Jump to content

Recommended Posts

Can anyone help me, i had a program that i double clicked on and it turned out to be a virus, so i ran malawarebytes to see if i can get rid of the problem, this was the result that showed up:

http://s23.postimg.org/c2oeq0n63/screenshot_149.png

it shows i had a backdoor.bot and trojan.stolendata, i researched the viruses and it turns out it can steal data and hackers can gain control of the computer.

The anti-virus program got rid of the viruses and quarrentined them.

then i proceded to system restore back before i downloaded this program, but when i did that the computer would restart itself two times then i was presented with a black screen with a mouse crusor to move around, it indictaed that ithe system restore would no longer work, so i'm wondering if i still have a virus

and everytime i reboot and logon, this message always pops up:http://s9.postimg.org/a0ba1nbv3/screenshot_150.png

This popup is mentioning the virus location is no longer there, and i can't get rid of the popup

the backdoor.bot and trojan.stolendata virus iam extremely worried about, what if my bank account was hacked or if hackers already gained a hold of all my data on my computer and iam completely screwed,

Lastly, i rescanned my computer and it reported no viruses, so were these viruses false positives, am i safe or not?

screenshot_149.png

screenshot_150.png

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please do not change passwords on this computer or use it for any sensitive uses until we've ensured that it's clean. You may change passwords from another computer that you know to be safe and secure.

Ignore the missing 3 steps and please run the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Gabriel (Administrator) on Sat 04/16/2016 at 22:10:46.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 26 

Successfully deleted: C:\Users\Gabriel\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil (Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Public\Desktop\hotspot shield.lnk (Shortcut) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ6YFEYS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ6YFEYS (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMYPVSVG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJRLWW52 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQGB70J1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQGB70J1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ6YFEYS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQ6YFEYS (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMYPVSVG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJRLWW52 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQGB70J1 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQGB70J1 (Temporary Internet Files Folder) 

Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5BD492AB169182D6DBF0E20936CE7D71 (Registry Value) 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/16/2016 at 22:11:36.38
End of JRT log

 

 

# AdwCleaner v5.111 - Logfile created 16/04/2016 at 22:13:53
# Updated 14/04/2016 by Xplode
# Database : 2016-04-15.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Gabriel - GABRIEL-PC
# Running from : E:\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver
Folder Found : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
Folder Found : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp

***** [ Files ] *****

File Found : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
File Found : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_xoncisfktn-a.akamaihd.net_0.localstorage-journal

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKCU\Software\b1.org
Key Found : HKLM\SOFTWARE\b1.org
Key Found : [x64] HKLM\SOFTWARE\b1.org
Key Found : HKU\S-1-5-21-3115927195-901017698-3625494767-1000\Software\b1.org

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [1651 bytes] - [16/04/2016 22:13:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1724 bytes] ##########

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
Ran by Gabriel (administrator) on GABRIEL-PC (16-04-2016 22:24:06)
Running from E:\Downloads\
Loaded Profiles: Gabriel (Available Profiles: Gabriel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) E:\Bluetooth Software\btwdins.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Micro-Star INT'L CO., LTD.) E:\Program Files\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Beepa P/L) E:\Fraps\fraps64.dat
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) E:\Downloads\pics and vid for element wd\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407104 2015-12-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-24] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Live Update] => E:\Program Files\Live Update\Live Update.exe [11336656 2016-03-16] (Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [GoogleChromeAutoLaunch_5BD492AB169182D6DBF0E20936CE7D71] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-01-15] (Google Inc.)
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d5-faef-11e5-8f91-40e23092e341} - D:\setup-disc1.exe
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d8-faef-11e5-8f91-40e23092e341} - D:\setup-disc1.exe
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d9-faef-11e5-8f91-40e23092e341} - D:\run32.exe
Lsa: [Notification Packages] scecli E:\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-01-17]
ShortcutTarget: Bluetooth.lnk -> E:\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{0665F3A5-C1D9-44F9-98CF-744C3D1CDC49}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\tli2l2y2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Extension: SaveFrom.net - helper - C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\tli2l2y2.default\Extensions\helper-sig@savefrom.net.xpi [2016-01-25]
StartMenuInternet: FIREFOX.EXE - E:\Program Files\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\pdf.dll => No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.710.15) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 8 U71) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll => No File
CHR Profile: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tampermonkey) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-15]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-04-15]
CHR Extension: (Video Downloader professional) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-04-16]
CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2016-04-15]
CHR Extension: (AdBlock) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-16]
CHR Extension: (StayFocusd) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-04-15]
CHR Extension: (tinyFilter - Reliable Content Filtering) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2016-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; E:\Bluetooth Software\btwdins.exe [1008384 2014-07-17] (Broadcom Corporation.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-12-11] (DTS, Inc)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [36008 2015-11-04] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2731648 2016-03-31] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-03-31] ()
R2 MBAMScheduler; E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MSI_LiveUpdate_Service; E:\Program Files\Live Update\MSI_LiveUpdate_Service.exe [1794000 2016-03-17] (Micro-Star INT'L CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-11-11] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2016-04-07] (Sysprogs OU)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2016-01-08] (Broadcom Corporation.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [378136 2014-09-30] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-06-03] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-17] (NVIDIA Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)
S3 MSICDSetup; \??\D:\programs games\msi\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\programs games\msi\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-16 22:17 - 2016-04-16 22:17 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-16 22:13 - 2016-04-16 22:13 - 00000000 ____D C:\AdwCleaner
2016-04-16 22:11 - 2016-04-16 22:11 - 00004770 _____ C:\Users\Gabriel\Desktop\JRT.txt
2016-04-16 22:02 - 2016-04-16 22:02 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Apple
2016-04-15 16:47 - 2016-04-15 16:47 - 00000490 _____ C:\TDSSKiller.3.1.0.9_15.04.2016_16.47.42_log.txt
2016-04-15 16:47 - 2015-12-11 23:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Gabriel\Desktop\TDSSKiller.exe
2016-04-15 15:06 - 2016-04-16 22:24 - 00000000 ____D C:\FRST
2016-04-15 15:03 - 2016-03-31 12:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-15 15:03 - 2016-03-31 11:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-15 15:03 - 2016-03-30 17:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-15 15:03 - 2016-03-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-15 15:03 - 2016-03-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-15 15:03 - 2016-03-30 17:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-15 15:03 - 2016-03-30 17:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-15 15:03 - 2016-03-30 17:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-15 15:03 - 2016-03-30 17:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-15 15:03 - 2016-03-30 17:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-15 15:03 - 2016-03-30 17:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-15 15:03 - 2016-03-30 17:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-15 15:03 - 2016-03-30 17:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-15 15:03 - 2016-03-30 17:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-15 15:03 - 2016-03-30 17:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-15 15:03 - 2016-03-30 17:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-15 15:03 - 2016-03-30 17:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-15 15:03 - 2016-03-30 17:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-15 15:03 - 2016-03-30 17:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-15 15:03 - 2016-03-30 17:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-15 15:03 - 2016-03-30 17:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-15 15:03 - 2016-03-30 17:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-15 15:03 - 2016-03-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-15 15:03 - 2016-03-30 17:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-15 15:03 - 2016-03-30 16:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-15 15:03 - 2016-03-30 16:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-15 15:03 - 2016-03-30 16:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-15 15:03 - 2016-03-30 16:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-15 15:03 - 2016-03-30 16:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-15 15:03 - 2016-03-30 16:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-15 15:03 - 2016-03-30 16:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-15 15:03 - 2016-03-30 16:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-15 15:03 - 2016-03-30 16:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-15 15:03 - 2016-03-30 16:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-15 15:03 - 2016-03-30 16:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-15 15:03 - 2016-03-30 16:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-15 15:03 - 2016-03-30 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-15 15:03 - 2016-03-30 16:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-15 15:03 - 2016-03-30 16:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-15 15:03 - 2016-03-30 16:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-15 15:03 - 2016-03-30 16:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-15 15:03 - 2016-03-30 16:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-15 15:03 - 2016-03-30 16:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-15 15:03 - 2016-03-30 16:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-15 15:03 - 2016-03-30 16:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-15 15:03 - 2016-03-30 16:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-15 15:03 - 2016-03-30 16:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-15 15:03 - 2016-03-30 16:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-15 15:03 - 2016-03-30 16:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-15 15:03 - 2016-03-30 16:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-15 15:03 - 2016-03-30 16:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-15 15:03 - 2016-03-30 16:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-15 15:03 - 2016-03-30 16:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-15 15:03 - 2016-03-30 16:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-15 15:03 - 2016-03-30 16:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-15 15:03 - 2016-03-30 16:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-15 15:03 - 2016-03-30 16:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-15 15:03 - 2016-03-30 16:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-15 15:03 - 2016-03-30 16:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-15 15:03 - 2016-03-30 16:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-15 15:03 - 2016-03-30 16:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-15 15:03 - 2016-03-30 16:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-15 15:03 - 2016-03-30 16:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-15 15:03 - 2016-03-30 16:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-15 15:03 - 2016-03-30 16:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-15 15:03 - 2016-03-30 16:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-15 15:03 - 2016-03-16 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-15 15:03 - 2016-03-16 11:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-15 15:03 - 2016-03-16 11:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-15 15:03 - 2016-03-06 11:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-15 15:03 - 2016-03-06 11:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-15 15:03 - 2016-03-06 11:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-15 15:03 - 2016-03-06 11:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-15 15:02 - 2016-02-02 11:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-15 14:57 - 2016-03-17 16:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-15 14:57 - 2016-03-17 16:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-15 14:57 - 2016-03-17 16:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-15 14:57 - 2016-03-17 16:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-15 14:57 - 2016-03-17 16:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-15 14:57 - 2016-03-17 16:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-15 14:57 - 2016-03-17 15:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-15 14:57 - 2016-03-17 15:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-15 14:57 - 2016-03-17 15:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-15 14:57 - 2016-03-17 15:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-15 14:57 - 2016-03-17 15:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-15 14:57 - 2016-03-17 15:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-15 14:57 - 2016-03-17 15:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-15 14:57 - 2016-03-17 15:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-15 14:57 - 2016-03-17 15:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-15 14:57 - 2016-03-17 15:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-15 14:57 - 2016-03-17 15:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-15 14:57 - 2016-03-17 15:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-15 14:57 - 2016-03-17 15:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-15 14:57 - 2016-03-17 15:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-15 14:57 - 2016-03-17 15:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-15 14:57 - 2016-03-17 15:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-15 14:57 - 2016-03-17 15:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-15 14:57 - 2016-03-17 15:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-15 14:57 - 2016-03-17 15:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-15 14:57 - 2016-03-17 15:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-15 14:57 - 2016-03-17 15:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-15 14:57 - 2016-03-17 15:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-15 14:57 - 2016-03-17 15:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-15 14:57 - 2016-03-17 15:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-15 14:57 - 2016-03-17 15:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-15 14:57 - 2016-03-17 15:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-15 14:57 - 2016-03-17 15:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-15 14:57 - 2016-03-17 15:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-15 14:57 - 2016-03-17 15:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-15 14:57 - 2016-03-17 15:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-15 14:57 - 2016-03-17 15:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-15 14:57 - 2016-03-17 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-15 14:57 - 2016-03-17 15:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-15 14:57 - 2016-03-17 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-15 14:57 - 2016-03-17 15:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-15 14:57 - 2016-03-17 15:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 14:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-15 14:57 - 2016-03-17 14:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-15 14:57 - 2016-03-17 14:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-15 14:57 - 2016-03-17 14:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-15 14:57 - 2016-03-17 14:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-15 14:57 - 2016-03-17 14:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-15 14:57 - 2016-03-17 14:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-15 14:57 - 2016-03-17 14:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-15 14:57 - 2016-03-17 14:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-15 14:57 - 2016-03-17 14:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-15 14:57 - 2016-03-17 14:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-15 14:57 - 2016-03-17 14:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-15 14:57 - 2016-03-17 14:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-15 14:57 - 2016-03-17 14:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-15 14:57 - 2016-03-17 14:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-15 14:57 - 2016-03-17 14:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-15 14:57 - 2016-03-17 14:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-15 14:57 - 2016-03-17 14:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 14:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 14:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 14:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-15 14:55 - 2016-04-04 11:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-15 14:55 - 2016-04-04 11:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-15 14:55 - 2016-04-02 06:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-15 14:55 - 2016-03-29 10:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-15 14:55 - 2016-03-23 07:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-15 14:55 - 2016-03-17 11:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-15 14:55 - 2016-03-17 11:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-15 14:55 - 2016-03-17 11:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-15 14:55 - 2016-03-17 11:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-15 14:55 - 2016-03-15 17:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-15 14:55 - 2016-03-15 17:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-15 14:55 - 2016-03-15 16:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-15 14:55 - 2016-03-11 11:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-15 14:55 - 2016-03-11 11:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-15 14:55 - 2016-02-05 11:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-15 14:55 - 2016-02-05 11:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-15 14:55 - 2016-02-05 10:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-15 14:55 - 2016-01-20 17:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-15 14:55 - 2015-06-03 13:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-15 12:10 - 2016-04-15 12:10 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Adobe
2016-04-14 22:41 - 2016-04-16 22:11 - 00000420 _____ C:\Users\Gabriel\Documents\skullmonkeys psx.txt
2016-04-13 05:40 - 2016-04-13 05:40 - 00000000 ____D C:\Users\Gabriel\Desktop\SONY VEGAS PROJECTS
2016-04-13 04:43 - 2016-04-13 04:44 - 00210760 _____ C:\TDSSKiller.3.1.0.9_13.04.2016_04.43.29_log.txt
2016-04-11 06:19 - 2016-04-11 06:19 - 00000063 _____ C:\Users\Gabriel\Documents\alone in space.txt
2016-04-11 06:18 - 2016-04-11 06:18 - 00000167 _____ C:\Users\Gabriel\Documents\dead darkness demo.txt
2016-04-11 04:56 - 2016-04-11 04:59 - 00198280 _____ C:\Users\Gabriel\Desktop\FEAR OF THE DARK CLIP.veg
2016-04-11 04:56 - 2016-04-11 04:56 - 00198448 _____ C:\Users\Gabriel\Desktop\FEAR OF THE DARK CLIP.veg.bak
2016-04-10 18:56 - 2016-04-10 18:56 - 00000092 _____ C:\Users\Gabriel\Documents\cry of fear.txt
2016-04-08 23:54 - 2016-04-15 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icaros
2016-04-08 23:54 - 2016-04-08 23:54 - 00000593 _____ C:\Users\Public\Desktop\Icaros.lnk
2016-04-07 22:05 - 2016-04-09 07:20 - 00001205 _____ C:\Users\Gabriel\Documents\firewatch.txt
2016-04-07 06:42 - 2016-04-07 06:42 - 00283480 _____ (Sysprogs OU) C:\Windows\system32\Drivers\BazisPortableCDBus.sys
2016-04-04 22:54 - 2016-04-04 22:54 - 00000803 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2016-04-04 19:43 - 2016-04-04 19:43 - 00000000 ____D C:\Users\Gabriel\Emulation
2016-04-04 19:42 - 2016-04-04 19:42 - 00000000 ____D C:\Users\Gabriel\AppData\Local\icarus
2016-04-04 19:42 - 2016-04-04 19:42 - 00000000 ____D C:\Users\Gabriel\AppData\Local\higan
2016-04-03 16:03 - 2016-04-13 05:32 - 00000239 _____ 
2016-03-23 20:15 - 2016-03-23 20:15 - 00000792 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2016-03-23 20:14 - 2016-03-23 20:14 - 00000766 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2016-03-23 20:14 - 2016-03-23 20:14 - 00000747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2016-03-23 20:14 - 2016-03-23 20:14 - 00000721 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2016-03-23 20:13 - 2016-03-23 20:13 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-03-23 20:13 - 2016-03-23 20:13 - 00000841 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-03-20 20:59 - 2016-04-15 15:25 - 00000000 ____D C:\Users\Gabriel\AppData\LocalLow\CampoSanto
2016-03-20 20:52 - 2016-04-15 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-03-20 20:52 - 2016-03-20 20:52 - 00000653 _____ C:\Users\Gabriel\Desktop\Firewatch.lnk
2016-03-20 20:52 - 2016-03-20 20:52 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Firewatch_Uninstall
2016-03-19 01:34 - 2016-04-01 21:23 - 00482680 _____ C:\Users\Gabriel\Desktop\afraid of monsters.veg
2016-03-19 01:34 - 2016-04-01 21:20 - 00482680 _____ C:\Users\Gabriel\Desktop\afraid of monsters.veg.bak
2016-03-17 01:49 - 2016-03-28 19:40 - 00035176 _____ C:\Users\Gabriel\Desktop\the briefcase.veg
2016-03-17 01:49 - 2016-03-28 19:39 - 00035176 _____ C:\Users\Gabriel\Desktop\the briefcase.veg.bak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-16 22:12 - 2016-01-17 21:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-16 22:11 - 2016-02-22 21:11 - 00000223 _____ C:\Users\Gabriel\Documents\YOUTUBE TAGS.txt
2016-04-16 22:11 - 2009-07-13 21:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-16 22:11 - 2009-07-13 21:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-16 21:54 - 2016-01-18 07:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-16 20:12 - 2016-01-17 21:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-16 10:16 - 2016-01-18 01:54 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\vlc
2016-04-16 00:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-04-15 23:10 - 2016-01-23 20:20 - 00000000 ____D C:\Users\Gabriel\Desktop\Dictionarie
2016-04-15 21:17 - 2009-07-13 22:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-15 21:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-04-15 16:59 - 2016-01-24 11:53 - 00003146 _____ C:\Windows\System32\Tasks\FRAPS
2016-04-15 16:59 - 2016-01-17 21:40 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-15 16:59 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-15 16:59 - 2009-07-13 21:45 - 04960528 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-15 16:58 - 2016-01-18 08:40 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-15 16:56 - 2016-01-18 08:33 - 00000000 ____D C:\Windows\system32\MRT
2016-04-15 16:55 - 2016-01-18 08:33 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-15 16:30 - 2016-01-17 21:24 - 00000000 ____D C:\ProgramData\TEMP
2016-04-15 15:26 - 2016-01-18 11:34 - 00000000 ____D C:\ProgramData\Avg
2016-04-15 15:26 - 2016-01-18 11:33 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Avg
2016-04-15 15:26 - 2016-01-18 10:57 - 00000000 ____D C:\ProgramData\MFAData
2016-04-15 15:26 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2016-04-15 15:25 - 2016-03-12 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
2016-04-15 15:25 - 2016-03-07 18:39 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Steam
2016-04-15 15:25 - 2016-03-07 00:05 - 00000000 ____D C:\Users\Gabriel\Desktop\Paint.NET 3.5.10 Portable
2016-04-15 15:25 - 2016-03-05 23:53 - 00000000 ____D C:\Users\Gabriel\AppData\Local\SKIDROW
2016-04-15 15:25 - 2016-03-01 21:27 - 00000000 ____D C:\Users\Gabriel\AppData\Local\UnrealEngine
2016-04-15 15:25 - 2016-03-01 21:27 - 00000000 ____D C:\Users\Gabriel\AppData\Local\TKGameJam
2016-04-15 15:25 - 2016-02-27 15:24 - 00000000 ____D C:\Users\Gabriel\AppData\Local\AloneInSpace
2016-04-15 15:25 - 2016-02-25 16:17 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-04-15 15:25 - 2016-02-21 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx
2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\OBS
2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Program Files\OBS
2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Program Files (x86)\OBS
2016-04-15 15:25 - 2016-02-13 02:01 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\BANDISOFT
2016-04-15 15:25 - 2016-02-06 09:51 - 00000000 ____D C:\Windows\SysWOW64\LiveUpdate
2016-04-15 15:25 - 2016-02-01 17:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-15 15:25 - 2016-01-23 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-04-15 15:25 - 2016-01-23 19:14 - 00000000 ____D C:\ProgramData\IceJS
2016-04-15 15:25 - 2016-01-23 01:30 - 00000000 ____D C:\Users\Gabriel\Documents\Amnesia
2016-04-15 15:25 - 2016-01-19 16:36 - 00000000 ____D C:\Program Files\Java
2016-04-15 15:25 - 2016-01-19 14:09 - 00000000 ____D C:\Users\Gabriel\Documents\Penumbra Overture
2016-04-15 15:25 - 2016-01-18 17:40 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2016-04-15 15:25 - 2016-01-18 17:40 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2016-04-15 15:25 - 2016-01-18 15:26 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Audacity
2016-04-15 15:25 - 2016-01-18 11:36 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\AVG
2016-04-15 15:25 - 2016-01-18 10:45 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Mozilla
2016-04-15 15:25 - 2016-01-18 10:39 - 00000000 ____D C:\ProgramData\Oracle
2016-04-15 15:25 - 2016-01-18 10:39 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-15 15:25 - 2016-01-18 10:36 - 00000000 ____D C:\Users\Gabriel\AppData\Local\NVIDIA
2016-04-15 15:25 - 2016-01-18 08:45 - 00000000 ____D C:\Users\Gabriel\Documents\puNES
2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2016-04-15 15:25 - 2016-01-18 07:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-15 15:25 - 2016-01-18 01:47 - 00000000 ____D C:\Users\Gabriel\AppData\Local\MedGui
2016-04-15 15:25 - 2016-01-17 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-04-15 15:25 - 2016-01-17 21:40 - 00000000 ____D C:\MSI
2016-04-15 15:25 - 2016-01-17 21:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-04-15 15:25 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-15 14:35 - 2016-01-25 19:04 - 00000763 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-15 14:35 - 2016-01-23 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-04-15 14:31 - 2016-01-18 11:33 - 00000000 ____D C:\Users\Gabriel\AppData\Local\AvgSetupLog
2016-04-15 14:28 - 2016-01-17 21:25 - 00000000 ____D C:\Users\Gabriel
2016-04-15 14:19 - 2016-01-19 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-04-15 12:35 - 2016-01-17 22:51 - 00000000 ____D C:\Users\Gabriel\Desktop\Terraria.v1.3.0.8
2016-04-15 09:43 - 2016-01-18 12:08 - 00000000 ____D C:\Users\Gabriel\AppData\Local\CrashDumps
2016-04-15 09:43 - 2015-11-11 22:07 - 00000000 ____D C:\Windows\Panther
2016-04-14 22:58 - 2016-03-12 03:47 - 00004034 _____ C:\Users\Gabriel\Documents\one liners for lets play commentarie.txt
2016-04-14 22:58 - 2016-02-21 22:57 - 00001336 _____ C:\Users\Gabriel\Documents\games i played in chrono order.txt
2016-04-09 23:48 - 2016-01-20 00:28 - 00072416 ____N C:\Users\Gabriel\AppData\Local\Tempmusic.ogg
2016-04-07 22:54 - 2016-01-18 07:36 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 22:54 - 2016-01-18 07:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 22:54 - 2016-01-18 07:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-06 10:18 - 2010-11-20 20:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-03 10:46 - 2016-01-21 23:44 - 00000000 ____D C:\Users\Gabriel\AppData\Local\ElevatedDiagnostics
2016-04-02 19:43 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-29 13:47 - 2016-01-17 21:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-28 22:42 - 2016-03-12 20:26 - 00004753 _____ C:\Users\Gabriel\Documents\afraid of monsters.txt
2016-03-28 17:59 - 2016-03-10 23:38 - 00080768 _____ C:\Users\Gabriel\Desktop\limbo let's play.veg
2016-03-28 16:03 - 2016-03-10 23:38 - 00080768 _____ C:\Users\Gabriel\Desktop\limbo let's play.veg.bak
2016-03-27 19:22 - 2016-01-21 21:26 - 00000952 _____ C:\Users\Gabriel\Documents\parappa the rapper.txt
2016-03-27 17:30 - 2016-03-14 22:23 - 00135344 _____ C:\Users\Gabriel\Desktop\PORTAL LETS PLAY.veg
2016-03-27 16:25 - 2016-03-14 22:23 - 00135344 _____ C:\Users\Gabriel\Desktop\PORTAL LETS PLAY.veg.bak
2016-03-23 20:19 - 2016-01-17 21:50 - 00058016 _____ C:\Users\Gabriel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-23 20:15 - 2016-01-18 09:07 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-03-23 20:15 - 2016-01-18 09:06 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-23 20:14 - 2016-01-17 21:25 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Adobe
2016-03-23 20:13 - 2016-01-18 09:06 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-03-23 20:13 - 2016-01-18 09:06 - 00001518 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-03-23 20:13 - 2016-01-18 08:56 - 00000000 ____D C:\ProgramData\Adobe
2016-03-17 21:03 - 2016-03-16 19:38 - 00000522 _____ C:\Users\Gabriel\Documents\3d hunting grizzily.txt
2016-03-17 10:46 - 2016-03-15 17:34 - 00002457 _____ C:\Users\Gabriel\Documents\the briefcase.txt

==================== Files in the root of some directories =======

2016-01-20 00:28 - 2016-04-09 23:48 - 0072416 ____N () C:\Users\Gabriel\AppData\Local\Tempmusic.ogg
2016-01-17 21:34 - 2016-01-17 21:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Gabriel\AppData\Local\Temp\avguirn_08888101179.exe
C:\Users\Gabriel\AppData\Local\Temp\bdfilters.dll
C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Gabriel\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Gabriel\AppData\Local\Temp\nvStInst.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-10 00:52

==================== End of FRST.txt ============================

 

 

E:\B1 Free Archiver\installer.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
 

Link to post
Share on other sites

  • Root Admin

Please run AdwCleaner again and make sure to check the Clean button

Where is the Attach.txt log ?

 

Then go into Control Panel, Add/Remove Programs and uninstall All versions of JAVA.
After that then run the following.


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

 

Link to post
Share on other sites

everytime I click clean on  AdwCleaner  my computer completely freezes so i have to restart, how do i get the attach.txt.log?

 

also i got the other frst64 log 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Gabriel (administrator) on GABRIEL-PC (17-04-2016 00:55:58)
Running from C:\Users\Gabriel\Desktop
Loaded Profiles: Gabriel (Available Profiles: Gabriel)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) E:\Bluetooth Software\btwdins.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Micro-Star INT'L CO., LTD.) E:\Program Files\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes Corporation) E:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) E:\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Micro-Star INT'L CO., LTD.) E:\Program Files\Live Update\Live Update.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
(Beepa P/L) E:\Fraps\fraps.exe
(NVIDIA Corporation) C:\Users\Gabriel\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Broadcom Corporation.) E:\Bluetooth Software\BTStackServer.exe
(Beepa P/L) E:\Fraps\fraps64.dat
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() E:\Downloads\pics and vid for element wd\AdwCleaner.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407104 2015-12-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-03-24] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Live Update] => E:\Program Files\Live Update\Live Update.exe [11336656 2016-03-16] (Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\Run: [GoogleChromeAutoLaunch_5BD492AB169182D6DBF0E20936CE7D71] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [748872 2016-01-15] (Google Inc.)
Lsa: [Notification Packages] scecli E:\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-01-17]
ShortcutTarget: Bluetooth.lnk -> E:\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{0665F3A5-C1D9-44F9-98CF-744C3D1CDC49}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

FireFox:
========
FF ProfilePath: C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\tli2l2y2.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Extension: SaveFrom.net - helper - C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\tli2l2y2.default\Extensions\helper-sig@savefrom.net.xpi [2016-01-25]
StartMenuInternet: FIREFOX.EXE - E:\Program Files\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.82\pdf.dll => No File
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Deployment Toolkit 8.0.710.15) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 8 U71) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll => No File
CHR Profile: C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Tampermonkey) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-15]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2016-04-15]
CHR Extension: (Video Downloader professional) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-04-16]
CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp [2016-04-15]
CHR Extension: (AdBlock) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-16]
CHR Extension: (StayFocusd) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-04-15]
CHR Extension: (tinyFilter - Reliable Content Filtering) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlfgnnlnfbpcammlnibfkplpnbbbdeli [2016-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-15]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\Gabriel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2016-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; E:\Bluetooth Software\btwdins.exe [1008384 2014-07-17] (Broadcom Corporation.)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-12-11] (DTS, Inc)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [36008 2015-11-04] (Micro-Star Int'l Co., Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-11] (NVIDIA Corporation)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2731648 2016-03-31] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [103176 2016-03-31] ()
R2 MBAMScheduler; E:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MBAMService; E:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation) [File not signed]
R2 MSI_LiveUpdate_Service; E:\Program Files\Live Update\MSI_LiveUpdate_Service.exe [1794000 2016-03-17] (Micro-Star INT'L CO., LTD.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-11] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-11-11] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BazisPortableCDBus; C:\Windows\System32\drivers\BazisPortableCDBus.sys [283480 2016-04-07] (Sysprogs OU)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2016-01-08] (Broadcom Corporation.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [378136 2014-09-30] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44648 2015-06-03] (AnchorFree Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47760 2015-12-17] (NVIDIA Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)
S3 MSICDSetup; \??\D:\programs games\msi\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\programs games\msi\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-17 00:55 - 2016-04-17 00:55 - 00016108 _____ C:\Users\Gabriel\Desktop\FRST.txt
2016-04-17 00:52 - 2016-04-17 00:52 - 00006703 _____ C:\Users\Gabriel\Desktop\Fixlog.txt
2016-04-17 00:52 - 2016-04-17 00:52 - 00000113 _____ C:\Users\Gabriel\Documents\kenny.txt
2016-04-17 00:51 - 2016-04-15 15:06 - 02375168 _____ (Farbar) C:\Users\Gabriel\Desktop\FRST64.exe
2016-04-16 22:13 - 2016-04-17 00:55 - 00000000 ____D C:\AdwCleaner
2016-04-16 22:11 - 2016-04-16 22:11 - 00004770 _____ C:\Users\Gabriel\Desktop\JRT.txt
2016-04-16 22:02 - 2016-04-16 22:02 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Apple
2016-04-15 16:47 - 2016-04-15 16:47 - 00000490 _____ C:\TDSSKiller.3.1.0.9_15.04.2016_16.47.42_log.txt
2016-04-15 16:47 - 2015-12-11 23:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Gabriel\Desktop\TDSSKiller.exe
2016-04-15 15:06 - 2016-04-17 00:55 - 00000000 ____D C:\FRST
2016-04-15 15:03 - 2016-03-31 12:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-15 15:03 - 2016-03-31 11:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-15 15:03 - 2016-03-30 17:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-15 15:03 - 2016-03-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-15 15:03 - 2016-03-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-15 15:03 - 2016-03-30 17:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-15 15:03 - 2016-03-30 17:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-15 15:03 - 2016-03-30 17:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-15 15:03 - 2016-03-30 17:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-15 15:03 - 2016-03-30 17:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-15 15:03 - 2016-03-30 17:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-15 15:03 - 2016-03-30 17:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-15 15:03 - 2016-03-30 17:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-15 15:03 - 2016-03-30 17:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-15 15:03 - 2016-03-30 17:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-15 15:03 - 2016-03-30 17:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-15 15:03 - 2016-03-30 17:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-15 15:03 - 2016-03-30 17:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-15 15:03 - 2016-03-30 17:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-15 15:03 - 2016-03-30 17:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-15 15:03 - 2016-03-30 17:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-15 15:03 - 2016-03-30 17:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-15 15:03 - 2016-03-30 17:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-15 15:03 - 2016-03-30 17:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-15 15:03 - 2016-03-30 16:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-15 15:03 - 2016-03-30 16:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-15 15:03 - 2016-03-30 16:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-15 15:03 - 2016-03-30 16:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-15 15:03 - 2016-03-30 16:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-15 15:03 - 2016-03-30 16:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-15 15:03 - 2016-03-30 16:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-15 15:03 - 2016-03-30 16:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-15 15:03 - 2016-03-30 16:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-15 15:03 - 2016-03-30 16:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-15 15:03 - 2016-03-30 16:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-15 15:03 - 2016-03-30 16:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-15 15:03 - 2016-03-30 16:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-15 15:03 - 2016-03-30 16:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-15 15:03 - 2016-03-30 16:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-15 15:03 - 2016-03-30 16:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-15 15:03 - 2016-03-30 16:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-15 15:03 - 2016-03-30 16:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-15 15:03 - 2016-03-30 16:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-15 15:03 - 2016-03-30 16:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-15 15:03 - 2016-03-30 16:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-15 15:03 - 2016-03-30 16:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-15 15:03 - 2016-03-30 16:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-15 15:03 - 2016-03-30 16:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-15 15:03 - 2016-03-30 16:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-15 15:03 - 2016-03-30 16:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-15 15:03 - 2016-03-30 16:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-15 15:03 - 2016-03-30 16:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-15 15:03 - 2016-03-30 16:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-15 15:03 - 2016-03-30 16:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-15 15:03 - 2016-03-30 16:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-15 15:03 - 2016-03-30 16:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-15 15:03 - 2016-03-30 16:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-15 15:03 - 2016-03-30 16:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-15 15:03 - 2016-03-30 16:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-15 15:03 - 2016-03-30 16:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-15 15:03 - 2016-03-30 16:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-15 15:03 - 2016-03-30 16:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-15 15:03 - 2016-03-30 16:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-15 15:03 - 2016-03-30 16:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-15 15:03 - 2016-03-30 16:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-15 15:03 - 2016-03-30 16:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-15 15:03 - 2016-03-16 11:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-15 15:03 - 2016-03-16 11:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-15 15:03 - 2016-03-16 11:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-15 15:03 - 2016-03-06 11:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-15 15:03 - 2016-03-06 11:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-15 15:03 - 2016-03-06 11:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-15 15:03 - 2016-03-06 11:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-15 15:02 - 2016-02-02 11:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-15 14:57 - 2016-03-17 16:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-15 14:57 - 2016-03-17 16:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-15 14:57 - 2016-03-17 16:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-15 14:57 - 2016-03-17 16:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-15 14:57 - 2016-03-17 16:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-15 14:57 - 2016-03-17 16:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-15 14:57 - 2016-03-17 15:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-15 14:57 - 2016-03-17 15:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-15 14:57 - 2016-03-17 15:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-15 14:57 - 2016-03-17 15:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-15 14:57 - 2016-03-17 15:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-15 14:57 - 2016-03-17 15:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-15 14:57 - 2016-03-17 15:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-15 14:57 - 2016-03-17 15:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-15 14:57 - 2016-03-17 15:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-15 14:57 - 2016-03-17 15:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-15 14:57 - 2016-03-17 15:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-15 14:57 - 2016-03-17 15:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-15 14:57 - 2016-03-17 15:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-15 14:57 - 2016-03-17 15:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-15 14:57 - 2016-03-17 15:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-15 14:57 - 2016-03-17 15:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-15 14:57 - 2016-03-17 15:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-15 14:57 - 2016-03-17 15:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-15 14:57 - 2016-03-17 15:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-15 14:57 - 2016-03-17 15:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-15 14:57 - 2016-03-17 15:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-15 14:57 - 2016-03-17 15:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-15 14:57 - 2016-03-17 15:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-15 14:57 - 2016-03-17 15:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-15 14:57 - 2016-03-17 15:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-15 14:57 - 2016-03-17 15:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-15 14:57 - 2016-03-17 15:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-15 14:57 - 2016-03-17 15:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-15 14:57 - 2016-03-17 15:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-15 14:57 - 2016-03-17 15:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-15 14:57 - 2016-03-17 15:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-15 14:57 - 2016-03-17 15:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-15 14:57 - 2016-03-17 15:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-15 14:57 - 2016-03-17 15:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-15 14:57 - 2016-03-17 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-15 14:57 - 2016-03-17 15:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-15 14:57 - 2016-03-17 15:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 15:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 14:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-15 14:57 - 2016-03-17 14:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-15 14:57 - 2016-03-17 14:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-15 14:57 - 2016-03-17 14:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-15 14:57 - 2016-03-17 14:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-15 14:57 - 2016-03-17 14:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-15 14:57 - 2016-03-17 14:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-15 14:57 - 2016-03-17 14:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-15 14:57 - 2016-03-17 14:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-15 14:57 - 2016-03-17 14:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-15 14:57 - 2016-03-17 14:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-15 14:57 - 2016-03-17 14:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-15 14:57 - 2016-03-17 14:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-15 14:57 - 2016-03-17 14:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-15 14:57 - 2016-03-17 14:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-15 14:57 - 2016-03-17 14:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-15 14:57 - 2016-03-17 14:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-15 14:57 - 2016-03-17 14:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 14:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 14:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-15 14:57 - 2016-03-17 14:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-15 14:55 - 2016-04-04 11:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-15 14:55 - 2016-04-04 11:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-15 14:55 - 2016-04-02 06:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-15 14:55 - 2016-03-29 10:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-15 14:55 - 2016-03-23 07:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-15 14:55 - 2016-03-17 11:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-15 14:55 - 2016-03-17 11:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-15 14:55 - 2016-03-17 11:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-15 14:55 - 2016-03-17 11:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-15 14:55 - 2016-03-15 17:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-15 14:55 - 2016-03-15 17:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-15 14:55 - 2016-03-15 16:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-15 14:55 - 2016-03-11 11:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-15 14:55 - 2016-03-11 11:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-15 14:55 - 2016-02-05 11:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-15 14:55 - 2016-02-05 11:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-15 14:55 - 2016-02-05 10:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-15 14:55 - 2016-01-20 17:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-15 14:55 - 2015-06-03 13:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-15 12:10 - 2016-04-15 12:10 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Adobe
2016-04-14 22:41 - 2016-04-16 22:11 - 00000420 _____ C:\Users\Gabriel\Documents\skullmonkeys psx.txt
2016-04-13 22:37 - 2016-04-13 22:37 - 00000143 _____ C:\Users\Gabriel\Documents\rant.txt
2016-04-13 05:40 - 2016-04-13 05:40 - 00000000 ____D C:\Users\Gabriel\Desktop\SONY VEGAS PROJECTS
2016-04-13 04:43 - 2016-04-13 04:44 - 00210760 _____ C:\TDSSKiller.3.1.0.9_13.04.2016_04.43.29_log.txt
2016-04-11 06:19 - 2016-04-11 06:19 - 00000063 _____ C:\Users\Gabriel\Documents\alone in space.txt
2016-04-11 06:18 - 2016-04-11 06:18 - 00000167 _____ C:\Users\Gabriel\Documents\dead darkness demo.txt
2016-04-11 04:56 - 2016-04-11 04:59 - 00198280 _____ C:\Users\Gabriel\Desktop\FEAR OF THE DARK CLIP.veg
2016-04-11 04:56 - 2016-04-11 04:56 - 00198448 _____ C:\Users\Gabriel\Desktop\FEAR OF THE DARK CLIP.veg.bak
2016-04-10 18:56 - 2016-04-10 18:56 - 00000092 _____ C:\Users\Gabriel\Documents\cry of fear.txt
2016-04-08 23:54 - 2016-04-15 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icaros
2016-04-08 23:54 - 2016-04-08 23:54 - 00000593 _____ C:\Users\Public\Desktop\Icaros.lnk
2016-04-07 22:05 - 2016-04-09 07:20 - 00001205 _____ C:\Users\Gabriel\Documents\firewatch.txt
2016-04-07 06:42 - 2016-04-07 06:42 - 00283480 _____ (Sysprogs OU) C:\Windows\system32\Drivers\BazisPortableCDBus.sys
2016-04-04 22:54 - 2016-04-04 22:54 - 00000803 _____ C:\Users\Public\Desktop\MSI Live Update 6.lnk
2016-04-04 19:43 - 2016-04-04 19:43 - 00000000 ____D C:\Users\Gabriel\Emulation
2016-04-04 19:42 - 2016-04-04 19:42 - 00000000 ____D C:\Users\Gabriel\AppData\Local\icarus
2016-04-04 19:42 - 2016-04-04 19:42 - 00000000 ____D C:\Users\Gabriel\AppData\Local\higan
2016-04-03 16:03 - 2016-04-13 05:32 - 00000239 _____ C:\Users\Gabriel\Documents\SLENDERMAN THE EIGHT PAGES.txt
2016-03-31 02:05 - 2016-04-02 10:03 - 00016232 _____ C:\Users\Gabriel\Desktop\amnesia justine part 1.veg
2016-03-31 02:05 - 2016-04-02 10:02 - 00016232 _____ C:\Users\Gabriel\Desktop\amnesia justine part 1.veg.bak
2016-03-31 01:36 - 2016-04-01 22:37 - 00019592 _____ C:\Users\Gabriel\Desktop\mental hospital.veg.bak
2016-03-31 01:36 - 2016-04-01 22:37 - 00019592 _____ C:\Users\Gabriel\Desktop\mental hospital.veg
2016-03-30 21:09 - 2016-04-14 22:58 - 00003153 _____ C:\Users\Gabriel\Documents\amnesia justine.txt
2016-03-27 18:14 - 2016-03-27 20:15 - 00000144 _____ C:\Users\Gabriel\Documents\charge ganme.txt
2016-03-27 09:38 - 2016-03-27 09:38 - 00000493 _____ C:\Users\Gabriel\Documents\irritating stick px.txt
2016-03-27 09:37 - 2016-03-31 01:38 - 00001936 _____ C:\Users\Gabriel\Documents\mental hospital.txt
2016-03-26 22:44 - 2016-03-27 08:11 - 00000410 _____ C:\Users\Gabriel\Documents\blasto.txt
2016-03-23 20:17 - 2016-03-30 22:09 - 00000054 _____ C:\Users\Gabriel\Documents\dentist.txt
2016-03-23 20:15 - 2016-03-23 20:15 - 00000792 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2016-03-23 20:14 - 2016-03-23 20:14 - 00000766 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2016-03-23 20:14 - 2016-03-23 20:14 - 00000747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
2016-03-23 20:14 - 2016-03-23 20:14 - 00000721 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
2016-03-23 20:13 - 2016-03-23 20:13 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2016-03-23 20:13 - 2016-03-23 20:13 - 00000841 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-03-20 20:59 - 2016-04-15 15:25 - 00000000 ____D C:\Users\Gabriel\AppData\LocalLow\CampoSanto
2016-03-20 20:52 - 2016-04-15 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-03-20 20:52 - 2016-03-20 20:52 - 00000653 _____ C:\Users\Gabriel\Desktop\Firewatch.lnk
2016-03-20 20:52 - 2016-03-20 20:52 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Firewatch_Uninstall
2016-03-19 01:34 - 2016-04-01 21:23 - 00482680 _____ C:\Users\Gabriel\Desktop\afraid of monsters.veg
2016-03-19 01:34 - 2016-04-01 21:20 - 00482680 _____ C:\Users\Gabriel\Desktop\afraid of monsters.veg.bak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-17 00:54 - 2016-01-18 07:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-17 00:53 - 2016-01-24 11:53 - 00003146 _____ C:\Windows\System32\Tasks\FRAPS
2016-04-17 00:53 - 2016-01-17 21:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-17 00:53 - 2016-01-17 21:40 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-17 00:53 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-17 00:35 - 2016-01-23 20:20 - 00000000 ____D C:\Users\Gabriel\Desktop\Dictionarie
2016-04-17 00:12 - 2016-01-17 21:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-16 23:30 - 2016-01-18 01:54 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\vlc
2016-04-16 22:11 - 2016-02-22 21:11 - 00000223 _____ C:\Users\Gabriel\Documents\YOUTUBE TAGS.txt
2016-04-16 22:11 - 2009-07-13 21:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-16 22:11 - 2009-07-13 21:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-16 00:32 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-04-15 21:17 - 2009-07-13 22:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-15 21:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-04-15 16:59 - 2009-07-13 21:45 - 04960528 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-15 16:58 - 2016-01-18 08:40 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-15 16:56 - 2016-01-18 08:33 - 00000000 ____D C:\Windows\system32\MRT
2016-04-15 16:55 - 2016-01-18 08:33 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-15 16:30 - 2016-01-17 21:24 - 00000000 ____D C:\ProgramData\TEMP
2016-04-15 15:26 - 2016-01-18 11:34 - 00000000 ____D C:\ProgramData\Avg
2016-04-15 15:26 - 2016-01-18 11:33 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Avg
2016-04-15 15:26 - 2016-01-18 10:57 - 00000000 ____D C:\ProgramData\MFAData
2016-04-15 15:26 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2016-04-15 15:25 - 2016-03-12 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
2016-04-15 15:25 - 2016-03-07 18:39 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Steam
2016-04-15 15:25 - 2016-03-07 00:05 - 00000000 ____D C:\Users\Gabriel\Desktop\Paint.NET 3.5.10 Portable
2016-04-15 15:25 - 2016-03-05 23:53 - 00000000 ____D C:\Users\Gabriel\AppData\Local\SKIDROW
2016-04-15 15:25 - 2016-03-01 21:27 - 00000000 ____D C:\Users\Gabriel\AppData\Local\UnrealEngine
2016-04-15 15:25 - 2016-03-01 21:27 - 00000000 ____D C:\Users\Gabriel\AppData\Local\TKGameJam
2016-04-15 15:25 - 2016-02-27 15:24 - 00000000 ____D C:\Users\Gabriel\AppData\Local\AloneInSpace
2016-04-15 15:25 - 2016-02-25 16:17 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-04-15 15:25 - 2016-02-21 22:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Repack by Fenixx
2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\OBS
2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Program Files\OBS
2016-04-15 15:25 - 2016-02-13 13:55 - 00000000 ____D C:\Program Files (x86)\OBS
2016-04-15 15:25 - 2016-02-13 02:01 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\BANDISOFT
2016-04-15 15:25 - 2016-02-06 09:51 - 00000000 ____D C:\Windows\SysWOW64\LiveUpdate
2016-04-15 15:25 - 2016-02-01 17:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-15 15:25 - 2016-01-23 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-04-15 15:25 - 2016-01-23 19:14 - 00000000 ____D C:\ProgramData\IceJS
2016-04-15 15:25 - 2016-01-23 01:30 - 00000000 ____D C:\Users\Gabriel\Documents\Amnesia
2016-04-15 15:25 - 2016-01-19 16:36 - 00000000 ____D C:\Program Files\Java
2016-04-15 15:25 - 2016-01-19 14:09 - 00000000 ____D C:\Users\Gabriel\Documents\Penumbra Overture
2016-04-15 15:25 - 2016-01-18 17:40 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2016-04-15 15:25 - 2016-01-18 17:40 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2016-04-15 15:25 - 2016-01-18 15:26 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Audacity
2016-04-15 15:25 - 2016-01-18 11:36 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\AVG
2016-04-15 15:25 - 2016-01-18 10:45 - 00000000 ____D C:\Users\Gabriel\AppData\Local\Mozilla
2016-04-15 15:25 - 2016-01-18 10:39 - 00000000 ____D C:\ProgramData\Oracle
2016-04-15 15:25 - 2016-01-18 10:39 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-15 15:25 - 2016-01-18 10:36 - 00000000 ____D C:\Users\Gabriel\AppData\Local\NVIDIA
2016-04-15 15:25 - 2016-01-18 08:45 - 00000000 ____D C:\Users\Gabriel\Documents\puNES
2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-15 15:25 - 2016-01-18 08:40 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\ProgramData\Hotspot Shield
2016-04-15 15:25 - 2016-01-18 07:43 - 00000000 ____D C:\Program Files (x86)\Hotspot Shield
2016-04-15 15:25 - 2016-01-18 07:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-04-15 15:25 - 2016-01-18 01:47 - 00000000 ____D C:\Users\Gabriel\AppData\Local\MedGui
2016-04-15 15:25 - 2016-01-17 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2016-04-15 15:25 - 2016-01-17 21:40 - 00000000 ____D C:\MSI
2016-04-15 15:25 - 2016-01-17 21:38 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-04-15 15:25 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\servicing
2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-15 15:25 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-04-15 14:35 - 2016-01-25 19:04 - 00000763 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-15 14:35 - 2016-01-23 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-04-15 14:31 - 2016-01-18 11:33 - 00000000 ____D C:\Users\Gabriel\AppData\Local\AvgSetupLog
2016-04-15 14:28 - 2016-01-17 21:25 - 00000000 ____D C:\Users\Gabriel
2016-04-15 14:19 - 2016-01-19 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-04-15 12:35 - 2016-01-17 22:51 - 00000000 ____D C:\Users\Gabriel\Desktop\Terraria.v1.3.0.8
2016-04-15 09:43 - 2016-01-18 12:08 - 00000000 ____D C:\Users\Gabriel\AppData\Local\CrashDumps
2016-04-15 09:43 - 2015-11-11 22:07 - 00000000 ____D C:\Windows\Panther
2016-04-14 22:58 - 2016-03-12 03:47 - 00004034 _____ C:\Users\Gabriel\Documents\one liners for lets play commentarie.txt
2016-04-14 22:58 - 2016-02-21 22:57 - 00001336 _____ C:\Users\Gabriel\Documents\games i played in chrono order.txt
2016-04-07 22:54 - 2016-01-18 07:36 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-07 22:54 - 2016-01-18 07:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-07 22:54 - 2016-01-18 07:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-06 10:18 - 2010-11-20 20:27 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-03 10:46 - 2016-01-21 23:44 - 00000000 ____D C:\Users\Gabriel\AppData\Local\ElevatedDiagnostics
2016-04-02 19:43 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-29 13:47 - 2016-01-17 21:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-28 22:42 - 2016-03-12 20:26 - 00004753 _____ C:\Users\Gabriel\Documents\afraid of monsters.txt
2016-03-28 19:40 - 2016-03-17 01:49 - 00035176 _____ C:\Users\Gabriel\Desktop\the briefcase.veg
2016-03-28 19:39 - 2016-03-17 01:49 - 00035176 _____ C:\Users\Gabriel\Desktop\the briefcase.veg.bak
2016-03-28 17:59 - 2016-03-10 23:38 - 00080768 _____ C:\Users\Gabriel\Desktop\limbo let's play.veg
2016-03-28 16:03 - 2016-03-10 23:38 - 00080768 _____ C:\Users\Gabriel\Desktop\limbo let's play.veg.bak
2016-03-27 19:22 - 2016-01-21 21:26 - 00000952 _____ C:\Users\Gabriel\Documents\parappa the rapper.txt
2016-03-27 17:30 - 2016-03-14 22:23 - 00135344 _____ C:\Users\Gabriel\Desktop\PORTAL LETS PLAY.veg
2016-03-27 16:25 - 2016-03-14 22:23 - 00135344 _____ C:\Users\Gabriel\Desktop\PORTAL LETS PLAY.veg.bak
2016-03-23 20:19 - 2016-01-17 21:50 - 00058016 _____ C:\Users\Gabriel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-23 20:15 - 2016-01-18 09:07 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-03-23 20:15 - 2016-01-18 09:06 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-03-23 20:14 - 2016-01-17 21:25 - 00000000 ____D C:\Users\Gabriel\AppData\Roaming\Adobe
2016-03-23 20:13 - 2016-01-18 09:06 - 00001530 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2016-03-23 20:13 - 2016-01-18 09:06 - 00001518 _____ C:\Users\Public\Desktop\Adobe Application Manager.lnk
2016-03-23 20:13 - 2016-01-18 08:56 - 00000000 ____D C:\ProgramData\Adobe

Some files in TEMP:
====================
C:\Users\Gabriel\AppData\Local\Temp\libeay32.dll
C:\Users\Gabriel\AppData\Local\Temp\msvcr120.dll
C:\Users\Gabriel\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-10 00:52

==================== End of FRST.txt ============================

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Gabriel (2016-04-17 00:52:08) Run:1
Running from C:\Users\Gabriel\Desktop
Loaded Profiles: Gabriel (Available Profiles: Gabriel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d5-faef-11e5-8f91-40e23092e341} - D:\setup-disc1.exe
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d8-faef-11e5-8f91-40e23092e341} - D:\setup-disc1.exe
HKU\S-1-5-21-3115927195-901017698-3625494767-1000\...\MountPoints2: {ce9a16d9-faef-11e5-8f91-40e23092e341} - D:\run32.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation) 
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 8.0.710.15) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 8 U71) - C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll (Oracle Corporation)
C:\Users\Gabriel\AppData\Local\Tempmusic.ogg
C:\ProgramData\DP45977C.lfl
C:\Users\Gabriel\AppData\Local\Temp\avguirn_08888101179.exe
C:\Users\Gabriel\AppData\Local\Temp\bdfilters.dll
C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Gabriel\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Gabriel\AppData\Local\Temp\nvStInst.exe
E:\B1 Free Archiver\installer.exe
EmptyTemp:
Reboot:

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce9a16d5-faef-11e5-8f91-40e23092e341}" => key removed successfully
HKCR\CLSID\{ce9a16d5-faef-11e5-8f91-40e23092e341} => key not found. 
"HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce9a16d8-faef-11e5-8f91-40e23092e341}" => key removed successfully
HKCR\CLSID\{ce9a16d8-faef-11e5-8f91-40e23092e341} => key not found. 
"HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce9a16d9-faef-11e5-8f91-40e23092e341}" => key removed successfully
HKCR\CLSID\{ce9a16d9-faef-11e5-8f91-40e23092e341} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-3115927195-901017698-3625494767-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.71.2" => key removed successfully
C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.71.2" => key removed successfully
C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.71.2" => key removed successfully
C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.71.2" => key removed successfully
C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll => moved successfully
C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll => not found.
C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll => not found.
C:\Users\Gabriel\AppData\Local\Tempmusic.ogg => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Users\Gabriel\AppData\Local\Temp\avguirn_08888101179.exe => moved successfully
C:\Users\Gabriel\AppData\Local\Temp\bdfilters.dll => moved successfully
C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Gabriel\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Gabriel\AppData\Local\Temp\nvStereoApiI.dll => moved successfully
C:\Users\Gabriel\AppData\Local\Temp\nvStInst.exe => moved successfully
E:\B1 Free Archiver\installer.exe => moved successfully
EmptyTemp: => 574 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 00:52:09 ====

Link to post
Share on other sites

  • Root Admin

Okay please uninstall any versions of Java from the Control Panel, Add/Remove Programs

Then let's get a new MBAM scan please.

 

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following:
MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/18/2016
Scan Time: 7:21 PM
Logfile: report threat scan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.19.01
Rootkit Database: v2016.04.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Gabriel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344334
Time Elapsed: 3 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
CrackTool.MHKTricks, C:\Users\Gabriel\Downloads\Hotspot Shield 5.20.11 Elite + Universal Cr-ack.zip, Quarantined, [6d40d3dd4e4b89ad03744fa930d1c838], 
PUP.Optional.SaveFrom, C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\tli2l2y2.default\extensions\helper-sig@savefrom.net.xpi, Quarantined, [baf31f91a5f48caaca280a4ff410fe02], 

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

So far, it doesn't show any threats anymore, it seems clean. So a few questions I have to ask, is it safe to use my computer to login to my email, I haven't seen any suspicious activity so far. What safe precautions should I take if i see suspicious activity, like someone attempts to logon to my bank account? The viruses are completely gone and I should be safe now?

Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

  • 2 months later...

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.