Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Adware/Malware?


  • This topic is locked This topic is locked
4 replies to this topic

#1 Cleaningmompc

Cleaningmompc

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 14 August 2017 - 11:45 AM

Sorry for the multiple postings, the tab crashed and reposted it several times. Reply to this one. 

Mod Edit:  Deleted 2 dupes :).

 

Hello there, my name is Deejay and I'm cleaning my own computer this time. I was referred to here from the "Am I infected" forums.

 

So this computer is a bit older, it's a Toshiba, Windows 7 Home Premium. It's graphic's processor is Intel and I use Google Chrome as my browser. My antivirus protection is Microsoft Security Essentials and Malwarebyes. I do have Malwarebyes Chameleon, adwcleaner, TDSSkiller, roguekiller, rkill, JRT within my inventory for emergencies. 

This computer has seen better days as unfortunately it was infected by CVE-2013-1493, CVE-2013-0422 and exploit:java/obfuscator.J and some adware which was only detected a month or two ago. Microsoft Security essentials removed it and fortunately those nasty bugs haven't shown signs of returning. During the time of infection I do recall this computer having blue screens often and general system instability but I don't recall ever having popups as I always made sure to use adblockers. 

 

Now, as for general system performance it's significantly better but seems to have occasional glitches/slow downs/etc which may or may not be damage to the system or general age. I do not unfortunately have the full history of this laptop as it was bought used for me as a teenager.  

Yet, I've had an issue with Searchscopes returning within the registry and JRT having to remove it, as well as a curious issue that someone within "Am I infected" couldn't figure out. 

I've had these files show up even after repeatedly removing them with AdwCleaner.

***** [ Files ] *****
 
PUP.Adware.Heuristic, C:\Users\Default\AppData\gacutil.exe
PUP.Adware.Heuristic, C:\Users\Default\AppData\gacutil
PUP.Adware.Heuristic, C:\Users\Default User\AppData\gacutil.exe
PUP.Adware.Heuristic, C:\Users\Default User\AppData\gacutil
 
***** [ Tasks ] *****
 
PUP.Adware.Heuristic, gacutil
PUP.Adware.Heuristic, gacutil
 
 

 

I decided to delete them myself as posted here: https://www.bleepingcomputer.com/forums/t/654252/cleaning-up-old-computer-possible-pupmalware-remnants/#entry4309527 and AdwCleaner does not detect them any longer.

 

I do know that those files shouldn't be there as I researched Microsoft's location for Gacutil and everything such like this should be within the computer/windows/etc folders. Not a user default folder..? 

The files are sitting within my recyling bin in case further analysis is desired but they seem harmless sitting there. I have no idea where they came from as they were never detected until today. 

 

Considering the constant revival of these markups I wonder if some nasty adware is still on here. All other information can be found in the link above. 

 

Current symptoms are mostly positive. However I do notice right upon boot up it looks like something tries to start but shuts down immediately. It's a white window that flashes for half a second. 

 

 

Here are the logs, thank you for your time.

--

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08-2017
Ran by Deejay (administrator) on DEEJAY-PC (14-08-2017 11:23:17)
Running from C:\Users\Deejay\Downloads
Loaded Profiles: Deejay (Available Profiles: Deejay & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [655368 2017-04-19] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [WTClient] => C:\windows\system32\WTClient.exe [41304 2012-02-27] (Tablet Driver)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\PFW: 
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\MountPoints2: F - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\MountPoints2: {3084d3a7-05c8-11e3-b420-00266ce37e20} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\MountPoints2: {96927b35-4592-11e2-b268-00266ce37e20} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\MountPoints2: {9a443fe0-913e-11e2-bc3a-00266ce37e20} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\MountPoints2: {a6a80701-2ea2-11e3-b2c2-00266ce37e20} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\MountPoints2: {c029d1db-a3da-11e2-a28a-00266ce37e20} - E:\LaunchU3.exe -a
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\MountPoints2: {d3ff8d75-5ee8-11e2-893b-00266ce37e20} - E:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{60928159-839F-4339-A2DA-01C32D41FCDB}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.toshiba.com
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {43F88E04-CADE-45C9-8473-DB5CEF107394} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {43F88E04-CADE-45C9-8473-DB5CEF107394} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {43F88E04-CADE-45C9-8473-DB5CEF107394} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {43F88E04-CADE-45C9-8473-DB5CEF107394} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> DefaultScope {7C4F8165-6349-420C-A570-CCDA8709BDAF} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> {7C4F8165-6349-420C-A570-CCDA8709BDAF} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12] (<TOSHIBA>)
Toolbar: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 -> C:\windows\SysWOW64\npdeployJava1.dll [2012-09-17] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-04] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default [2017-08-14]
CHR Extension: (Google Slides) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-04]
CHR Extension: (Google Docs) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-04]
CHR Extension: (Google Drive) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-04]
CHR Extension: (YouTube) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-04]
CHR Extension: (Adblock Plus) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-08-14]
CHR Extension: (uBlock Origin) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-08-02]
CHR Extension: (Google Sheets) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-04]
CHR Extension: (Google Docs Offline) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-04]
CHR Extension: (Gmail) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-04]
CHR Extension: (Chrome Media Router) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR Profile: C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [186056 2013-10-16] (Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 CaCCProvSP; "C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe" [X]
S4 ccSchedulerSVC; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [253856 2017-08-14] (Malwarebytes)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [200552 2013-10-16] (Sandboxie Holdings, LLC)
R3 vmulti; C:\windows\System32\DRIVERS\vmulti.sys [10752 2014-09-17] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-14 11:21 - 2017-08-14 11:23 - 000015036 _____ C:\Users\Deejay\Downloads\FRST.txt
2017-08-14 11:21 - 2017-08-14 11:21 - 002395648 _____ (Farbar) C:\Users\Deejay\Downloads\FRST64.exe
2017-08-14 11:21 - 2017-08-14 11:21 - 000000000 ____D C:\FRST
2017-08-14 10:44 - 2017-08-14 10:49 - 000001914 _____ C:\Users\Deejay\Desktop\Rkill.txt
2017-08-14 10:44 - 2017-08-14 10:44 - 000841241 _____ C:\Users\Deejay\Downloads\rkill.zip
2017-08-14 10:30 - 2017-08-14 10:30 - 000012501 _____ C:\Users\Deejay\AppData\LocalLow\wbkAF3D.tmp
2017-08-14 09:49 - 2017-08-14 09:50 - 000000000 ____D C:\Users\Deejay\Desktop\Skype Backup
2017-08-14 09:35 - 2017-08-14 09:35 - 000000000 ____D C:\SecurityCheck
2017-08-14 09:34 - 2017-08-14 09:35 - 000515639 _____ (glax24 (safezone.cc)) C:\Users\Deejay\Downloads\SecurityCheck.exe
2017-08-14 07:32 - 2017-08-14 07:32 - 000003143 _____ C:\Users\Deejay\Desktop\JRT.txt
2017-08-14 05:42 - 2017-08-14 07:17 - 000000000 ____D C:\Users\Deejay\Desktop\mbar
2017-08-14 05:38 - 2017-08-14 05:38 - 009747512 _____ (Piriform Ltd) C:\Users\Deejay\Downloads\ccsetup532.exe
2017-08-14 05:38 - 2017-08-14 05:38 - 001790024 _____ (Malwarebytes) C:\Users\Deejay\Downloads\JRT (1).exe
2017-08-14 05:36 - 2017-08-14 05:37 - 016563352 _____ (Malwarebytes Corp.) C:\Users\Deejay\Downloads\mbar-1.09.3.1001.exe
2017-08-14 05:36 - 2017-08-14 05:36 - 008185288 _____ (Malwarebytes) C:\Users\Deejay\Desktop\AdwCleaner.exe
2017-08-13 15:22 - 2017-08-13 15:24 - 000028272 _____ C:\windows\system32\Drivers\TrueSight.sys
2017-08-13 15:21 - 2017-08-13 15:24 - 000000000 ____D C:\ProgramData\RogueKiller
2017-08-13 15:21 - 2017-08-13 15:21 - 000000869 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-13 15:21 - 2017-08-13 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-13 15:21 - 2017-08-13 15:21 - 000000000 ____D C:\Program Files\RogueKiller
2017-08-13 15:19 - 2017-08-13 15:21 - 035667336 _____ (Adlice Software ) C:\Users\Deejay\Downloads\RogueKiller_setup_ref3.exe
2017-08-13 14:59 - 2017-08-13 15:01 - 000223966 _____ C:\TDSSKiller.3.1.0.15_13.08.2017_14.59.22_log.txt
2017-08-13 14:54 - 2017-08-13 14:58 - 000193844 _____ C:\TDSSKiller.3.1.0.15_13.08.2017_14.54.59_log.txt
2017-08-13 14:52 - 2017-08-13 14:52 - 004830473 _____ C:\Users\Deejay\Downloads\tdsskiller.zip
2017-08-13 12:30 - 2017-08-13 14:48 - 000000000 ____D C:\Users\Deejay\Desktop\New art
2017-08-13 05:59 - 2017-08-13 05:59 - 000009074 _____ C:\Users\Deejay\Documents\beep beep.txt
2017-08-12 05:54 - 2017-08-12 05:54 - 000007601 _____ C:\Users\Deejay\AppData\Local\Resmon.ResmonCfg
2017-08-12 03:32 - 2017-08-12 03:32 - 002470500 _____ C:\Users\Deejay\Downloads\sai-1.2.5-ful-en.exe
2017-08-12 03:10 - 2017-08-12 03:10 - 000000000 ____D C:\Users\Deejay\Documents\New folder (3)
2017-08-12 03:10 - 2017-08-12 03:10 - 000000000 ____D C:\Users\Deejay\Documents\New folder (2)
2017-08-10 16:31 - 2017-08-10 16:31 - 002007040 _____ C:\Users\Deejay\Desktop\emma outfit ideas.sai
2017-08-10 03:42 - 2017-08-10 04:51 - 000000000 ____D C:\Users\Deejay\AppData\Roaming\discord
2017-08-10 03:42 - 2017-08-10 03:42 - 000002182 _____ C:\Users\Deejay\Desktop\Discord.lnk
2017-08-10 03:41 - 2017-08-10 03:42 - 000000000 ____D C:\Users\Deejay\AppData\Local\Discord
2017-08-10 03:40 - 2017-08-10 03:41 - 054332920 _____ (Discord Inc.) C:\Users\Deejay\Downloads\DiscordSetup.exe
2017-08-10 02:58 - 2017-08-10 02:59 - 013541199 _____ C:\Users\Deejay\Downloads\Unconfirmed 861983.crdownload
2017-08-10 02:40 - 2017-08-10 03:42 - 000000000 ____D C:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-10 02:40 - 2017-08-10 02:40 - 000012501 _____ C:\Users\Deejay\Downloads\Settings2.html
2017-08-10 02:40 - 2017-08-10 02:40 - 000012501 _____ C:\Users\Deejay\Downloads\Settings2 (1).html
2017-08-09 23:40 - 2017-08-14 07:17 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-08-09 05:52 - 2012-11-09 13:57 - 000057376 _____ (Intel Corporation) C:\windows\system32\Drivers\HECIx64.sys
2017-08-09 02:19 - 2017-07-29 09:56 - 000117248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2017-08-09 02:19 - 2017-07-21 09:26 - 000518144 _____ C:\windows\SysWOW64\msjetoledb40.dll
2017-08-09 02:19 - 2017-07-21 09:26 - 000409600 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexch40.dll
2017-08-09 02:19 - 2017-07-21 09:26 - 000290816 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjtes40.dll
2017-08-09 02:19 - 2017-07-21 09:26 - 000282624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstext40.dll
2017-08-09 02:19 - 2017-07-15 13:35 - 000394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-08-09 02:19 - 2017-07-15 12:52 - 000346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 002319872 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 002222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 002058240 _____ (Microsoft Corporation) C:\windows\system32\Query.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 000778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 000491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 000486400 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 000288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 000115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 000099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 000075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2017-08-09 02:19 - 2017-07-14 10:29 - 000014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2017-08-09 02:19 - 2017-07-14 10:12 - 000591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-08-09 02:19 - 2017-07-14 10:12 - 000249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-08-09 02:19 - 2017-07-14 10:11 - 000113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2017-08-09 02:19 - 2017-07-14 10:10 - 001549824 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-08-09 02:19 - 2017-07-14 10:10 - 001400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-08-09 02:19 - 2017-07-14 10:10 - 001363968 _____ (Microsoft Corporation) C:\windows\SysWOW64\Query.dll
2017-08-09 02:19 - 2017-07-14 10:10 - 000666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2017-08-09 02:19 - 2017-07-14 10:10 - 000382976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2017-08-09 02:19 - 2017-07-14 10:10 - 000337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2017-08-09 02:19 - 2017-07-14 10:10 - 000197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2017-08-09 02:19 - 2017-07-14 10:10 - 000104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
2017-08-09 02:19 - 2017-07-14 10:10 - 000059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2017-08-09 02:19 - 2017-07-14 10:10 - 000034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2017-08-09 02:19 - 2017-07-14 10:00 - 000427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2017-08-09 02:19 - 2017-07-14 10:00 - 000164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2017-08-09 02:19 - 2017-07-14 09:59 - 000086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2017-08-09 02:19 - 2017-07-14 09:59 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2017-08-09 02:19 - 2017-07-14 09:57 - 000050688 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2017-08-09 02:19 - 2017-07-14 09:50 - 000054272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2017-08-09 02:19 - 2017-07-14 09:50 - 000028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2017-08-09 02:19 - 2017-07-14 02:16 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-08-09 02:19 - 2017-07-14 02:15 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-08-09 02:19 - 2017-07-14 01:49 - 025733632 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-08-09 02:19 - 2017-07-14 01:47 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-08-09 02:19 - 2017-07-14 01:45 - 000417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-08-09 02:19 - 2017-07-14 01:45 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-08-09 02:19 - 2017-07-14 01:44 - 000576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-08-09 02:19 - 2017-07-14 01:44 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-08-09 02:19 - 2017-07-14 01:38 - 002899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-08-09 02:19 - 2017-07-14 01:29 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-08-09 02:19 - 2017-07-14 01:28 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-08-09 02:19 - 2017-07-14 01:22 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-08-09 02:19 - 2017-07-14 01:20 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-08-09 02:19 - 2017-07-14 01:20 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-08-09 02:19 - 2017-07-14 01:19 - 000817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-08-09 02:19 - 2017-07-14 01:19 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-08-09 02:19 - 2017-07-14 01:08 - 000968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-08-09 02:19 - 2017-07-14 01:02 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-08-09 02:19 - 2017-07-14 00:49 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-08-09 02:19 - 2017-07-14 00:48 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-08-09 02:19 - 2017-07-14 00:47 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-08-09 02:19 - 2017-07-14 00:42 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-08-09 02:19 - 2017-07-14 00:40 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-08-09 02:19 - 2017-07-14 00:35 - 005981184 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-08-09 02:19 - 2017-07-14 00:35 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-08-09 02:19 - 2017-07-14 00:33 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-08-09 02:19 - 2017-07-14 00:16 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-08-09 02:19 - 2017-07-14 00:11 - 000725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-08-09 02:19 - 2017-07-14 00:10 - 000806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-08-09 02:19 - 2017-07-14 00:09 - 002132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-08-09 02:19 - 2017-07-14 00:09 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-08-09 02:19 - 2017-07-13 23:40 - 015254016 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-08-09 02:19 - 2017-07-13 23:23 - 003240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-08-09 02:19 - 2017-07-13 23:07 - 001545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-08-09 02:19 - 2017-07-13 22:58 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-08-09 02:19 - 2017-07-13 22:01 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-08-09 02:19 - 2017-07-13 21:54 - 020270080 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-08-09 02:19 - 2017-07-13 21:48 - 000499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-08-09 02:19 - 2017-07-13 21:48 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-08-09 02:19 - 2017-07-13 21:48 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-08-09 02:19 - 2017-07-13 21:48 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-08-09 02:19 - 2017-07-13 21:47 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-08-09 02:19 - 2017-07-13 21:44 - 002290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-08-09 02:19 - 2017-07-13 21:42 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-08-09 02:19 - 2017-07-13 21:41 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-08-09 02:19 - 2017-07-13 21:39 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-08-09 02:19 - 2017-07-13 21:38 - 000663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-08-09 02:19 - 2017-07-13 21:38 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-08-09 02:19 - 2017-07-13 21:38 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-08-09 02:19 - 2017-07-13 21:30 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-08-09 02:19 - 2017-07-13 21:26 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-08-09 02:19 - 2017-07-13 21:25 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-08-09 02:19 - 2017-07-13 21:25 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-08-09 02:19 - 2017-07-13 21:23 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-08-09 02:19 - 2017-07-13 21:22 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-08-09 02:19 - 2017-07-13 21:21 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-08-09 02:19 - 2017-07-13 21:20 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-08-09 02:19 - 2017-07-13 21:17 - 004546048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-08-09 02:19 - 2017-07-13 21:13 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-08-09 02:19 - 2017-07-13 21:12 - 000693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-08-09 02:19 - 2017-07-13 21:11 - 002057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-08-09 02:19 - 2017-07-13 21:11 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-08-09 02:19 - 2017-07-13 21:09 - 013663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-08-09 02:19 - 2017-07-13 20:53 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-08-09 02:19 - 2017-07-13 20:50 - 001314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-08-09 02:19 - 2017-07-13 20:48 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-08-09 02:19 - 2017-07-08 10:34 - 000370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2017-08-09 02:19 - 2017-07-08 10:00 - 003224064 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-08-09 02:19 - 2017-07-07 10:37 - 000631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-08-09 02:19 - 2017-07-07 10:33 - 005547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-08-09 02:19 - 2017-07-07 10:33 - 000706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-08-09 02:19 - 2017-07-07 10:33 - 000363752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volmgrx.sys
2017-08-09 02:19 - 2017-07-07 10:33 - 000154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-08-09 02:19 - 2017-07-07 10:33 - 000095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-08-09 02:19 - 2017-07-07 10:31 - 001732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 001460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000149504 _____ (Microsoft Corporation) C:\windows\system32\t2embed.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:29 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:15 - 004001000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-08-09 02:19 - 2017-07-07 10:15 - 003945192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-08-09 02:19 - 2017-07-07 10:13 - 001314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000109568 _____ (Microsoft Corporation) C:\windows\SysWOW64\t2embed.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-08-09 02:19 - 2017-07-07 10:11 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:10 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 10:02 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-08-09 02:19 - 2017-07-07 10:01 - 000064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-08-09 02:19 - 2017-07-07 10:01 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-08-09 02:19 - 2017-07-07 10:01 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-08-09 02:19 - 2017-07-07 09:58 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-08-09 02:19 - 2017-07-07 09:57 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-08-09 02:19 - 2017-07-07 09:54 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-08-09 02:19 - 2017-07-07 09:54 - 000159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-08-09 02:19 - 2017-07-07 09:54 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-08-09 02:19 - 2017-07-07 09:53 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-08-09 02:19 - 2017-07-07 09:53 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-08-09 02:19 - 2017-07-07 09:51 - 000050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-08-09 02:19 - 2017-07-07 09:48 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-08-09 02:19 - 2017-07-07 09:48 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-08-09 02:19 - 2017-07-07 09:48 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-08-09 02:19 - 2017-07-07 09:48 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-08-09 02:19 - 2017-07-07 09:47 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-08-09 02:19 - 2017-07-07 09:47 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 09:47 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 09:47 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-09 02:19 - 2017-07-07 09:47 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 001311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjet40.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000866816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswdat10.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswstr10.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000616448 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrepl40.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000475648 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxbde40.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mspbde40.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000343552 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd3x40.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000339968 _____ (Microsoft Corporation) C:\windows\SysWOW64\msexcl40.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000310272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrd2x40.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000240640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msltus40.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000144896 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjint40.dll
2017-08-09 02:19 - 2017-07-01 08:05 - 000083968 _____ (Microsoft Corporation) C:\windows\SysWOW64\msjter40.dll
2017-08-08 09:38 - 2017-08-08 09:38 - 000118784 _____ C:\Users\Deejay\Desktop\blip.sai
2017-08-08 06:38 - 2017-08-13 11:50 - 000000000 ____D C:\Users\Deejay\Desktop\Lacia
2017-08-07 10:49 - 2017-08-10 04:57 - 000000000 ____D C:\Users\Deejay\Desktop\Inspiration
2017-08-07 07:23 - 2017-08-07 07:24 - 147862296 _____ (Microsoft Corporation) C:\Users\Deejay\Downloads\msert (1).exe
2017-08-07 01:16 - 2017-08-07 01:16 - 000000000 ____H C:\windows\system32\Drivers\Msft_Kernel_WinUSB_01009.Wdf
2017-08-07 00:55 - 2017-08-07 00:55 - 000000686 _____ C:\Users\Public\Desktop\PenTabletDriver.lnk
2017-08-07 00:55 - 2017-08-07 00:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PenTabletDriver
2017-08-07 00:55 - 2017-08-07 00:55 - 000000000 ____D C:\Program Files\DIFX
2017-08-07 00:55 - 2016-01-13 13:35 - 001011504 _____ (Microsoft Corporation) C:\windows\system32\WinUsbCoInstaller2.dll
2017-08-07 00:55 - 2016-01-13 13:34 - 001730360 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01009.dll
2017-08-07 00:55 - 2014-09-17 10:47 - 000010752 _____ (Windows ® Win 7 DDK provider) C:\windows\system32\Drivers\vmulti.sys
2017-08-07 00:55 - 2014-09-17 10:47 - 000007680 _____ (Windows ® Win 7 DDK provider) C:\windows\system32\Drivers\hidkmdf.sys
2017-08-07 00:51 - 2017-08-07 09:12 - 000000000 ____D C:\PenTabletDriver
2017-08-07 00:50 - 2017-08-07 00:50 - 000000000 ____D C:\Users\Deejay\Desktop\tablet driver
2017-08-07 00:45 - 2017-08-07 00:45 - 021158923 _____ C:\Users\Deejay\Downloads\WIN_K58_580_680S_680TF_420_540_Driver12.3.7 (1).zip
2017-08-07 00:31 - 2017-08-07 00:36 - 021158923 _____ C:\Users\Deejay\Downloads\WIN_K58_580_680S_680TF_420_540_Driver12.3.7.zip
2017-08-06 20:59 - 2017-08-06 20:59 - 044003024 _____ (Microsoft Corporation) C:\Users\Deejay\Downloads\Windows-KB890830-x64-V5.50.exe
2017-08-06 20:13 - 2017-08-10 06:14 - 000000000 ____D C:\Users\Deejay\Desktop\OTHER
2017-08-06 20:04 - 2017-08-06 20:04 - 009747512 _____ (Piriform Ltd) C:\Users\Deejay\Downloads\ccsetup532 (2).exe
2017-08-05 07:39 - 2017-08-10 04:57 - 000000000 ____D C:\Users\Deejay\Desktop\Black Butler
2017-08-05 07:08 - 2017-08-05 07:12 - 001723856 _____ C:\Users\Deejay\Desktop\family.psd
2017-07-30 04:57 - 2017-05-03 10:34 - 000094952 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2017-07-30 04:57 - 2017-05-03 10:29 - 001206272 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2017-07-30 04:57 - 2017-05-03 08:05 - 001555968 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2017-07-30 04:57 - 2017-05-03 08:05 - 000620544 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2017-07-30 04:57 - 2017-05-03 08:05 - 000535552 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2017-07-30 04:57 - 2017-05-03 08:05 - 000325632 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2017-07-30 04:57 - 2017-05-03 08:05 - 000311296 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2017-07-30 04:57 - 2017-05-03 08:05 - 000217088 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2017-07-30 04:57 - 2017-05-03 08:05 - 000127488 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2017-07-30 04:57 - 2017-03-22 21:06 - 001691136 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2017-07-30 04:56 - 2017-06-15 15:23 - 000753664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2017-07-30 04:56 - 2017-06-12 17:49 - 001363456 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2017-07-30 04:56 - 2017-06-12 17:49 - 000594432 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2017-07-30 04:56 - 2017-06-12 17:49 - 000475136 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2017-07-30 04:56 - 2017-06-12 17:49 - 000058880 _____ (Microsoft Corporation) C:\windows\system32\pdhui.dll
2017-07-30 04:56 - 2017-06-12 17:29 - 001227264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2017-07-30 04:56 - 2017-06-12 17:29 - 000444928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2017-07-30 04:56 - 2017-06-12 17:29 - 000390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2017-07-30 04:56 - 2017-06-12 17:28 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\pdhui.dll
2017-07-30 04:56 - 2017-06-12 17:14 - 000379392 _____ (Microsoft Corporation) C:\windows\system32\msinfo32.exe
2017-07-30 04:56 - 2017-06-12 17:14 - 000172544 _____ (Microsoft Corporation) C:\windows\system32\perfmon.exe
2017-07-30 04:56 - 2017-06-12 17:14 - 000103936 _____ (Microsoft Corporation) C:\windows\system32\resmon.exe
2017-07-30 04:56 - 2017-06-12 17:06 - 000303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msinfo32.exe
2017-07-30 04:56 - 2017-06-12 17:06 - 000157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\perfmon.exe
2017-07-30 04:56 - 2017-06-12 17:06 - 000103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\resmon.exe
2017-07-30 04:56 - 2017-06-10 10:59 - 000313856 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
2017-07-30 04:56 - 2017-06-10 10:39 - 000271360 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
2017-07-30 04:56 - 2017-06-09 10:33 - 001680616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2017-07-30 04:56 - 2017-06-06 10:30 - 001867264 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-07-30 04:56 - 2017-06-06 10:12 - 001499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-07-30 04:56 - 2017-05-29 23:56 - 001895656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2017-07-30 04:56 - 2017-05-29 23:56 - 000377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2017-07-30 04:56 - 2017-05-29 23:56 - 000287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2017-07-30 04:56 - 2017-05-20 23:24 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2017-07-30 04:56 - 2017-05-20 23:06 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2017-07-30 04:56 - 2017-05-16 10:35 - 000986856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2017-07-30 04:56 - 2017-05-16 10:35 - 000265448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2017-07-30 04:56 - 2017-05-16 10:30 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-14 11:18 - 2009-07-13 23:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-08-14 11:18 - 2009-07-13 23:45 - 000024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-08-14 11:13 - 2017-06-24 13:01 - 000000000 ____D C:\AdwCleaner
2017-08-14 11:10 - 2017-06-24 14:40 - 000253856 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2017-08-14 11:10 - 2009-07-14 00:08 - 000000006 ____H C:\windows\Tasks\SA.DAT
2017-08-14 11:10 - 2009-07-13 22:20 - 000000000 ____D C:\windows\inf
2017-08-14 10:49 - 2013-04-10 16:48 - 000000000 ____D C:\Program Files (x86)\Inkscape
2017-08-14 10:33 - 2013-03-18 23:37 - 000000000 ____D C:\Program Files\WinRAR
2017-08-14 10:07 - 2012-12-08 14:30 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-08-14 10:07 - 2012-08-24 15:06 - 000000000 ____D C:\ProgramData\Skype
2017-08-14 10:06 - 2012-08-24 15:07 - 000000000 ____D C:\Users\Deejay\AppData\Roaming\Skype
2017-08-14 10:06 - 2011-10-24 14:02 - 000000000 ____D C:\Program Files (x86)\TOSHIBA Corporation
2017-08-14 10:06 - 2011-08-07 21:04 - 000000000 ____D C:\Program Files (x86)\TOSHIBA
2017-08-14 10:06 - 2011-08-07 21:01 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-14 10:06 - 2011-08-07 21:01 - 000000000 ____D C:\Program Files\TOSHIBA
2017-08-14 07:41 - 2017-06-25 07:24 - 000109272 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMChameleon.sys
2017-08-14 05:39 - 2017-06-26 13:22 - 000000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-08-14 05:35 - 2009-07-14 00:13 - 000813924 _____ C:\windows\system32\PerfStringBackup.INI
2017-08-13 20:10 - 2009-07-13 22:20 - 000000000 ____D C:\windows\rescache
2017-08-13 13:59 - 2012-12-29 07:33 - 000000132 _____ C:\Users\Deejay\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-08-12 03:35 - 2012-08-24 14:53 - 000000652 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaintTool SAI Ver.1.lnk
2017-08-11 02:00 - 2012-09-14 19:53 - 000000000 ____D C:\Users\Deejay\AppData\Local\Adobe
2017-08-10 06:10 - 2012-08-27 01:14 - 000000000 ____D C:\Users\Deejay\AppData\Roaming\SoftGrid Client
2017-08-10 06:10 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-08-10 06:09 - 2011-08-07 21:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-10 06:06 - 2017-06-26 13:22 - 000002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2017-08-10 05:57 - 2013-11-16 18:21 - 000001584 _____ C:\windows\Sandboxie.ini
2017-08-10 04:57 - 2017-07-04 16:10 - 000000000 ____D C:\Users\Deejay\Desktop\beeeep
2017-08-10 04:19 - 2013-04-07 01:52 - 000803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-08-10 04:19 - 2013-04-07 01:52 - 000004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-08-10 04:19 - 2013-04-07 01:52 - 000000000 ____D C:\windows\system32\Macromed
2017-08-10 04:19 - 2011-08-07 21:07 - 000144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-10 04:19 - 2011-08-07 21:07 - 000000000 ____D C:\windows\SysWOW64\Macromed
2017-08-10 03:42 - 2017-06-25 00:00 - 000000000 ____D C:\Users\Deejay\AppData\Local\SquirrelTemp
2017-08-10 03:39 - 2013-02-15 22:52 - 000126976 ___SH C:\Users\Deejay\Thumbs.db
2017-08-10 03:25 - 2012-08-24 02:35 - 000000000 ____D C:\Users\Deejay
2017-08-10 03:23 - 2012-09-17 10:21 - 000000000 ____D C:\Users\Guest
2017-08-10 03:23 - 2010-11-21 02:16 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-08-10 03:23 - 2009-07-13 22:20 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-10 03:23 - 2009-07-13 22:20 - 000000000 ____D C:\windows\registration
2017-08-10 03:22 - 2017-06-24 14:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-08-10 03:22 - 2011-08-07 21:08 - 000000000 ____D C:\ProgramData\Toshiba
2017-08-09 05:52 - 2011-10-24 13:24 - 000000000 ____D C:\Program Files (x86)\Intel
2017-08-09 04:21 - 2012-09-17 11:56 - 000000000 ____D C:\windows\pss
2017-08-09 03:45 - 2013-07-06 01:02 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-09 03:16 - 2009-07-14 00:08 - 000032554 _____ C:\windows\Tasks\SCHEDLGU.TXT
2017-08-09 03:15 - 2009-07-13 23:45 - 004914848 _____ C:\windows\system32\FNTCACHE.DAT
2017-08-09 03:06 - 2013-07-13 03:01 - 000000000 ____D C:\windows\system32\MRT
2017-08-09 03:01 - 2012-08-27 15:37 - 140394280 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-08-09 01:06 - 2012-08-29 07:52 - 000000000 ____D C:\Program Files (x86)\Kodak
2017-08-09 01:06 - 2012-08-29 07:50 - 000000000 ____D C:\ProgramData\Kodak
2017-08-09 01:05 - 2012-08-30 16:25 - 000000000 ____D C:\Users\Deejay\AppData\Local\Eastman_Kodak_Company
2017-08-09 00:56 - 2014-01-24 19:16 - 000000000 ____D C:\Users\Deejay\Desktop\big fart folder
2017-08-08 06:45 - 2017-07-04 15:35 - 000002166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-08 06:45 - 2017-07-04 15:35 - 000002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-06 23:59 - 2009-07-14 00:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-08-06 23:40 - 2013-12-15 18:56 - 000000000 ____D C:\Users\Deejay\AppData\Local\ElevatedDiagnostics
2017-08-06 08:26 - 2009-07-13 22:20 - 000000000 ____D C:\windows\system32\NDF
2017-08-05 07:40 - 2013-01-28 00:51 - 000001456 _____ C:\Users\Deejay\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-08-02 02:46 - 2017-06-25 04:51 - 000000000 ____D C:\windows\system32\appraiser
2017-08-02 02:07 - 2012-08-27 01:14 - 000807428 _____ C:\windows\SysWOW64\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2012-12-29 07:33 - 2017-08-13 13:59 - 000000132 _____ () C:\Users\Deejay\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-06-02 16:23 - 2013-11-16 17:24 - 000065618 _____ () C:\Users\Deejay\AppData\Roaming\Camdata.ini
2013-06-02 16:23 - 2013-11-16 17:24 - 000000408 _____ () C:\Users\Deejay\AppData\Roaming\CamLayout.ini
2013-06-02 16:23 - 2013-11-16 17:24 - 000000408 _____ () C:\Users\Deejay\AppData\Roaming\CamShapes.ini
2013-06-02 15:52 - 2013-11-16 17:24 - 000004537 _____ () C:\Users\Deejay\AppData\Roaming\CamStudio.cfg
2013-01-28 00:51 - 2017-08-05 07:40 - 000001456 _____ () C:\Users\Deejay\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-08-26 00:52 - 2013-12-01 19:26 - 000012800 _____ () C:\Users\Deejay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-30 17:01 - 2012-08-30 17:01 - 000000236 _____ () C:\Users\Deejay\AppData\Local\LaunchHomeCenter.log
2013-10-16 15:49 - 2013-10-16 15:49 - 000003284 _____ () C:\Users\Deejay\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_S-1-5-21-1148774451-3867332700-2556772270-1000_settings.cp.temp
2013-11-17 22:51 - 2013-11-17 22:51 - 000000218 _____ () C:\Users\Deejay\AppData\Local\recently-used.xbel
2017-08-12 05:54 - 2017-08-12 05:54 - 000007601 _____ () C:\Users\Deejay\AppData\Local\Resmon.ResmonCfg
2013-04-02 15:02 - 2013-01-14 11:34 - 000007680 _____ () C:\Users\Deejay\AppData\Local\Z@!-7f5d2e82-d5ec-4be7-86c7-d99a7eb4b533.tmp
2013-04-02 15:02 - 2013-01-14 11:34 - 000007168 _____ () C:\Users\Deejay\AppData\Local\Z@S!-1f4e4ecb-f41b-4ad1-9c2e-80cec4bbc40e.tmp
 
Some files in TEMP:
====================
2017-08-13 15:21 - 2017-07-07 10:31 - 001732864 _____ (Microsoft Corporation) C:\Users\Deejay\AppData\Local\Temp\dllnt_dump.dll
2017-08-14 09:48 - 2017-08-14 09:48 - 058782680 _____ (Skype Technologies S.A.) C:\Users\Deejay\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-13 08:24
 
==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by Deejay (14-08-2017 11:25:15)
Running from C:\Users\Deejay\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-08-24 07:35:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1148774451-3867332700-2556772270-500 - Administrator - Disabled)
Deejay (S-1-5-21-1148774451-3867332700-2556772270-1000 - Administrator - Enabled) => C:\Users\Deejay
Guest (S-1-5-21-1148774451-3867332700-2556772270-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1148774451-3867332700-2556772270-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.1.42 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.53 - Conexant)
Discord (HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\Discord) (Version: 0.0.298 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.90 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.5 - Google Inc.) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.27.00 - Hyperionics Technology LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.80.1213 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
join.me (HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\JoinMe) (Version: 1.12.3.173 - LogMeIn, Inc.)
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
m2tools CheeseWare EmoteMovieMaker (HKLM-x32\...\m2tools CheeseWare EmoteMovieMaker) (Version:  - )
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPaint 1.0.0 (HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\...\MyPaint) (Version: 1.0.0 - Martin Renold & MyPaint Development Team)
Mystery Legends: Sleepy Hollow (HKLM-x32\...\BFG-Mystery Legends - Sleepy Hollow) (Version:  - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
RogueKiller version 12.11.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.9.0 - Adlice Software)
RPG MAKER VX Ace Lite (HKLM-x32\...\RPGVXAceLite_E_is1) (Version: 1.01b - Enterbrain)
Sandboxie 4.06 (64-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Sonic Adventure™ 2  (HKLM-x32\...\Steam App 213610) (Version:  - SEGA)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.15.0 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 12.3.7 - )
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [ShellExt] -> {92C9F465-94D0-4C75-995D-2D20F0F88BCC} => C:\Program Files\Total Defense\Internet Security Suite\ccshell\ccshellext.dll -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2011-04-04] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [ShellExt] -> {92C9F465-94D0-4C75-995D-2D20F0F88BCC} => C:\Program Files\Total Defense\Internet Security Suite\ccshell\ccshellext.dll -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {139B4C71-D321-4FC4-BD4C-67CD79421F3C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-04] (Google Inc.)
Task: {199B0977-E760-48B5-B199-E25B3F1FCB4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-04] (Google Inc.)
Task: {2475A4AF-C1DE-47AA-97B6-87BFF08A9CA0} - System32\Tasks\AdobeAAMUpdater-1.0-Deejay-PC-Deejay => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {39FD90C6-9093-4DE6-AE20-EB5C58868D3B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {59B3A8F4-99F4-420E-8DAF-36ABF3097F72} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-10] (Adobe Systems Incorporated)
Task: {5C43933E-7017-4466-B94C-DBF8B9CCED0B} - System32\Tasks\{D70FF91D-009B-4060-B781-6D372A1291EB} => C:\windows\system32\pcalua.exe -a "C:\Users\Deejay\Downloads\Driver 5.02 D20131030_D20130918V3\Driver 5.02 D20131030_D20130918V3\SETUP.EXE" -d "C:\Users\Deejay\Downloads\Driver 5.02 D20131030_D20130918V3\Driver 5.02 D20131030_D20130918V3"
Task: {94D0FFAA-6C41-4D33-8BF4-0599E4072BF4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {96D018B9-83BB-4EE1-A3F2-736F22B35557} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\WSCStub.exe
Task: {B34123A5-97F9-4AE1-BD9A-3A3ED59ADA37} - System32\Tasks\{17EB23DD-5768-494E-B3DE-40C197A001A3} => C:\windows\system32\pcalua.exe -a C:\PaintToolSAI\uninst.exe
Task: {BCCEFE91-895C-4F13-BA5E-0FAFB7F726EC} - System32\Tasks\{1E428B2C-B149-4465-A0BF-AEEEE13771D0} => msiexec.exe /package "C:\Users\Deejay\Desktop\apploc.msi"
Task: {C08888FF-A7BE-461C-92EE-DFC70FE8BBD2} - System32\Tasks\{C0F68F42-1DA8-42C7-9906-66903FF468F5} => C:\windows\system32\pcalua.exe -a C:\Users\Deejay\Downloads\FirmwareFlashLauncher.exe -d C:\Users\Deejay\Downloads
Task: {C87FB5F5-86C2-4826-8A36-E7522FB169F5} - System32\Tasks\{4C65DB7C-279F-45F1-B10A-213A3D69387D} => C:\windows\system32\pcalua.exe -a C:\windows\SetupX32.EXE -c  /@SetupExt\Tablet
Task: {CA2B4090-BC39-463D-A6DB-5A9EFBD6CFBE} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {E2827492-601E-4429-8F0C-7DBDE691D7F1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E7C7B5E9-BCA2-46BD-B0DB-46FBE990A0AE} - System32\Tasks\{F4847E14-6A44-411D-8D4A-77439A50B8AB} => C:\windows\system32\pcalua.exe -a C:\Users\Deejay\Desktop\flux-setup.exe -d C:\Users\Deejay\Desktop
Task: {EB0286AF-11B7-4878-A670-7F88E701F143} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {F6F1AF41-2391-4B13-A44A-CAF84287288D} - System32\Tasks\{91872EAA-A2E2-4EF5-B428-3770F1EF3F4D} => C:\windows\system32\pcalua.exe -a C:\PROGRA~2\ACOUST~1\UNWISE.EXE -c C:\PROGRA~2\ACOUST~1\INSTALL.LOG
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Deejay\Desktop\big fart folder\Deejay - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Deejay\Desktop\big fart folder\wat - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-04-04 21:18 - 2011-04-04 21:18 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-09 23:09 - 2011-06-09 23:09 - 000079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2017-08-08 06:45 - 2017-08-02 02:39 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libglesv2.dll
2017-08-08 06:45 - 2017-08-02 02:39 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.90\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:5C6EBC69 [440]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-01-22 03:05 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Deejay\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: ccSchedulerSVC => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeBridge => 
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: cctray => "C:\Program Files\Total Defense\Internet Security Suite\casc.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: Discord => C:\Users\Deejay\AppData\Local\Discord\app-0.0.298\Discord.exe
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: EKStatusMonitor => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{04C7D69B-5915-4D6B-950E-87B53588849C}] => (Allow) LPort=5353
FirewallRules: [{6E4FE115-8D04-4A1B-BF0C-03C7D96D42BD}] => (Allow) LPort=5353
FirewallRules: [{1408A106-2385-42F1-B0F7-F1C218B7BE05}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{08CEFA2C-AB79-4515-89D5-CD292A471237}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D9137F4F-7E2B-41F9-8438-BCC858F0C1A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{07D09E10-71AA-4881-BEE1-FB562123F937}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{30238E02-E1F1-40FB-9A7C-E09267C36F29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{6B56D310-2021-467C-8AFB-E0C212E1117D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Adventure 2\Launcher.exe
FirewallRules: [{12561839-A2DE-4516-B8A8-4DF821A9B08A}] => (Allow) LPort=9322
FirewallRules: [{AE7F5F0A-4CBD-4A97-96F9-DFC75AF8DBC9}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{2BA06942-B7BB-452A-AD2F-485A94F1CBF7}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{36086F1C-128D-4FC6-B016-E4FBDF37FD63}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{520FC790-3DEC-448F-8214-D8906A761E73}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{DF86FBFA-362A-4E21-9A20-8FC340837C0F}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{17BB090C-F21F-4E99-997A-A301A0BCF329}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{640919D9-68A0-4455-A596-4F82F959D98A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{0D1765F4-4D31-4117-A89D-C76345F6D7D2}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{371D3BEE-35B1-4275-B8F5-7E03E0C4C507}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{DFD5C5D7-ED8B-438B-B379-53249767E335}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{73DE7405-9D1C-4B30-855F-C43B3A075DE8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
13-08-2017 20:09:28 Scheduled Checkpoint
14-08-2017 07:29:27 JRT Pre-Junkware Removal
14-08-2017 10:05:50 Removed Skype Launcher
14-08-2017 10:07:10 Removed Skype™ 7.0
14-08-2017 10:46:06 Removed Melodyne Runtime 4.1 (x64)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/14/2017 11:11:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/14/2017 10:58:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/14/2017 10:35:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/14/2017 10:07:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslaafa583c.
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/14/2017 10:05:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslaafa583c.
 
System Error:
The system cannot find the file specified.
.
 
Error: (08/14/2017 07:26:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/13/2017 09:51:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/12/2017 05:57:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/10/2017 06:23:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (08/10/2017 06:14:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (08/14/2017 10:55:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (08/14/2017 10:55:34 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (08/14/2017 10:55:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (08/14/2017 10:55:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sandboxie Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/14/2017 10:55:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/14/2017 10:55:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/14/2017 10:55:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (08/14/2017 10:55:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD SSD Alert Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/14/2017 10:55:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TMachInfo service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/14/2017 10:55:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA Power Saver service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2014-02-15 19:46:15.326
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PTSimBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-15 19:46:15.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PTSimBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 51%
Total physical RAM: 4043.86 MB
Available physical RAM: 1968.04 MB
Total Virtual: 8085.9 MB
Available Virtual: 5893.77 MB
 
==================== Drives ================================
 
Drive c: (TI106238W0C) (Fixed) (Total:582.43 GB) (Free:478.82 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 56BDD8DA)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=582.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.3 GB) - (Type=17)
 
==================== End of Addition.txt ============================

Edited by hamluis, 14 August 2017 - 11:57 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:32 PM

Posted 15 August 2017 - 07:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 

I decided to delete them myself as posted here: https://www.bleepingcomputer.com/forums/t/654252/cleaning-up-old-computer-possible-pupmalware-remnants/#entry4309527 and AdwCleaner does not detect them any longer.

I do know that those files shouldn't be there as I researched Microsoft's location for Gacutil and everything such like this should be within the computer/windows/etc folders. Not a user default folder..?
The files are sitting within my recyling bin in case further analysis is desired but they seem harmless sitting there. I have no idea where they came from as they were never detected until today.

Considering the constant revival of these markups I wonder if some nasty adware is still on here. All other information can be found in the link above.

Current symptoms are mostly positive. However I do notice right upon boot up it looks like something tries to start but shuts down immediately. It's a white window that flashes for half a second.


You probably do not need these files.
https://www.codeproject.com/Tips/1042155/How-to-Install-gacutil-exe-on-a-Windows-Server
====

Run this the Farbar tool and clean these entires.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-04]
CHR Extension: (Chrome Media Router) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
S3 CaCCProvSP; "C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe" [X]
S4 ccSchedulerSVC; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [X]
ContextMenuHandlers1: [ShellExt] -> {92C9F465-94D0-4C75-995D-2D20F0F88BCC} => C:\Program Files\Total Defense\Internet Security Suite\ccshell\ccshellext.dll -> No File
ContextMenuHandlers6: [ShellExt] -> {92C9F465-94D0-4C75-995D-2D20F0F88BCC} => C:\Program Files\Total Defense\Internet Security Suite\ccshell\ccshellext.dll -> No File


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Is you problem persisting at Startup.

#3 Cleaningmompc

Cleaningmompc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 15 August 2017 - 08:52 AM

Ccleaner deleted the files but I'll take a look at the link provided. 
 
As for the start up issue It was still there. I'll try running a clean boot and see if I can isolate it. If you have any other suggestions please let me know. 
 
EDIT 11:40am CT:  I think I figured it out. It was my tablet driver starting up. So that's a relief. 
 
I've scanned my computer with various tools and the logs are coming up clean so far. But I'll be sure to let you know if they have any further issues. 
 
Here is the log 
 
---
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 12-08-2017
Ran by Deejay (15-08-2017 08:35:48) Run:1
Running from C:\Users\Deejay\Downloads
Loaded Profiles: Deejay (Available Profiles: Deejay & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1148774451-3867332700-2556772270-1000 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-04]
CHR Extension: (Chrome Media Router) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
S3 CaCCProvSP; "C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe" [X]
S4 ccSchedulerSVC; C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [X]
ContextMenuHandlers1: [ShellExt] -> {92C9F465-94D0-4C75-995D-2D20F0F88BCC} => C:\Program Files\Total Defense\Internet Security Suite\ccshell\ccshellext.dll -> No File
ContextMenuHandlers6: [ShellExt] -> {92C9F465-94D0-4C75-995D-2D20F0F88BCC} => C:\Program Files\Total Defense\Internet Security Suite\ccshell\ccshellext.dll -> No File
 
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-1148774451-3867332700-2556772270-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value removed successfully
HKLM\Software\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => key not found. 
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => key removed successfully
HKLM\Software\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} => key not found. 
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922 => key removed successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-04] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Deejay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\CaCCProvSP => key removed successfully
CaCCProvSP => service removed successfully
HKLM\System\CurrentControlSet\Services\ccSchedulerSVC => key removed successfully
ccSchedulerSVC => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ShellExt => key removed successfully
HKLM\Software\Classes\CLSID\{92C9F465-94D0-4C75-995D-2D20F0F88BCC} => key removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\ShellExt => key removed successfully
HKLM\Software\Classes\CLSID\{92C9F465-94D0-4C75-995D-2D20F0F88BCC} => key not found. 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 64935620 B
Java, Flash, Steam htmlcache => 612 B
Windows/system/drivers => 4730124 B
Edge => 0 B
Chrome => 331263947 B
Firefox => 60195398 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 85302 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42303676 B
systemprofile32 => 115608 B
LocalService => 16384 B
NetworkService => 43854 B
Deejay => 78617670 B
Guest => 230563134 B
 
RecycleBin => 0 B
EmptyTemp: => 783.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:38:22 ====

Edited by Cleaningmompc, 15 August 2017 - 11:40 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:32 PM

Posted 15 August 2017 - 01:11 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 Cleaningmompc

Cleaningmompc
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:32 PM

Posted 15 August 2017 - 01:19 PM

Alright thank you! 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users