Jump to content

Typical Trojan help


Recommended Posts

FRST -

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by xvion (administrator) on NATAYSHA (13-02-2016 22:00:05)
Running from C:\Users\xvion\Desktop
Loaded Profiles: xvion (Available Profiles: xvion)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSISvc32.exe
() C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSISvc64.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.16941.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
() C:\Program Files\WindowsApps\48694Comics.Comics_1.1.4.0_x64__tevn358vk4h6m\Comics++.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-07-17] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2015-12-25] (Pixart Imaging Inc)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-07-17] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [3724528 2015-06-25] (Portrait Displays, Inc.)
HKLM\...\Run: [NahimicMSIUILauncher] => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe [532448 2015-06-23] ()
HKLM\...\Run: [Radio Manager] => C:\Program Files (x86)\SCM\Radio Manager.exe [406920 2013-06-28] (MSI)
HKLM\...\Run: [sCM] => C:\Program Files (x86)\SCM\SCM.exe [410016 2013-06-28] (MSI)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3920552 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [sUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKU\S-1-5-21-2003060387-433549109-3455326403-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-2003060387-433549109-3455326403-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4179288 2015-11-30] (Disc Soft Ltd)
HKU\S-1-5-21-2003060387-433549109-3455326403-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50615936 2016-01-18] (Skype Technologies S.A.)
HKU\S-1-5-21-2003060387-433549109-3455326403-1001\...\RunOnce: [uninstall C:\Users\xvion\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\xvion\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_2\amd64"
HKU\S-1-5-21-2003060387-433549109-3455326403-1001\...\MountPoints2: {703d16b4-ab1e-11e5-9bd7-b46d83d28b96} - "G:\autorun.exe"
HKU\S-1-5-21-2003060387-433549109-3455326403-1001\...\MountPoints2: {d51268fd-cc95-11e5-9be3-d8cb8a8309ba} - "H:\setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-07-20]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2015-07-20]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{f4e3ccb1-ead2-4226-9817-4f87362251ea}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKU\S-1-5-21-2003060387-433549109-3455326403-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oem15.msn.com/?pc=NMTE
HKU\S-1-5-21-2003060387-433549109-3455326403-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oem15.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2003060387-433549109-3455326403-1001 -> DefaultScope {9AC0DBB0-E968-40CB-AFA9-6566EAD4DA6D} URL =
SearchScopes: HKU\S-1-5-21-2003060387-433549109-3455326403-1001 -> {9AC0DBB0-E968-40CB-AFA9-6566EAD4DA6D} URL =
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
 
Chrome:
=======
CHR HomePage: Profile 1 -> hxxp://i.maxthon.com/en-us.htm
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-25]
CHR Extension: (Google Drive) - C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-25]
CHR Extension: (YouTube) - C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-25]
CHR Extension: (Adblock Plus) - C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-06]
CHR Extension: (Google Search) - C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-25]
CHR Extension: (Google Docs Offline) - C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-25]
CHR Extension: (Gmail) - C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1368408 2015-11-30] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-07-17] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [174352 2015-12-25] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-25] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2013-06-28] (Micro-Star International Co., Ltd.) [File not signed]
R2 MsiTrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [175344 2015-06-25] (Portrait Displays, Inc.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-07-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-07-17] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW10x64.sys [114736 2015-07-07] (Rivet Networks, LLC.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-12-25] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2015-12-25] (Disc Soft Ltd)
R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-12-25] (ELECOM)
R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-12-25] (ELECOM)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [300304 2015-12-25] (Intel Corporation)
R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [124464 2015-04-27] (Qualcomm Atheros, Inc.)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [183584 2015-06-12] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3776792 2015-06-22] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46768 2015-07-17] (NVIDIA Corporation)
S3 pnx; C:\Windows\System32\Drivers\pnx.sys [26144 2007-09-06] (TigerGame.,Ltd)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [411712 2015-07-17] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-17] (Synaptics Incorporated)
R3 ssdevfactory; C:\Windows\System32\drivers\ssdevfactory.sys [32792 2015-06-01] (SteelSeries ApS)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [51400 2015-11-13] (SteelSeries ApS)
R3 ssps2; C:\Windows\System32\drivers\ssps2.sys [32768 2015-05-28] (SteelSeries ApS)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2015-12-25] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-13 22:00 - 2016-02-13 22:00 - 00018483 _____ C:\Users\xvion\Desktop\FRST.txt
2016-02-13 22:00 - 2016-02-13 22:00 - 00000000 ____D C:\FRST
2016-02-13 21:59 - 2016-02-13 21:59 - 02370560 _____ (Farbar) C:\Users\xvion\Downloads\FRST64 (1).exe
2016-02-13 21:59 - 2016-02-13 21:59 - 02370560 _____ (Farbar) C:\Users\xvion\Desktop\FRST64.exe
2016-02-12 23:25 - 2016-02-12 23:25 - 00254764 _____ C:\WINDOWS\Minidump\021216-27281-01.dmp
2016-02-10 00:52 - 2016-01-26 23:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 00:52 - 2016-01-26 23:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 00:52 - 2016-01-26 22:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 00:51 - 2016-01-29 00:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 00:51 - 2016-01-29 00:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 00:51 - 2016-01-27 00:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 00:51 - 2016-01-27 00:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 00:51 - 2016-01-27 00:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 00:51 - 2016-01-27 00:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 00:51 - 2016-01-27 00:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 00:51 - 2016-01-26 23:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 00:51 - 2016-01-26 23:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 00:51 - 2016-01-26 23:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 00:51 - 2016-01-26 23:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 00:51 - 2016-01-26 23:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 00:51 - 2016-01-26 23:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 00:51 - 2016-01-26 23:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 00:51 - 2016-01-26 23:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 00:51 - 2016-01-26 23:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 00:51 - 2016-01-26 23:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 00:51 - 2016-01-26 23:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 00:51 - 2016-01-26 23:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 00:51 - 2016-01-26 23:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 00:51 - 2016-01-26 23:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 00:51 - 2016-01-26 23:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 00:51 - 2016-01-26 23:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 00:51 - 2016-01-26 23:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 00:51 - 2016-01-26 23:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 00:51 - 2016-01-26 23:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 00:51 - 2016-01-26 23:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 00:51 - 2016-01-26 23:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 00:51 - 2016-01-26 23:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 00:51 - 2016-01-26 23:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 00:51 - 2016-01-26 23:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 00:51 - 2016-01-26 23:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 00:51 - 2016-01-26 23:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 00:51 - 2016-01-26 23:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 00:51 - 2016-01-26 23:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 00:51 - 2016-01-26 23:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 00:51 - 2016-01-26 23:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 00:51 - 2016-01-26 23:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 00:51 - 2016-01-26 23:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 00:51 - 2016-01-26 23:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 00:51 - 2016-01-26 23:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 00:51 - 2016-01-26 22:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 00:51 - 2016-01-26 22:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 00:51 - 2016-01-26 22:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 00:51 - 2016-01-26 22:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 00:51 - 2016-01-26 22:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 00:51 - 2016-01-26 22:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 00:51 - 2016-01-26 22:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 00:51 - 2016-01-26 22:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 00:51 - 2016-01-26 22:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 00:51 - 2016-01-26 22:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 00:51 - 2016-01-26 22:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 00:51 - 2016-01-26 22:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 00:51 - 2016-01-26 22:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 00:51 - 2016-01-26 22:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 00:51 - 2016-01-26 22:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 00:51 - 2016-01-26 22:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 00:51 - 2016-01-26 22:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 00:51 - 2016-01-26 22:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 00:51 - 2016-01-26 22:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 00:51 - 2016-01-26 22:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 00:51 - 2016-01-26 22:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-08 21:48 - 2016-02-08 21:48 - 00000000 ____D C:\Users\xvion\AppData\Local\Skyrim
2016-02-08 21:47 - 2013-07-30 12:04 - 00001003 ____N C:\Users\xvion\Downloads\README.txt
2016-02-08 21:45 - 2016-02-08 21:45 - 00055624 _____ C:\Users\xvion\Downloads\steam_api.zip
2016-02-08 21:39 - 2016-02-13 21:54 - 00000000 ____D C:\Users\xvion\Desktop\Please Burn
2016-02-08 21:37 - 2016-02-08 21:41 - 00001587 _____ C:\Users\Public\Desktop\The Elder Scrolls V Skyrim - Legendary Edition.lnk
2016-02-08 21:37 - 2016-02-08 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2016-02-06 14:08 - 2016-02-06 14:08 - 00674529 _____ C:\Users\xvion\Downloads\I-m-Eighteen (1).pdf
2016-02-06 14:07 - 2016-02-06 14:07 - 00674532 _____ C:\Users\xvion\Downloads\I-m-Eighteen.pdf
2016-02-05 23:40 - 2016-02-05 23:40 - 00000000 ____D C:\WINDOWS\MRLH
2016-02-05 23:35 - 2016-02-05 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ILLUSION
2016-02-05 23:34 - 2016-02-05 23:34 - 00000000 ____D C:\ILLUSION
2016-02-05 23:17 - 2016-02-05 23:17 - 00003274 _____ C:\WINDOWS\System32\Tasks\{A44F44CD-929A-4585-9944-381B2B8F8517}
2016-02-05 12:07 - 2016-02-08 17:23 - 00000000 ____D C:\Users\xvion\Desktop\Dragon Ball
2016-02-05 11:23 - 2016-02-05 22:43 - 00000000 ____D C:\Users\xvion\Desktop\Fullmetal Alchemist- Brotherhood(1-64)
2016-02-05 11:23 - 2016-02-05 22:30 - 00000000 ____D C:\Users\xvion\Desktop\Full Metal Alchemist 1-51 [Eng dub] + Movie
2016-02-05 09:18 - 2016-02-05 22:44 - 00000000 ____D C:\Users\xvion\Desktop\Gentleman Bastard Series 1-3 Scott Lynch
2016-02-05 08:44 - 2016-02-05 23:01 - 00000000 ____D C:\Users\xvion\Desktop\[Vivid] Owari no Seraph - 01-12 [TV 720p]
2016-02-05 08:08 - 2016-02-05 22:54 - 00000000 ____D C:\Users\xvion\Desktop\yu yu hakusho
2016-01-29 23:00 - 2016-01-29 23:00 - 00000607 _____ C:\Users\xvion\Documents\Honest.txt
2016-01-29 22:36 - 2016-01-29 22:36 - 00000492 _____ C:\Users\xvion\Documents\Beg.txt
2016-01-28 18:08 - 2016-01-16 00:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 18:08 - 2016-01-16 00:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 18:08 - 2016-01-16 00:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 18:08 - 2016-01-16 00:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 18:08 - 2016-01-16 00:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 18:08 - 2016-01-16 00:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 18:08 - 2016-01-16 00:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 18:08 - 2016-01-16 00:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 18:08 - 2016-01-16 00:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 18:08 - 2016-01-16 00:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 18:08 - 2016-01-16 00:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 18:08 - 2016-01-16 00:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 18:08 - 2016-01-16 00:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 18:08 - 2016-01-16 00:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 18:08 - 2016-01-16 00:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 18:08 - 2016-01-16 00:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 18:08 - 2016-01-16 00:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 18:08 - 2016-01-16 00:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 18:08 - 2016-01-16 00:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 18:08 - 2016-01-16 00:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 18:08 - 2016-01-16 00:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 18:08 - 2016-01-16 00:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 18:08 - 2016-01-15 23:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 18:08 - 2016-01-15 23:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 18:08 - 2016-01-15 23:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 18:08 - 2016-01-15 23:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 18:08 - 2016-01-15 23:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 18:08 - 2016-01-15 23:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 18:08 - 2016-01-15 23:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 18:08 - 2016-01-15 23:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 18:08 - 2016-01-15 23:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 18:08 - 2016-01-15 23:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 18:08 - 2016-01-15 23:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 18:08 - 2016-01-15 23:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 18:08 - 2016-01-15 23:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 18:08 - 2016-01-15 23:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 18:08 - 2016-01-15 23:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 18:08 - 2016-01-15 23:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 18:08 - 2016-01-15 23:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 18:08 - 2016-01-15 23:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 18:08 - 2016-01-15 23:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 18:08 - 2016-01-15 23:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 18:08 - 2016-01-15 23:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 18:08 - 2016-01-15 23:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 18:08 - 2016-01-15 23:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 18:08 - 2016-01-15 23:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 18:08 - 2016-01-15 23:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 18:08 - 2016-01-15 23:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 18:08 - 2016-01-15 23:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 18:08 - 2016-01-15 23:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 18:08 - 2016-01-15 23:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 18:08 - 2016-01-15 23:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 18:08 - 2016-01-15 23:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 18:08 - 2016-01-15 23:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 18:08 - 2016-01-15 23:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 18:08 - 2016-01-15 23:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 18:08 - 2016-01-15 23:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 18:08 - 2016-01-15 23:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 18:08 - 2016-01-15 23:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 18:08 - 2016-01-15 23:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 18:08 - 2016-01-15 23:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 18:08 - 2016-01-15 23:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 18:08 - 2016-01-15 23:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 18:08 - 2016-01-15 23:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 18:08 - 2016-01-15 23:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 18:08 - 2016-01-15 23:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 18:08 - 2016-01-15 23:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 18:08 - 2016-01-15 23:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 18:08 - 2016-01-15 23:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 18:08 - 2016-01-15 23:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 18:08 - 2016-01-15 23:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 18:08 - 2016-01-15 23:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 18:08 - 2016-01-15 23:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 18:08 - 2016-01-15 23:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 18:08 - 2016-01-15 23:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 18:08 - 2016-01-15 23:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 18:08 - 2016-01-15 23:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 18:08 - 2016-01-15 23:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 18:08 - 2016-01-15 23:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 18:08 - 2016-01-15 23:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 18:08 - 2016-01-15 23:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 18:08 - 2016-01-15 23:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 18:08 - 2016-01-15 23:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 18:08 - 2016-01-15 23:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 18:08 - 2016-01-15 23:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 18:08 - 2016-01-15 23:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 18:08 - 2016-01-15 23:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 18:08 - 2016-01-15 23:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 18:08 - 2016-01-15 23:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 18:08 - 2016-01-15 23:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 18:08 - 2016-01-15 23:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 18:08 - 2016-01-15 23:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 18:08 - 2016-01-15 23:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 18:08 - 2016-01-15 23:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 18:08 - 2016-01-15 23:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 18:08 - 2016-01-15 23:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 18:08 - 2016-01-15 23:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 18:08 - 2016-01-15 23:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 18:08 - 2016-01-15 23:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 18:08 - 2016-01-15 23:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 18:08 - 2016-01-15 23:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 18:08 - 2016-01-15 23:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 18:08 - 2016-01-15 23:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 18:08 - 2016-01-15 23:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 18:08 - 2016-01-15 23:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 18:08 - 2016-01-15 23:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 18:08 - 2016-01-15 23:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 18:08 - 2016-01-15 23:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-25 02:08 - 2016-01-25 02:08 - 00332276 _____ C:\WINDOWS\Minidump\012516-20843-01.dmp
2016-01-23 11:11 - 2016-01-23 11:11 - 00001461 _____ C:\Users\Public\Desktop\UltimateKnightウィンダムSV_LV.lnk
2016-01-23 11:11 - 2016-01-23 11:11 - 00000000 ____D C:\Users\xvion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltimateKnight ウィンダムSV LiteVersion
2016-01-23 11:10 - 2016-01-23 11:11 - 00000000 ____D C:\Program Files (x86)\Ultimate Knight WindomSV LiteVersion
2016-01-23 11:08 - 2016-01-23 11:50 - 00000000 ____D C:\Users\xvion\Documents\Locale.Emulator.2.1.1.0
2016-01-21 21:49 - 2016-01-21 21:49 - 00000000 ____D C:\Users\xvion\Documents\Mosin-Nagant
2016-01-21 12:49 - 2016-01-21 12:49 - 00001061 _____ C:\Users\xvion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoyToKey.lnk
2016-01-20 17:14 - 2016-01-20 17:40 - 593864242 _____ C:\Users\xvion\Downloads\Gauntlet - Dark Legacy (USA) (1).7z
2016-01-20 15:41 - 2016-01-20 17:44 - 1560521840 _____ C:\Users\xvion\Downloads\Mercenaries - Playground of Destruction (USA) (1).7z
2016-01-20 15:41 - 2016-01-20 17:14 - 1782063577 _____ C:\Users\xvion\Downloads\ShellShock - Nam '67 (USA) (1).7z
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-01-20 15:39 - 2016-01-20 15:39 - 00000000 ____D C:\Program Files\7-Zip
2016-01-19 22:06 - 2016-01-19 22:06 - 00000000 ____D C:\Users\xvion\AppData\Local\NahimicMSI1.2.2
2016-01-19 21:59 - 2016-01-19 21:59 - 00000000 ____D C:\Users\xvion\Documents\PCSX2
2016-01-19 21:50 - 2016-02-12 23:25 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-19 21:50 - 2016-01-19 21:51 - 00308580 _____ C:\WINDOWS\Minidump\011916-322875-01.dmp
2016-01-19 21:45 - 2016-02-12 23:25 - 1241981316 _____ C:\WINDOWS\MEMORY.DMP
2016-01-19 21:30 - 2016-01-19 21:30 - 00000000 ____D C:\Program Files\VID_0E8F&PID_0003
2016-01-19 21:30 - 2016-01-19 21:30 - 00000000 ____D C:\Program Files (x86)\VID_0E8F&PID_0003
2016-01-19 21:29 - 2016-01-19 21:30 - 02732822 _____ C:\Users\xvion\Downloads\MF001.rar
2016-01-19 21:16 - 2016-01-19 21:16 - 00001074 _____ C:\Users\xvion\Desktop\PCSX.lnk
2016-01-19 21:14 - 2016-01-19 21:14 - 00000000 ____D C:\Program Files (x86)\TigerGame XBOX+PS2+GC Game Controller Adapter
2016-01-19 21:14 - 2007-09-12 23:09 - 00025120 _____ (Beijing WiseGrup.,Ltd (gamepad.yeah.net)) C:\WINDOWS\system32\Drivers\xpad.sys
2016-01-19 21:14 - 2007-09-06 01:26 - 00026144 _____ (TigerGame.,Ltd) C:\WINDOWS\system32\Drivers\pnx.sys
2016-01-19 21:14 - 2007-09-06 01:13 - 00307200 _____ (TigerGame) C:\WINDOWS\SysWOW64\pnx.dll
2016-01-19 21:14 - 2007-09-06 01:10 - 00315904 _____ (TigerGame) C:\WINDOWS\system32\pnx.dll
2016-01-19 21:14 - 2007-09-06 00:49 - 00032768 _____ (TigerGame Ltd.,) C:\WINDOWS\SysWOW64\ffdrv1.dll
2016-01-19 21:14 - 2007-09-06 00:48 - 00038400 _____ (TigerGame Ltd.,) C:\WINDOWS\system32\ffdrv1.dll
2016-01-19 21:14 - 2007-05-16 22:24 - 00017192 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\3in1 DriverLoader.exe
2016-01-19 21:11 - 2016-01-19 21:13 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2016-01-19 21:11 - 2016-01-19 21:12 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-01-19 21:11 - 2016-01-19 21:12 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-01-19 21:11 - 2016-01-19 21:11 - 00002018 _____ C:\Users\Public\Desktop\PCSX2 1.4.0.lnk
2016-01-19 20:59 - 2016-01-19 20:59 - 00000000 ____D C:\Program Files (x86)\PCSXe1925
2016-01-19 00:09 - 2016-01-19 00:09 - 00000000 ____D C:\Users\xvion\AppData\Roaming\java
2016-01-19 00:09 - 2016-01-19 00:09 - 00000000 ____D C:\Users\xvion\AppData\Roaming\.minecraft
2016-01-19 00:06 - 2016-01-19 00:09 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-01-19 00:06 - 2016-01-19 00:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-13 21:51 - 2015-12-27 02:24 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EDFDD570-CC63-4BF0-B919-C0032ECBCD14}
2016-02-13 21:17 - 2015-12-25 22:59 - 00000000 ____D C:\Users\xvion\AppData\Roaming\Skype
2016-02-13 18:54 - 2015-12-28 19:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-13 15:22 - 2015-12-29 12:52 - 00000000 ____D C:\Users\xvion\Documents\My Games
2016-02-13 15:17 - 2015-12-25 10:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-13 15:16 - 2016-01-06 20:30 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-13 15:16 - 2015-12-25 09:59 - 00000000 __SHD C:\Users\xvion\IntelGraphicsProfiles
2016-02-13 15:14 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-13 15:14 - 2015-07-17 10:12 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-13 09:03 - 2016-01-06 20:33 - 00000000 ____D C:\Users\xvion
2016-02-13 00:22 - 2015-12-25 10:05 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-13 00:10 - 2015-07-20 15:28 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-12 23:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-12 23:27 - 2015-12-25 10:05 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-12 23:25 - 2016-01-06 20:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-12 22:48 - 2015-12-25 10:23 - 00000000 ____D C:\Users\xvion\AppData\Local\MicrosoftEdge
2016-02-11 20:46 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-11 16:28 - 2015-07-17 10:35 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-11 02:41 - 2015-10-30 00:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-11 02:40 - 2015-10-30 03:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 18:24 - 2005-11-22 12:07 - 00000000 ____D C:\Users\xvion\Desktop\Xbox360
2016-02-10 18:23 - 2015-12-25 10:05 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 02:21 - 2015-12-25 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-10 02:19 - 2015-12-25 14:52 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-10 02:18 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-09 21:17 - 2015-12-25 10:05 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-09 21:17 - 2015-12-25 10:05 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-08 21:38 - 2015-12-25 10:10 - 00000001 _____ C:\Users\Public\Documents\dgc.txt
2016-02-08 17:40 - 2015-12-25 09:59 - 00000000 ____D C:\Users\xvion\AppData\Local\Packages
2016-02-07 14:58 - 2015-12-25 11:30 - 00000000 ____D C:\Users\xvion\AppData\Local\Steam
2016-02-06 21:02 - 2015-12-25 10:05 - 00002373 _____ C:\Users\xvion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-06 21:02 - 2015-12-25 10:05 - 00000000 ___RD C:\Users\xvion\OneDrive
2016-02-05 23:34 - 2015-07-20 15:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-03 13:01 - 2015-10-30 01:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 13:01 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-30 22:27 - 2015-12-25 22:59 - 00000000 ____D C:\ProgramData\Skype
2016-01-30 08:56 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-28 23:30 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-28 23:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-28 23:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-28 23:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-28 23:29 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-28 23:29 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-28 23:29 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-28 17:53 - 2015-12-28 12:22 - 00000000 ____D C:\Users\xvion\AppData\Roaming\Awesomium
2016-01-19 22:25 - 2015-12-25 11:19 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-01-19 21:50 - 2016-01-06 20:05 - 00189264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-19 21:50 - 2015-10-30 03:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-01-19 21:50 - 2015-10-30 03:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-01-19 21:50 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-01-19 21:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-01-19 21:49 - 2015-10-30 03:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-01-19 21:49 - 2015-10-30 03:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-01-19 21:49 - 2015-10-30 03:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-01-19 21:49 - 2015-10-30 03:02 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-01-19 21:49 - 2015-10-30 03:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-01-19 21:49 - 2015-10-30 03:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\Com
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\IME
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Help
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-01-19 21:49 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-01-19 21:49 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-01-19 21:49 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-01-19 21:49 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-01-19 21:49 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\servicing
2016-01-19 21:46 - 2015-10-30 03:03 - 00000000 ____D C:\WINDOWS\OCR
 
==================== Files in the root of some directories =======
 
2016-01-06 20:30 - 2016-01-06 20:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\xvion\AppData\Local\Temp\_is4E72.exe
C:\Users\xvion\AppData\Local\Temp\_is7E52.exe
C:\Users\xvion\AppData\Local\Temp\_isC7A9.exe
C:\Users\xvion\AppData\Local\Temp\_isF65C.exe
C:\Users\xvion\AppData\Local\Temp\_isFACF.exe
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-02-12 22:04
 
==================== End of FRST.txt ============================

 

Addition.txt

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please re-run 51a46ae42d560-malwarebytes_anti_malware. Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detection & Protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and upload your next reply.
Link to post
Share on other sites

Let's run one more tool
 
 
51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

Link to post
Share on other sites

The symptoms strangely dissipated after running  FRST and another Malwarebytes run. The tricky thing with virus/roots/trojans... they like to hide. The file didn't want to attach, so I'll paste it here: 

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by xvion on Mon 02/15/2016 at 13:48:30.58.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\xvion\Desktop\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
2/15/2016 1:49:26 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\xvion\AppData\Local\ActiveSync deleted successfully
C:\Users\xvion\AppData\Local\NetworkTiles deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
 
==== Chromium Look ======================
 
Google Chrome Version: 31.0.1650.59
 
 
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9AC0DBB0-E968-40CB-AFA9-6566EAD4DA6D}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{9AC0DBB0-E968-40CB-AFA9-6566EAD4DA6D}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{9AC0DBB0-E968-40CB-AFA9-6566EAD4DA6D} - http://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE;
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{9AC0DBB0-E968-40CB-AFA9-6566EAD4DA6D}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{9AC0DBB0-E968-40CB-AFA9-6566EAD4DA6D} - http://www.bing.com/search?q={searchTerms}&form=PRNAM1&src=IE11TR&pc=NMTE;
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{9AC0DBB0-E968-40CB-AFA9-6566EAD4DA6D} - No_Url_Value
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\xvion\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\xvion\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\xvion\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\xvion\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\xvion\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=89 folders=58 120368146 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\xvion\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Mon 02/15/2016 at 14:19:28.55 ======================
 
Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.