28 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-02-17 22:28 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-02-17 22:28 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-02-17 22:28 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-02-17 22:28 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-02-17 22:28 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-02-17 22:28 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-02-17 22:28 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-02-17 22:28 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-02-17 22:28 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-02-17 22:28 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-02-17 22:28 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-02-17 22:28 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-02-17 22:28 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-02-17 22:28 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-02-17 22:28 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-02-17 22:28 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-02-17 22:28 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-02-17 22:28 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-02-17 22:28 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-02-17 22:28 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-02-17 22:28 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-02-17 22:28 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-02-17 22:28 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-02-17 22:28 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-02-17 22:28 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-02-17 22:28 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-02-17 22:28 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-02-17 22:28 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-02-17 22:28 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-02-17 22:28 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-02-17 22:28 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-02-17 22:28 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-02-17 22:28 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-02-17 22:28 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-02-17 22:28 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-02-17 22:28 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-02-17 22:28 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-02-17 22:28 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-02-17 22:28 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-02-17 22:28 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-02-17 22:28 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-02-17 22:28 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-02-17 22:28 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-02-17 22:28 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-02-17 22:28 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-02-17 22:28 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-02-17 22:28 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-02-17 22:28 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-02-17 22:28 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-02-17 22:28 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-02-17 22:28 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-02-17 22:28 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-02-17 22:28 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-02-17 22:28 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-02-17 22:28 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-02-17 22:28 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-02-17 22:28 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-02-17 22:28 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-02-17 22:28 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-02-17 22:28 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-02-17 22:28 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-02-17 22:28 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-02-17 22:28 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-02-17 22:26 - 2017-02-17 22:30 - 00000000 ____D C:\Users\louis\AppData\Local\Steam
2017-02-17 22:26 - 2017-02-17 22:26 - 00000000 ____D C:\Users\louis\AppData\Local\CEF
2017-02-17 22:22 - 2017-02-17 22:22 - 00001338 _____ C:\Users\louis\Desktop\iTunes.lnk
2017-02-17 22:05 - 2017-02-17 22:05 - 00000000 ____D C:\Users\louis\AppData\Roaming\Opera Software
2017-02-17 22:05 - 2017-02-17 22:05 - 00000000 ____D C:\Users\louis\AppData\Local\Opera Software
2017-02-17 22:04 - 2017-03-01 10:59 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-17 20:38 - 2017-02-17 20:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-17 20:10 - 2017-02-24 14:38 - 00000000 ____D C:\Users\louis\Documents\My Games
2017-02-17 20:10 - 2017-02-17 20:10 - 00000000 ____D C:\Users\louis\Documents\orientation_etudiant
2017-02-17 19:48 - 2017-02-17 19:48 - 00000000 ____D C:\Users\louis\AppData\Roaming\WildTangent
2017-02-17 19:44 - 2017-02-17 20:10 - 00000000 ____D C:\Users\louis\Documents\Création vidéo
2017-02-17 19:44 - 2017-02-17 19:44 - 00000000 ____D C:\Users\louis\Documents\Création PARTITION
2017-02-17 19:43 - 2017-02-18 15:58 - 00000000 ____D C:\Users\louis\Desktop\The Binding of Isaac Rebirth
2017-02-17 19:43 - 2017-02-17 19:44 - 00000000 ____D C:\Users\louis\Documents\création mp3
2017-02-17 19:43 - 2017-02-17 19:43 - 00000000 ____D C:\Users\louis\Documents\SavedGames
2017-02-17 19:43 - 2017-02-17 19:43 - 00000000 ____D C:\Users\louis\Documents\part piano
2017-02-17 19:43 - 2017-02-17 19:43 - 00000000 ____D C:\Users\louis\Desktop\SWProxy-windows
2017-02-17 19:42 - 2017-02-17 19:43 - 00000000 ____D C:\Users\louis\Desktop\arduinoFFT-master
2017-02-17 19:41 - 2017-02-24 16:53 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-17 19:41 - 2017-02-17 19:41 - 00000981 _____ C:\Users\Public\Desktop\Steam.lnk
2017-02-17 19:41 - 2017-02-17 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-17 19:34 - 2017-02-18 11:47 - 00000000 __SHD C:\Users\louis\AppData\LocalLow\EmieUserList
2017-02-17 19:34 - 2017-02-18 11:47 - 00000000 __SHD C:\Users\louis\AppData\Local\EmieUserList
2017-02-17 19:34 - 2017-02-18 11:47 - 00000000 __SHD C:\Users\louis\AppData\Local\EmieSiteList
2017-02-17 19:33 - 2017-03-01 10:58 - 00003924 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{581343D2-35A1-4DD5-9A47-253E59858607}
2017-02-17 19:33 - 2017-02-18 11:47 - 00000000 __SHD C:\Users\louis\AppData\LocalLow\EmieSiteList
2017-02-17 19:27 - 2017-03-01 11:02 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3281780549-2720448312-3182299040-1002
2017-02-17 19:27 - 2017-02-17 19:27 - 00000000 ____D C:\Users\louis\AppData\Roaming\WebStorage
2017-02-17 19:27 - 2017-02-17 19:27 - 00000000 ____D C:\Users\louis\AppData\Roaming\Macromedia
2017-02-17 19:23 - 2017-03-01 10:57 - 00001503 _____ C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk
2017-02-17 19:23 - 2017-03-01 10:57 - 00000000 ___RD C:\Users\louis\OneDrive
2017-02-17 19:22 - 2017-02-17 19:22 - 00000000 ____D C:\Users\louis\Documents\Mes fichiers reçus
2017-02-17 19:22 - 2017-02-17 19:22 - 00000000 ____D C:\Users\louis\AppData\Roaming\ASUS
2017-02-17 19:22 - 2017-02-17 19:22 - 00000000 ____D C:\Users\louis\AppData\Local\NVIDIA
2017-02-17 19:21 - 2017-03-01 10:57 - 00000165 _____ C:\Users\louis\AppData\Roaming\sp_data.sys
2017-02-17 19:20 - 2017-02-28 16:52 - 00000000 ____D C:\Users\louis
2017-02-17 19:20 - 2017-02-24 20:32 - 00001476 ____H C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-17 19:20 - 2017-02-20 04:33 - 00000000 ____D C:\Users\louis\AppData\Local\Packages
2017-02-17 19:20 - 2017-02-17 19:20 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-17 19:20 - 2017-02-17 19:20 - 00000020 ___SH C:\Users\louis\ntuser.ini
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 _SHDL C:\Users\louis\Voisinage réseau
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 _SHDL C:\Users\louis\Voisinage d'impression
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 _SHDL C:\Users\louis\Modèles
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 _SHDL C:\Users\louis\Mes documents
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 _SHDL C:\Users\louis\Menu Démarrer
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 _SHDL C:\Users\louis\Documents\Mes vidéos
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 _SHDL C:\Users\louis\Documents\Mes images
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 _SHDL C:\Users\louis\Documents\Ma musique
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 _SHDL C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 _SHDL C:\Users\louis\AppData\Local\Historique
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 __SHD C:\Users\louis\IntelGraphicsProfiles
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 ____D C:\Users\louis\AppData\Roaming\Intel
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 ____D C:\Users\louis\AppData\Roaming\Adobe
2017-02-17 19:20 - 2017-02-17 19:20 - 00000000 ____D C:\Users\louis\AppData\Local\VirtualStore
2017-02-17 19:20 - 2014-03-18 16:27 - 00000369 _____ C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2017-02-17 19:20 - 2014-03-18 16:27 - 00000369 _____ C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-02-15 14:18 - 2017-02-15 14:18 - 00285184 ____H C:\Windows\system32\BITEBF6.tmp
2017-02-15 14:18 - 2017-02-15 14:18 - 00285184 ____H C:\Windows\system32\BIT3BFC.tmp
2017-02-15 14:18 - 2017-02-15 14:18 - 00285184 ____H C:\Windows\system32\BIT1A79.tmp
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Public\Documents\Mes vidéos
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Public\Documents\Mes images
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Public\Documents\Ma musique
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default\Voisinage réseau
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default\Voisinage d'impression
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default\Modèles
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default\Mes documents
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default\Menu Démarrer
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default\Documents\Mes vidéos
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default\Documents\Mes images
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default\Documents\Ma musique
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default\AppData\Local\Historique
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default User\Documents\Mes vidéos
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default User\Documents\Mes images
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default User\Documents\Ma musique
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Historique
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\ProgramData\Modèles
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\ProgramData\Menu Démarrer
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\ProgramData\Bureau
2017-02-07 08:51 - 2017-02-07 08:51 - 00000000 _SHDL C:\Program Files\Fichiers communs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-28 16:19 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-02-27 16:31 - 2014-10-29 13:12 - 00813248 _____ C:\Windows\system32\perfh00C.dat
2017-02-27 16:31 - 2014-10-29 13:12 - 00159750 _____ C:\Windows\system32\perfc00C.dat
2017-02-27 16:31 - 2014-03-18 16:26 - 01826754 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-27 16:24 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-27 16:24 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2017-02-24 14:38 - 2014-10-29 07:25 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-24 14:33 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-24 14:25 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2017-02-23 23:34 - 2014-10-29 13:01 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2017-02-23 23:34 - 2014-03-18 15:58 - 00000000 ____D C:\Windows\SysWOW64\winrm
2017-02-23 23:34 - 2014-03-18 15:58 - 00000000 ____D C:\Windows\SysWOW64\WCN
2017-02-23 23:34 - 2014-03-18 15:58 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2017-02-23 23:34 - 2014-03-18 15:58 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2017-02-23 23:34 - 2014-03-18 15:58 - 00000000 ____D C:\Windows\system32\winrm
2017-02-23 23:34 - 2014-03-18 15:58 - 00000000 ____D C:\Windows\system32\WCN
2017-02-23 23:34 - 2014-03-18 15:58 - 00000000 ____D C:\Windows\system32\slmgr
2017-02-23 23:34 - 2014-03-18 15:58 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ___SD C:\Windows\system32\dsc
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\MUI
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\migwiz
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Com
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\IME
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Help
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-23 23:34 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-23 23:34 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-02-23 23:34 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-23 23:34 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Sysprep
2017-02-23 23:34 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\oobe
2017-02-23 23:34 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Dism
2017-02-22 01:13 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppCompat
2017-02-21 01:57 - 2013-08-22 15:44 - 00337928 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-21 01:56 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\servicing
2017-02-21 01:55 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2017-02-21 01:55 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\en-GB
2017-02-20 22:14 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2017-02-20 04:39 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2017-02-19 12:36 - 2015-03-23 13:21 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-19 02:29 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-18 21:16 - 2015-03-23 13:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-18 12:36 - 2015-03-23 13:24 - 00317061 _____ C:\Windows\system32\Drivers\RTWAVES40.dat
2017-02-18 12:36 - 2015-03-23 13:24 - 00006786 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat
2017-02-18 12:36 - 2015-03-23 13:24 - 00003148 _____ C:\Windows\System32\Tasks\RTKCPL
2017-02-18 12:36 - 2015-03-23 13:24 - 00002626 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat
2017-02-18 12:36 - 2015-03-23 13:24 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-02-18 12:32 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2017-02-18 12:19 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-18 12:19 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-18 11:01 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2017-02-18 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-02-18 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-02-18 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-02-18 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\setup
2017-02-18 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\MediaViewer
2017-02-18 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\FileManager
2017-02-18 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Camera
2017-02-18 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-02-18 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-02-18 10:59 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-18 10:59 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-02-18 10:59 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-02-18 10:58 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-18 01:35 - 2013-08-22 16:36 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2017-02-18 01:35 - 2013-08-22 16:36 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2017-02-17 21:20 - 2015-03-23 13:42 - 00000000 ____D C:\ProgramData\McAfee
2017-02-17 19:48 - 2014-10-29 07:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-17 19:48 - 2014-10-29 07:26 - 00000000 ____D C:\ProgramData\WildTangent
2017-02-17 19:48 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-17 19:45 - 2014-10-29 07:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-02-17 19:45 - 2014-10-29 07:25 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-02-17 19:24 - 2017-01-10 16:26 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-17 19:22 - 2017-01-10 16:27 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2017-02-17 19:14 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2017-02-17 19:21 - 2017-03-01 10:57 - 0000165 _____ () C:\Users\louis\AppData\Roaming\sp_data.sys
2015-03-23 13:24 - 2015-03-23 13:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-02-24 15:32 - 2017-02-24 15:32 - 0000016 _____ () C:\ProgramData\mntemp
2017-02-24 15:32 - 2017-02-24 15:32 - 0005082 _____ () C:\ProgramData\nakuvtjg.ewu
2014-10-29 07:25 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-29 07:25 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-10-29 07:25 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-28 14:25

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2017 01
Ran by louis (01-03-2017 11:02:19)
Running from C:\Users\louis\Downloads\FRST-OlderVersion
Windows 8.1 (Update) (X64) (2017-02-17 18:20:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrateur (S-1-5-21-3281780549-2720448312-3182299040-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-3281780549-2720448312-3182299040-1004 - Limited - Enabled)
Invité (S-1-5-21-3281780549-2720448312-3182299040-501 - Limited - Disabled)
louis (S-1-5-21-3281780549-2720448312-3182299040-1002 - Administrator - Enabled) => C:\Users\louis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Apowersoft Online Launcher version 1.4.6 (HKLM-x32\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.6 - APOWERSOFT LIMITED)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 3.0.10 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.05.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.1 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.29 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
ExpressCache (HKLM\...\{44EAE7F6-8BBF-4C3F-A573-3CD5A3C067FA}) (Version: 1.3.110.0 - Condusiv Technologies)
Far Cry: Primal (HKLM-x32\...\Far Cry: Primal_is1) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.28.1006 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4062 - Intel Corporation)
Intel® Wireless Bluetooth®(patch version 17.1.1440.2) (HKLM\...\{302600C1-6BDF-4FD1-1409-148929CC1385}) (Version: 17.1.1409.0486 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{9bffdf20-c3a3-4e93-9cbf-61712c6a38be}) (Version: 17.13.2 - Intel Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 1.6.4882.94 - Waves Audio Ltd.) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4641.3004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{9B3F0A88-790D-3AD9-9F96-B19CF2746452}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{4549ceb8-695a-42eb-a183-4820d542a15f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mises à jour NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA Pilote graphique 359.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.46 - NVIDIA Corporation)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
Panneau de configuration NVIDIA 359.46 (Version: 359.46 - NVIDIA Corporation) Hidden
PixelMaster Video HDR (HKLM\...\{65302154-AAF6-4020-A070-76CAA9CEC8D3}) (Version: 1.1.23 - ASUS)
qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21260 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8051 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.2.0.1 - Reason Software Company Inc.)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 15.0 - Ubisoft)
Windows Driver Package - ASUS (ATP) Mouse (10/30/2014 1.0.0.230) (HKLM\...\52EDDD14D2DC9D32A2EA2720C02CBB9E354F8DE2) (Version: 10/30/2014 1.0.0.230 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WinRAR 5.21 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {100CFFAE-A9B9-45CA-AC5A-99BC49E87A94} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {11A63C2B-8AC5-4082-9BC1-396B321B0D3F} - System32\Tasks\oTBzqdOfWA4l => otbzqdofwa4l.exe
Task: {184A54C6-6754-4585-AF1F-9A0BC578399E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-25] (Google Inc.)
Task: {28A56FCC-F921-478A-8375-D2FAB137B934} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-11-05] (ASUS)
Task: {3428B591-2A57-4A47-B7E5-C813328C3DEB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-18] (Adobe Systems Incorporated)
Task: {36E27157-D0DB-4D2D-A708-3BCE4417161E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {448F3144-E147-4D04-94D1-B3B33A07124A} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2017-01-25] (Realtek Semiconductor)
Task: {5BD4C71B-FA1A-403C-95B6-DE2F6011CC91} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-18] (Adobe Systems Incorporated)
Task: {66020FA0-59B5-4623-85C9-F5622370E77B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-25] (Google Inc.)
Task: {67379270-78C6-432B-81F0-34DCF4341706} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-12-17] (ASUSTek Computer Inc.)
Task: {7A3597D9-9FAE-4B06-B78D-E5042B286852} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-11-21] (AsusTek)
Task: {8DC7F65B-909B-4729-8DAC-BAD43D91030E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-01-25] (Realtek Semiconductor)
Task: {BBCEB24F-FAB8-43DD-B799-A1D20CB1EC21} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-01-25] (Realtek Semiconductor)
Task: {D343954C-8A9A-4394-98B3-EF48C5F2A8A9} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2016-09-30] (Reason Software Company Inc.)
Task: {D508C36E-047F-4956-B505-277266C381C9} - System32\Tasks\Opera scheduled Autoupdate 1451404714 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {F9BC5A23-2EC1-4D4D-A3BF-0A590959DB92} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {FBD0CF79-B55C-4B7A-B9FB-01A2DC5F452F} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2016-09-30] (Reason Software Company Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехрlorеr.lnk -> C:\Users\louis\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\louis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnet Eхplоrеr Browser.lnk -> C:\Users\louis\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\louis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Eхplorеr.lnk -> C:\Users\louis\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2017-02-25 15:25 - 2017-02-25 15:27 - 00303896 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe
2015-03-23 13:21 - 2016-02-15 08:26 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-09 12:45 - 2014-12-15 06:26 - 00392592 _____ () C:\Windows\system32\igfxTray.exe
2017-02-25 15:25 - 2017-02-25 15:27 - 00625432 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe
2017-02-18 00:41 - 2017-02-18 00:42 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-03-23 13:42 - 2013-05-15 15:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2014-09-03 12:03 - 2014-09-03 12:03 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-11-05 13:44 - 2014-11-05 13:44 - 00037424 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-11-05 13:44 - 2014-11-05 13:44 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2017-02-23 23:42 - 2017-02-23 23:42 - 39820888 _____ () C:\Program Files (x86)\Opera\43.0.2442.991\opera_browser.dll
2017-02-23 23:42 - 2017-02-23 23:42 - 45854808 _____ () C:\Program Files (x86)\Opera\43.0.2442.991\opera_child.dll
2017-02-23 23:42 - 2017-02-23 23:42 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.991\libglesv2.dll
2017-02-23 23:42 - 2017-02-23 23:42 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.991\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2017-02-27 16:24 - 00009823 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com 104.131.26.227 beacon.krxd.net
104.131.26.227 beacon.walmart.com
104.131.26.227 c.amazon-adsystem.com
104.131.26.227 c.vepxl1.net
104.131.26.227 c2.taboola.com
104.131.26.227 cdn.3lift.com
104.131.26.227 cdn.admixer.net
104.131.26.227 cdn.brcdn.com
104.131.26.227 cdn.cxense.com
104.131.26.227 cdn.interactivemedia.ne
104.131.26.227 cdn.krxd.net
104.131.26.227 cdn.lenmit.com
104.131.26.227 cdn.livefyre.com
104.131.26.227 cdn.m-pathy.com
104.131.26.227 cdn.mathjax.org
104.131.26.227 cdn.mxpnl.com
104.131.26.227 cdn.onthe.io
104.131.26.227 cdn.optimizely.com
104.131.26.227 cdn.prom.st
104.131.26.227 cdn.pushwoosh.com
104.131.26.227 cdn.scarabresearch.com
104.131.26.227 cdn.taboola.com
104.131.26.227 cdn.taplytics.com
104.131.26.227 cdn.tt.omtrdc.net
104.131.26.227 cdn.unid.go.com
104.131.26.227 cdn1.graphiq.com
104.131.26.227 cdn3.optimizely.com
104.131.26.227 cdnjs.cloudflare.com
104.131.26.227 cdnssl.clicktale.net
104.131.26.227 comet.yahoo.com
104.131.26.227 consent.truste.com
104.131.26.227 content.adriver.ru
104.131.26.227 contextual.media.net
104.131.26.227 cstatic.weborama.fr
104.131.26.227 d134l0cdryxgwa.cloudfront.net
104.131.26.227 d2oh4tlt9mrke9.cloudfront.net
104.131.26.227 dpm.demdex.net
104.131.26.227 e.monetate.net
104.131.26.227 edge.quantserve.com
104.131.26.227 edx-uk.s3ae.com
104.131.26.227 eu-services.babator.com
104.131.26.227 fc.yahoo.com
104.131.26.227 gaua.hit.gemius.pl
104.131.26.227 gde-default.hit.gemius.pl
104.131.26.227 go.flx1.com
104.131.26.227 googleadservices.com
104.131.26.227 hpr.outbrain.com
104.131.26.227 i.cricketcb.com
104.131.26.227 i.tfag.de
104.131.26.227 ib.adnxs.com
104.131.26.227 imagesrv.adition.com
104.131.26.227 img.imgsmail.ru
104.131.26.227 img7.auto.ria.com
104.131.26.227 j.ophan.co.uk
104.131.26.227 js-agent.newrelic.com
104.131.26.227 js-sec.indexww.com
104.131.26.227 js.revsci.net
104.131.26.227 js.ui-portal.de
104.131.26.227 kamradamnaradost.ru
104.131.26.227 kpmediagaua.hit.gemius.pl
104.131.26.227 level1cdn.com
104.131.26.227 mc.yandex.ru
104.131.26.227 ml314.com
104.131.26.227 mtrx.go.sonobi.com
104.131.26.227 ninja.onap.io
104.131.26.227 o.aolcdn.com
104.131.26.227 odb.outbrain.com
104.131.26.227 ok-bar.love.mail.ru
104.131.26.227 ok-portal.mail.ru
104.131.26.227 optimize-stats.voxmedia.com
104.131.26.227 p.d.0fmm.com
104.131.26.227 p.t-online.de
104.131.26.227 pagead2.googlesyndication.com
104.131.26.227 peermapcontent.affino.com
104.131.26.227 pixel.vihub.ru
104.131.26.227 psma02.com
104.131.26.227 px.adhigh.net
104.131.26.227 qs.ioam.de
104.131.26.227 qsc.ec.quoracdn.net
104.131.26.227 rma-api.gravity.com
104.131.26.227 rtax.criteo.com
104.131.26.227 rum-static.pingdom.net
104.131.26.227 s1.olx.ua
104.131.26.227 s290.mxcdn.net
104.131.26.227 s7.addthis.com
104.131.26.227 sb.scorecardresearch.com
104.131.26.227 script.ioam.de
104.131.26.227 scripts.sophus3.com
104.131.26.227 seccdn-gl.imrworldwide.com
104.131.26.227 secure-au.imrworldwide.com

There are 71 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\louis\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\sans_by_tsaoshin-d9lah3n.png
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "NvBackend"
HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\...\StartupApproved\Run: => "pVRrlz6fJr"
HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D48F6F7F-BD46-41F0-BD6B-37F58504FF32}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FA91B3FA-BBF4-4569-BB65-F371C4E1EBDA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{956ACCAA-701C-4EA2-82BE-D9A51D3FD2A6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0EBBEF7A-B2C1-41EF-8DFE-6001AEFC3FF2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{9EDF39AD-BB70-4977-A3B9-4B57C6E2E9F0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{48007763-7937-409D-9FC3-8FF9EE3A19DB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2695B905-49C6-4AAE-A2E3-53DE5F9B092F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{37DB9A49-0A73-4494-9E62-4E90803F52B7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{90376447-F3CA-41DC-AE97-C7448537F779}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [UDP Query User{63EBC80E-BD2A-4395-A9A0-339EC355B079}C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{1A79306B-599B-4B35-9A5E-B0ABC7B08525}] => (Allow) C:\Users\louis\Downloads\uTorrent.exe
FirewallRules: [{BA74D077-C9B4-4795-BA93-5E0F2305BA21}] => (Allow) C:\Users\louis\Downloads\uTorrent.exe
FirewallRules: [{0B878187-D61B-4632-AB48-9FCCC470F661}] => (Allow) C:\Users\louis\Downloads\uTorrent.exe
FirewallRules: [{1750248A-36B9-4B4C-858F-E46403FEEF00}] => (Allow) C:\Users\louis\Downloads\uTorrent.exe
FirewallRules: [{37183E86-B08B-46F6-A3D4-4430CBE2126C}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5C84F946-B49D-4A29-8D27-C298B1AB5D80}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{CC2B7AE1-AFF2-4241-AA08-89669CFCBC14}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{09A9B04B-8BA5-48C0-8E04-C72466F595C1}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{693D398E-359E-42F8-8EF9-E958D7D1697C}D:\games\far cry - primal\bin\fcprimal.exe] => (Allow) D:\games\far cry - primal\bin\fcprimal.exe
FirewallRules: [UDP Query User{91DCAA22-62FB-4FC0-A6F9-46A2D55AC7BE}D:\games\far cry - primal\bin\fcprimal.exe] => (Allow) D:\games\far cry - primal\bin\fcprimal.exe
FirewallRules: [{48C5CD08-D38A-41A5-9C3C-D0C68CF202E2}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{DCC4014A-A6E2-42CB-8C39-F89672297108}] => (Allow) C:\Users\louis\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
FirewallRules: [{8156564D-FBB9-4BCE-82B3-78E9BAA6461C}] => (Allow) C:\Users\louis\AppData\Local\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
FirewallRules: [{8639B211-E1A6-4B34-B1A8-C4C9505875CB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{74D9BD77-7262-483D-8540-2481F0CE9F49}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{F8FB4492-F9D1-472B-B049-CCCB35391A54}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{5757C000-CDAD-4CEB-BD1E-E0D8B5E7078F}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe

==================== Restore Points =========================

28-02-2017 14:48:31 Point de contrôle planifié

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2017 02:10:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante rsUI.exe, version : 1.2.0.0, horodatage : 0x57edb6ed
Nom du module défaillant : LSASRV.dll, version : 6.3.9600.18512, horodatage : 0x57f9715e
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000004f2da
ID du processus défaillant : 0x698
Heure de début de l’application défaillante : 0x01d2910dd5d1cb40
Chemin d’accès de l’application défaillante : C:\Program Files\Reason\Security\rsUI.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\LSASRV.dll
ID de rapport : a30a724b-fd52-11e6-8271-d8fc93798bf4
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (02/28/2017 02:00:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante rsUI.exe, version : 1.2.0.0, horodatage : 0x57edb6ed
Nom du module défaillant : LSASRV.dll, version : 6.3.9600.18512, horodatage : 0x57f9715e
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000004f2da
ID du processus défaillant : 0x698
Heure de début de l’application défaillante : 0x01d2910dd5d1cb40
Chemin d’accès de l’application défaillante : C:\Program Files\Reason\Security\rsUI.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\LSASRV.dll
ID de rapport : 5558c586-fd51-11e6-8271-d8fc93798bf4
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (02/27/2017 12:49:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme FRST64.exe version 25.2.2017.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : 15a4

Heure de début : 01d290ee8bebcfad

Heure de fin : 15

Chemin d’accès de l’application : C:\Users\louis\Downloads\FRST64.exe

ID de rapport : d553f05a-fce2-11e6-8270-d8fc93798bf4

Nom complet du package défaillant :

ID de l’application relative au package défaillant :

Error: (02/26/2017 04:59:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Échec de la procédure d’ouverture pour le service « BITS » dans la DLL « C:\Windows\System32\bitsperf.dll ». Les données de performance de ce service ne seront pas disponibles. Le premier mot (DWORD) de la section Données contient le code d’erreur.

Error: (02/25/2017 03:40:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante rsUI.exe, version : 1.2.0.0, horodatage : 0x57edb6ed
Nom du module défaillant : LSASRV.dll, version : 6.3.9600.18512, horodatage : 0x57f9715e
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000004f2da
ID du processus défaillant : 0x1908
Heure de début de l’application défaillante : 0x01d28f73b403c780
Chemin d’accès de l’application défaillante : C:\Program Files\Reason\Security\rsUI.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\LSASRV.dll
ID de rapport : 61ccc5bb-fb68-11e6-826e-d8fc93798bf4
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (02/25/2017 03:38:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante rsUI.exe, version : 1.2.0.0, horodatage : 0x57edb6ed
Nom du module défaillant : LSASRV.dll, version : 6.3.9600.18512, horodatage : 0x57f9715e
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000004f2da
ID du processus défaillant : 0x1908
Heure de début de l’application défaillante : 0x01d28f73b403c780
Chemin d’accès de l’application défaillante : C:\Program Files\Reason\Security\rsUI.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\LSASRV.dll
ID de rapport : 1f2e9730-fb68-11e6-826e-d8fc93798bf4
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (02/25/2017 03:33:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante rsUI.exe, version : 1.2.0.0, horodatage : 0x57edb6ed
Nom du module défaillant : LSASRV.dll, version : 6.3.9600.18512, horodatage : 0x57f9715e
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000004f2da
ID du processus défaillant : 0x1908
Heure de début de l’application défaillante : 0x01d28f73b403c780
Chemin d’accès de l’application défaillante : C:\Program Files\Reason\Security\rsUI.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\LSASRV.dll
ID de rapport : 68837890-fb67-11e6-826e-d8fc93798bf4
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (02/25/2017 03:30:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante rsUI.exe, version : 1.2.0.0, horodatage : 0x57edb6ed
Nom du module défaillant : LSASRV.dll, version : 6.3.9600.18512, horodatage : 0x57f9715e
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000004f2da
ID du processus défaillant : 0x1908
Heure de début de l’application défaillante : 0x01d28f73b403c780
Chemin d’accès de l’application défaillante : C:\Program Files\Reason\Security\rsUI.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\LSASRV.dll
ID de rapport : f994b44b-fb66-11e6-826e-d8fc93798bf4
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (02/25/2017 03:28:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante rsUI.exe, version : 1.2.0.0, horodatage : 0x57edb6ed
Nom du module défaillant : LSASRV.dll, version : 6.3.9600.18512, horodatage : 0x57f9715e
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000004f2da
ID du processus défaillant : 0x17ec
Heure de début de l’application défaillante : 0x01d28f72cedd68e8
Chemin d’accès de l’application défaillante : C:\Program Files\Reason\Security\rsUI.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\LSASRV.dll
ID de rapport : a198ee60-fb66-11e6-826e-d8fc93798bf4
Nom complet du package défaillant :
ID de l’application relative au package défaillant :

Error: (02/25/2017 03:25:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante rsUI.exe, version : 1.2.0.0, horodatage : 0x57edb6ed
Nom du module défaillant : LSASRV.dll, version : 6.3.9600.18512, horodatage : 0x57f9715e
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000000000004f2da
ID du processus défaillant : 0x17ec
Heure de début de l’application défaillante : 0x01d28f72cedd68e8
Chemin d’accès de l’application défaillante : C:\Program Files\Reason\Security\rsUI.exe
Chemin d’accès du module défaillant: C:\Windows\SYSTEM32\LSASRV.dll
ID de rapport : 488d7321-fb66-11e6-826e-d8fc93798bf4
Nom complet du package défaillant :
ID de l’application relative au package défaillant :


System errors:
=============
Error: (02/27/2017 01:00:51 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Les clichés instantanés du volume C: ont été annulés car le stockage du cliché instantané n’a pas pu s’agrandir en raison d’une limite utilisateur.

Error: (02/25/2017 03:49:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN s’est arrêté de façon inattendue.

Chemin d’accès du module : C:\Windows\System32\IWMSSvc.dll

Error: (02/25/2017 03:49:20 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN s’est arrêté de façon inattendue.

Chemin d’accès du module : C:\Windows\System32\IWMSSvc.dll

Error: (02/25/2017 03:49:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d’extensibilité WLAN s’est arrêté de façon inattendue.

Chemin d’accès du module : C:\Windows\System32\IWMSSvc.dll

Error: (02/25/2017 03:49:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Cliché instantané des volumes s’est terminé de façon inattendue pour la 1ème fois.

Error: (02/25/2017 03:49:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service rscp s’est terminé de façon inattendue pour la 1ème fois.

Error: (02/25/2017 03:49:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Reason Core Security Engine Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (02/25/2017 03:49:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Service Partage réseau du Lecteur Windows Media s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Error: (02/25/2017 03:49:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Intel® Dynamic Application Loader Host Interface Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (02/25/2017 03:49:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Bluetooth OBEX Service s’est terminé de façon inattendue pour la 1ème fois.


CodeIntegrity:
===================================
Date: 2017-02-28 14:26:03.555
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-27 12:13:10.557
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-26 13:27:34.871
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-25 05:34:47.555
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-22 04:36:30.793
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-18 09:52:35.211
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 33%
Total physical RAM: 8081.04 MB
Available physical RAM: 5407.91 MB
Total Virtual: 9361.04 MB
Available Virtual: 6719.92 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:372.6 GB) (Free:218.08 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:542.8 GB) (Free:522.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A01DE705)

Partition: GPT.

========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: A01DE719)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 01 March 2017 - 10:58 AM.
Posted modified logs


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 01 March 2017 - 12:36 PM

Thank you for your patience while I reviewed the information you provided.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
2017-02-18 11:57 - 2017-02-18 11:57 - 00021522 _____ C:\Windows\System32\Tasks\oTBzqdOfWA4l
2017-02-18 11:52 - 2017-02-18 11:52 - 00000000 ____D C:\Users\louis\AppData\Roaming\Drebpycerrerward
2017-02-18 11:51 - 2017-02-18 11:51 - 00000000 ____D C:\Users\louis\AppData\Local\Reodeght
2017-02-15 14:18 - 2017-02-15 14:18 - 00285184 ____H C:\Windows\system32\BITEBF6.tmp
2017-02-15 14:18 - 2017-02-15 14:18 - 00285184 ____H C:\Windows\system32\BIT3BFC.tmp
2017-02-15 14:18 - 2017-02-15 14:18 - 00285184 ____H C:\Windows\system32\BIT1A79.tmp
2017-02-24 15:32 - 2017-02-24 15:32 - 0000016 _____ () C:\ProgramData\mntemp
2017-02-24 15:32 - 2017-02-24 15:32 - 0005082 _____ () C:\ProgramData\nakuvtjg.ewu
Task: {11A63C2B-8AC5-4082-9BC1-396B321B0D3F} - System32\Tasks\oTBzqdOfWA4l => otbzqdofwa4l.exe
Shortcut: C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехрlorеr.lnk -> C:\Users\louis\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\louis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnet Eхplоrеr Browser.lnk -> C:\Users\louis\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\louis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Eхplorеr.lnk -> C:\Users\louis\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
DeleteValue: HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|pVRrlz6fJr
Folder: C:\Users\louis\.jssc
Folder: C:\ProgramData\Plusdax
Folder: C:\ProgramData\Plusdaxs
CMD: bitsadmin /reset /allusers
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Handcrafted

Handcrafted
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 01 March 2017 - 01:53 PM

Here is the log, I will tell you in 3 days if there's no problem or not ( I uninstalled my torrent program)

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by louis (01-03-2017 19:49:22) Run:1
Running from C:\Users\louis\Downloads\FRST-OlderVersion
Loaded Profiles: louis (Available Profiles: louis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
2017-02-18 11:57 - 2017-02-18 11:57 - 00021522 _____ C:\Windows\System32\Tasks\oTBzqdOfWA4l
2017-02-18 11:52 - 2017-02-18 11:52 - 00000000 ____D C:\Users\louis\AppData\Roaming\Drebpycerrerward
2017-02-18 11:51 - 2017-02-18 11:51 - 00000000 ____D C:\Users\louis\AppData\Local\Reodeght
2017-02-15 14:18 - 2017-02-15 14:18 - 00285184 ____H C:\Windows\system32\BITEBF6.tmp
2017-02-15 14:18 - 2017-02-15 14:18 - 00285184 ____H C:\Windows\system32\BIT3BFC.tmp
2017-02-15 14:18 - 2017-02-15 14:18 - 00285184 ____H C:\Windows\system32\BIT1A79.tmp
2017-02-24 15:32 - 2017-02-24 15:32 - 0000016 _____ () C:\ProgramData\mntemp
2017-02-24 15:32 - 2017-02-24 15:32 - 0005082 _____ () C:\ProgramData\nakuvtjg.ewu
Task: {11A63C2B-8AC5-4082-9BC1-396B321B0D3F} - System32\Tasks\oTBzqdOfWA4l => otbzqdofwa4l.exe
Shortcut: C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехрlorеr.lnk -> C:\Users\louis\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\louis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnet Eхplоrеr Browser.lnk -> C:\Users\louis\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
Shortcut: C:\Users\louis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Eхplorеr.lnk -> C:\Users\louis\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
DeleteValue: HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|pVRrlz6fJr
Folder: C:\Users\louis\.jssc
Folder: C:\ProgramData\Plusdax
Folder: C:\ProgramData\Plusdaxs
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Tasks\oTBzqdOfWA4l => moved successfully
C:\Users\louis\AppData\Roaming\Drebpycerrerward => moved successfully
C:\Users\louis\AppData\Local\Reodeght => moved successfully
C:\Windows\system32\BITEBF6.tmp => moved successfully
C:\Windows\system32\BIT3BFC.tmp => moved successfully
C:\Windows\system32\BIT1A79.tmp => moved successfully
C:\ProgramData\mntemp => moved successfully
C:\ProgramData\nakuvtjg.ewu => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11A63C2B-8AC5-4082-9BC1-396B321B0D3F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11A63C2B-8AC5-4082-9BC1-396B321B0D3F} => key removed successfully
C:\Windows\System32\Tasks\oTBzqdOfWA4l => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\oTBzqdOfWA4l => key removed successfully
C:\Users\louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Ехрlorеr.lnk => moved successfully
C:\Users\louis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunch Intеrnet Eхplоrеr Browser.lnk => moved successfully
C:\Users\louis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Intеrnet Eхplorеr.lnk => moved successfully
HKU\S-1-5-21-3281780549-2720448312-3182299040-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\pVRrlz6fJr => value removed successfully

========================= Folder: C:\Users\louis\.jssc ========================

2017-02-28 16:52 - 2017-02-28 16:52 - 0000000 ____D () C:\Users\louis\.jssc\windows
2017-02-28 16:52 - 2017-02-28 16:52 - 0067072 _____ () C:\Users\louis\.jssc\windows\jSSC-2.8_x86.dll

====== End of Folder: ======


========================= Folder: C:\ProgramData\Plusdax ========================

2017-02-18 12:01 - 2017-02-18 12:01 - 0000000 _____ () C:\ProgramData\Plusdax\Anfind.bin
2017-02-18 12:01 - 2017-02-24 20:32 - 0000789 _____ () C:\ProgramData\Plusdax\conf.config
2017-02-21 20:31 - 2017-02-21 20:31 - 0000266 _____ () C:\ProgramData\Plusdax\Danlam.exe.config
2017-02-18 12:01 - 2017-02-18 12:01 - 0000266 _____ () C:\ProgramData\Plusdax\Dantone.exe.config
2017-02-18 12:01 - 2017-02-18 12:01 - 0000000 _____ () C:\ProgramData\Plusdax\FreePlus.bin
2017-02-23 11:22 - 2017-02-23 11:22 - 7291904 _____ () C:\ProgramData\Plusdax\Holdtrax.dat
2017-02-18 12:01 - 2017-02-18 12:01 - 0000266 _____ () C:\ProgramData\Plusdax\InchQvolam.exe.config
2017-02-18 12:27 - 2017-02-18 12:27 - 0000266 _____ () C:\ProgramData\Plusdax\LotZoolux.exe.config
2017-02-18 12:01 - 2017-02-18 12:01 - 0005568 _____ () C:\ProgramData\Plusdax\md.xml
2017-02-18 12:01 - 2017-02-18 12:01 - 0846336 _____ () C:\ProgramData\Plusdax\Medjob.bin
2017-02-18 12:01 - 2017-02-18 12:01 - 0000000 _____ () C:\ProgramData\Plusdax\Ozertech.dat
2017-02-18 12:01 - 2017-02-18 12:01 - 0018432 _____ () C:\ProgramData\Plusdax\Plusdax.dat
2017-02-18 12:01 - 2017-02-18 12:01 - 0024576 _____ () C:\ProgramData\Plusdax\Qvofan.dat
2017-02-18 12:01 - 2017-02-18 12:01 - 0465920 _____ () C:\ProgramData\Plusdax\Ran-Strong.bin
2017-02-18 12:01 - 2017-02-18 12:01 - 0000000 _____ () C:\ProgramData\Plusdax\Sillam.bin
2017-02-18 12:01 - 2017-02-18 12:01 - 0252928 _____ () C:\ProgramData\Plusdax\Silverlight.dat
2017-02-18 12:01 - 2017-02-18 12:01 - 0502272 _____ () C:\ProgramData\Plusdax\Singletone.bin
2017-02-18 12:01 - 2017-02-18 12:01 - 0570880 _____ () C:\ProgramData\Plusdax\Solo-Lux.bin
2017-02-18 12:01 - 2017-02-18 12:01 - 0126464 _____ () C:\ProgramData\Plusdax\uninstall.dat
2017-02-18 12:01 - 2017-02-18 12:01 - 0000266 _____ () C:\ProgramData\Plusdax\Vivaeco.exe.config
2017-02-18 13:42 - 2017-02-18 13:42 - 0000266 _____ () C:\ProgramData\Plusdax\Vol-Tam.exe.config
2017-02-25 10:43 - 2017-02-25 10:43 - 0088224 _____ () C:\ProgramData\Plusdax\vu3am4dn.xml
2017-02-21 01:57 - 2017-02-21 01:57 - 0000266 _____ () C:\ProgramData\Plusdax\Xxx-sailtop.exe.config
2017-02-18 12:01 - 2017-02-18 12:01 - 0000000 ____D () C:\ProgramData\Plusdax\ondemand
2017-02-20 15:05 - 2017-02-23 11:22 - 0000000 ____D () C:\ProgramData\Plusdax\temp

====== End of Folder: ======


========================= Folder: C:\ProgramData\Plusdaxs ========================

2017-02-18 12:01 - 2017-02-18 12:01 - 0000223 _____ () C:\ProgramData\Plusdaxs\ff.HP
2017-02-18 12:01 - 2017-02-18 12:01 - 0000239 _____ () C:\ProgramData\Plusdaxs\ff.NT
2017-02-18 12:01 - 2017-02-18 12:01 - 0000221 _____ () C:\ProgramData\Plusdaxs\snp.sc

====== End of Folder: ======


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {47A276C0-83C4-41C8-A805-688E92694129}.
Unable to cancel {2267D504-591B-4286-8EAD-3F985F2696DB}.
{2E21DFC4-3413-467D-9EE9-964FF90046CD} canceled.
{D834E2FD-D1CF-485D-92FB-5CAF084AE0DF} canceled.
{489AA043-A8EA-426A-AE83-6B511FBF28C5} canceled.
{9E58B381-F7DE-4FB7-9663-9B614456F2E1} canceled.
{21CF95EF-D222-45E8-8A61-46078A5C0FFE} canceled.
{09060E56-E7EB-4A44-96C2-846FAC807EFC} canceled.
6 out of 8 jobs canceled.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 19:49:43 ====

Attached Files


Edited by Oh My!, 01 March 2017 - 02:19 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 01 March 2017 - 02:27 PM

Greetings,

We have more work to do. Are you going to be unavailable over the next 3 days?

When you can, please do this. Please be sure to copy and paste the report contents in your reply rather than attach a file.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
C:\ProgramData\Plusdax
C:\ProgramData\Plusdaxs
powershell:  Get-BitsTransfer -AllUsers | select -ExpandProperty FileList
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Edited by Oh My!, 01 March 2017 - 02:48 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Handcrafted

Handcrafted
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 March 2017 - 05:38 AM

No, I'm available. Here is th log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by louis (02-03-2017 11:33:44) Run:2
Running from C:\Users\louis\Downloads\FRST-OlderVersion
Loaded Profiles: louis (Available Profiles: louis)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\ProgramData\Plusdax
C:\ProgramData\Plusdaxs
powershell:  Get-BitsTransfer -AllUsers | select -ExpandProperty FileList
emptytemp:
*****************
 
C:\ProgramData\Plusdax => moved successfully
C:\ProgramData\Plusdaxs => moved successfully
 
========= Get-BitsTransfer -AllUsers | select -ExpandProperty FileList =========
 
 
 
                     17a540c273aeec7a6cb2c13379fd71.exe
LocalName          : C:\Windows\SoftwareDistribution\Download\1560def00b01b6c87f1d32cb99853500\c330c28d9d17a540c273aeec
                     7a6cb2c13379fd71
IsTransferComplete : False
BytesTotal         : -1
BytesTransferred   : 0
 
                     64_6d06edf487f8651e7d2b18c74e8c4f46e7af9eda.cab
LocalName          : C:\Windows\SoftwareDistribution\Download\f1b03f8199a5182249185dd6960fd6b0\windows8.1-kb3210137-x64
                     .cab
IsTransferComplete : False
BytesTotal         : 76165453
BytesTransferred   : 51193033
 
 
 
 
========= End of Powershell: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34274834 B
Java, Flash, Steam htmlcache => 5287647 B
Windows/system/drivers => 8331059 B
Edge => 0 B
Chrome => 26008413 B
Firefox => 0 B
Opera => 394765453 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 4070 B
NetworkService => 0 B
louis => 818901236 B
 
RecycleBin => 951893203 B
EmptyTemp: => 2.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:34:06 ====


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 02 March 2017 - 05:40 PM

Thank you.

Are you still getting the cmd window popup?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Handcrafted

Handcrafted
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 March 2017 - 07:07 PM

Not for the moment, I'll send you a message if it reappears.

Thank you very much fo your help



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 02 March 2017 - 09:37 PM

Well we are not done yet. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Startbatch:
@echo off
net stop BITS
ipconfig /flushdns
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat" qmgr0.dat.old
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat" qmgr1.dat.old
net start BITS
Endbatch:
Powershell: Get-BitsTransfer -AllUsers
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Handcrafted

Handcrafted
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 03 March 2017 - 04:38 AM

Here it is

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by louis (03-03-2017 10:37:08) Run:3
Running from C:\Users\louis\Downloads\FRST-OlderVersion
Loaded Profiles: louis (Available Profiles: louis)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Startbatch:
@echo off
net stop BITS
ipconfig /flushdns
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr0.dat" qmgr0.dat.old
ren "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr1.dat" qmgr1.dat.old
net start BITS
Endbatch:
Powershell: Get-BitsTransfer -AllUsers
*****************
 
 
========= Batch: =========
Le service Service de transfert intelligent en arriŠre-plan s'arrˆte..
Le service Service de transfert intelligent en arriŠre-plan a ‚t‚ arrˆt‚.
 
 
Configuration IP de Windows
 
Cache de r‚solution DNS vid‚.
Le service Service de transfert intelligent en arriŠre-plan d‚marre.
Le service Service de transfert intelligent en arriŠre-plan a d‚marr‚.
 
 
========= End of Batch: =========
 
 
========= Get-BitsTransfer -AllUsers =========
 
 
========= End of Powershell: =========
 
 
==== End of Fixlog 10:37:21 ====

Attached Files


Edited by Handcrafted, 03 March 2017 - 04:39 AM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 03 March 2017 - 11:41 AM

Excellent.

 

Are there any remaining issues?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Handcrafted

Handcrafted
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 03 March 2017 - 04:56 PM

No more BITSADMIN issue since 2 days! :)



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 03 March 2017 - 06:08 PM

Perfect, looks like we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,151 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:22 PM

Posted 04 March 2017 - 10:51 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users