Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by user (administrator) on EVYATAR (15-01-2016 09:13:01)
Running from C:\Users\user\Desktop\Strong tools\Farbar safe
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro Advanced\DTShellHlp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48128128 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro Advanced\DTAgent.exe [4807952 2015-02-27] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 168.159.216.74 128.221.224.144
Tcpip\..\Interfaces\{342F0987-9B41-40B8-BF3F-B1698B42202B}: [DhcpNameServer] 168.159.216.74 128.221.224.144
Tcpip\..\Interfaces\{3D326732-7D76-45B4-A3C0-5A6DDCD2CAE0}: [DhcpNameServer] 192.168.77.254
Internet Explorer:
==================
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\chhxdq47.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-11-07] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2813843797-1546752179-644543416-1001: SkypePlugin -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi.dll [2015-10-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2813843797-1546752179-644543416-1001: SkypePlugin64 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi-x64.dll [2015-10-22] (Skype Technologies S.A.)
FF Extension: Quick Searcher - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\chhxdq47.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2015-12-24] [not signed]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\chhxdq47.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google מצגות) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-06]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-06]
CHR Extension: (כונן Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-06]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Quick Searcher) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccodghgodlomliflnlkobciodlakmhmp [2015-12-24]
CHR Extension: (חיפוש Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-06]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-06]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-06]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-06]
CHR Extension: (Any.do) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2015-10-06]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-06]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2013-04-08] (Conexant Systems, Inc.)
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe [1291024 2015-02-27] (Disc Soft Ltd)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-06-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-09-22] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [9000256 2012-08-23] (Intel Corporation) [File not signed]
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew01.sys [3354384 2015-05-04] (Intel Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-08-22] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-14 08:04 - 2016-01-14 08:04 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2016-01-14 07:44 - 2016-01-14 07:44 - 00000000 ____D C:\Users\user\AppData\Local\niemiro
2016-01-14 07:34 - 2016-01-15 09:12 - 00000000 ____D C:\FRST
2016-01-14 07:32 - 2016-01-15 09:10 - 00000000 ____D C:\Users\user\Desktop\Strong tools
2016-01-14 07:14 - 2016-01-14 07:14 - 00000942 _____ C:\Users\user\Desktop\SFCFix.txt
2016-01-14 07:14 - 2016-01-14 07:14 - 00000000 ____D C:\SFCFix
2016-01-14 05:42 - 2015-12-11 06:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-14 05:42 - 2015-12-11 06:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-14 05:42 - 2015-12-11 05:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-14 05:42 - 2015-12-11 05:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-14 05:42 - 2015-12-11 05:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-14 05:42 - 2015-12-11 05:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-14 05:42 - 2015-12-11 05:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-14 05:42 - 2015-12-11 05:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-14 05:42 - 2015-12-11 05:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-14 05:42 - 2015-12-11 05:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-14 05:42 - 2015-12-11 04:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-14 05:42 - 2015-12-11 04:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-14 05:42 - 2015-12-11 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-14 05:42 - 2015-12-11 04:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-14 05:42 - 2015-12-11 04:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-14 05:42 - 2015-12-11 04:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-14 05:42 - 2015-12-11 04:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-14 05:42 - 2015-12-11 04:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-14 05:42 - 2015-12-11 04:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-14 05:42 - 2015-12-11 04:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-14 05:42 - 2015-12-11 04:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-14 05:41 - 2015-12-03 20:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-14 05:41 - 2015-12-03 20:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-14 05:41 - 2015-12-03 20:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-14 05:41 - 2015-12-03 20:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-14 05:41 - 2015-12-03 20:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-14 05:41 - 2015-12-03 19:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-14 05:41 - 2015-12-03 19:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-14 05:41 - 2015-12-03 19:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-14 05:41 - 2015-12-03 19:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-14 05:41 - 2015-12-03 19:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-14 05:41 - 2015-12-03 19:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-14 05:41 - 2015-12-03 19:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-14 05:41 - 2015-12-03 19:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-14 05:41 - 2015-12-03 19:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-14 05:41 - 2015-12-03 19:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-14 05:41 - 2015-12-03 18:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-14 05:41 - 2015-12-03 18:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-14 05:41 - 2015-12-02 17:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-14 05:41 - 2015-12-02 17:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-14 05:40 - 2015-12-30 21:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-14 05:40 - 2015-12-30 21:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-14 05:40 - 2015-12-30 21:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-14 05:40 - 2015-12-10 02:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-14 05:40 - 2015-12-07 12:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-14 05:40 - 2015-12-04 17:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-14 05:40 - 2015-12-03 21:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-14 05:40 - 2015-12-03 21:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-14 05:40 - 2015-12-03 21:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-14 05:40 - 2015-12-03 21:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-14 05:40 - 2015-12-03 21:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-14 05:40 - 2015-12-03 20:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-14 05:40 - 2015-12-03 20:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-14 05:40 - 2015-12-03 20:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-14 05:40 - 2015-12-03 20:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-14 05:40 - 2015-12-03 20:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-14 05:40 - 2015-12-03 19:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-14 05:40 - 2015-12-03 19:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-14 05:40 - 2015-12-03 19:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-14 05:40 - 2015-12-03 19:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-14 05:40 - 2015-12-03 18:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-14 05:39 - 2015-12-08 21:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-14 05:39 - 2015-12-08 21:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-14 01:09 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.trb
2016-01-14 01:06 - 2016-01-14 01:06 - 00000000 ____D C:\ProgramData\TEMP
2016-01-14 01:05 - 2016-01-14 01:05 - 00001123 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\Users\user\Documents\Simply Super Software
2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Simply Super Software
2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2016-01-10 01:42 - 2016-01-10 01:42 - 00000000 ____D C:\System
2016-01-09 23:29 - 2016-01-09 23:29 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES
2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2016-01-03 02:08 - 2015-10-22 18:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-01-03 02:08 - 2015-10-22 18:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-01-03 02:08 - 2015-10-22 17:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-01-03 02:08 - 2015-10-22 17:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-01-03 02:08 - 2015-10-22 16:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-01-03 02:08 - 2015-10-22 16:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-01-02 18:29 - 2016-01-02 18:30 - 00000000 ____D C:\Users\user\Downloads\Super.Porn
2016-01-02 18:29 - 2016-01-02 18:29 - 00000000 ____D C:\Users\user\Downloads\Porn.Auditions.XXX.DVDRip.x264-Pr0nStarS
2016-01-01 23:26 - 2016-01-01 23:35 - 434903118 _____ C:\Users\user\Desktop\voice_029jjk.wav
2016-01-01 23:22 - 2016-01-01 23:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Audacity
2016-01-01 23:18 - 2015-12-19 13:13 - 05473540 ____N C:\Users\user\Desktop\20151219_131344.mp4
2016-01-01 23:18 - 2015-12-19 13:12 - 03319686 ____N C:\Users\user\Desktop\20151219_131217.mp4
2016-01-01 23:18 - 2015-12-19 13:12 - 01500893 ____N C:\Users\user\Desktop\20151219_131243.mp4
2016-01-01 23:18 - 2015-12-19 11:52 - 463060970 ____N C:\Users\user\Desktop\20151219_114835.mp4
2016-01-01 23:13 - 2016-01-01 23:22 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-01-01 23:13 - 2016-01-01 23:13 - 00001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-01-01 23:13 - 2016-01-01 23:13 - 00001021 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-01-01 23:11 - 2015-12-22 13:35 - 79862025 ____N C:\Users\user\Desktop\Voice_029.m4a
2016-01-01 10:52 - 2016-01-01 10:52 - 00000000 ____D C:\Users\user\Documents\Eidos
2016-01-01 09:52 - 2016-01-01 09:52 - 00000220 _____ C:\Users\user\Desktop\Tomb Raider Anniversary.url
2016-01-01 09:52 - 2016-01-01 09:52 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-31 00:05 - 2015-12-31 00:05 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-31 00:05 - 2015-12-31 00:05 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-25 09:34 - 2015-12-25 09:34 - 00001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-25 09:34 - 2015-12-25 09:34 - 00001045 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-25 09:32 - 2015-12-25 09:32 - 09662976 _____ (TeamViewer GmbH) C:\Users\user\Desktop\TeamViewer_Setup_he.exe
2015-12-24 21:21 - 2015-11-05 10:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-24 21:20 - 2015-11-11 17:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-24 21:20 - 2015-11-11 17:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-24 21:20 - 2015-11-10 02:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-24 21:20 - 2015-11-10 02:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-24 21:20 - 2015-11-10 02:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-24 21:20 - 2015-11-10 01:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-24 21:20 - 2015-11-10 01:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-24 21:20 - 2015-11-10 01:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-24 21:20 - 2015-11-10 01:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-24 21:20 - 2015-11-09 00:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-24 21:20 - 2015-11-09 00:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-24 21:20 - 2015-11-08 23:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-24 21:20 - 2015-11-08 23:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-24 21:20 - 2015-11-08 23:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-24 21:20 - 2015-11-08 23:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-24 21:20 - 2015-11-08 23:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-24 21:20 - 2015-11-08 23:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-24 21:20 - 2015-11-08 22:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-24 21:18 - 2015-11-22 08:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-24 21:18 - 2015-11-22 08:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-24 21:18 - 2015-11-22 08:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-24 21:18 - 2015-11-22 08:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-24 21:18 - 2015-11-21 20:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-24 21:18 - 2015-11-21 19:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-24 21:18 - 2015-11-21 18:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-24 21:18 - 2015-11-21 18:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-24 21:18 - 2015-11-21 18:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-24 21:18 - 2015-11-21 18:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-24 21:18 - 2015-11-09 02:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-24 21:18 - 2015-11-09 00:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-24 21:18 - 2015-11-08 23:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-24 21:18 - 2015-11-08 23:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-24 21:18 - 2015-11-08 23:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-24 21:18 - 2015-11-08 22:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-24 21:18 - 2015-11-08 22:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-24 21:18 - 2015-11-08 22:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-24 21:18 - 2015-10-10 19:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-24 21:18 - 2015-10-03 21:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-24 21:18 - 2015-10-03 21:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-24 21:17 - 2015-11-21 00:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-24 21:17 - 2015-11-20 20:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-24 21:17 - 2015-11-20 18:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-24 21:17 - 2015-11-20 18:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-24 21:17 - 2015-11-20 18:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-24 21:17 - 2015-11-20 18:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-24 21:17 - 2015-11-20 18:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-24 21:17 - 2015-11-20 18:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-24 21:17 - 2015-11-20 18:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-24 21:17 - 2015-11-20 18:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-24 21:17 - 2015-11-20 18:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-24 21:17 - 2015-11-20 18:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-24 21:17 - 2015-11-20 18:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-24 21:17 - 2015-10-28 17:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-24 21:17 - 2015-10-28 17:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-24 21:17 - 2015-10-11 08:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-24 21:17 - 2015-10-11 08:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-24 21:17 - 2015-10-11 08:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-24 21:17 - 2015-10-11 08:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-24 21:17 - 2015-10-11 08:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-24 21:17 - 2015-10-10 20:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-24 21:17 - 2015-10-10 20:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-24 21:17 - 2015-10-10 20:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-12-24 21:17 - 2015-10-08 18:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-24 21:17 - 2015-10-08 17:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-24 21:17 - 2015-10-05 20:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-24 21:17 - 2015-10-05 20:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-24 20:02 - 2015-12-24 20:02 - 00000000 ____D C:\Users\user\AppData\Local\AION
2015-12-21 21:19 - 2015-12-24 20:42 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2015-12-20 17:37 - 2015-12-20 17:37 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2015-12-20 17:36 - 2015-12-20 17:36 - 00000000 ____D C:\Users\user\AppData\Local\TeamViewer
2015-12-20 17:34 - 2016-01-15 07:22 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-20 09:43 - 2015-12-20 09:43 - 00000000 ____D C:\Users\user\AppData\Local\Splashtop
2015-12-20 09:42 - 2015-12-21 20:00 - 00000000 ____D C:\ProgramData\Splashtop
2015-12-19 20:43 - 2015-12-24 20:42 - 00000000 ____D C:\Users\user\Documents\Notes
2015-12-19 16:25 - 2015-12-24 20:42 - 00000000 ____D C:\Users\user\AppData\Local\TeamSpeak 3 Client
2015-12-19 16:25 - 2015-12-19 16:29 - 00000000 ____D C:\Users\user\AppData\Roaming\TS3Client
2015-12-19 16:17 - 2015-12-19 16:17 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2015-12-18 08:29 - 2015-12-18 08:31 - 00000021 _____ C:\Users\user\Desktop\lul.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-15 09:01 - 2015-10-06 02:51 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-15 08:38 - 2015-11-19 09:20 - 00000000 ____D C:\Users\user\OneDrive
2016-01-15 08:34 - 2015-10-06 02:51 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-15 01:06 - 2015-08-22 03:50 - 00418330 _____ C:\WINDOWS\system32\perfh00D.dat
2016-01-15 01:06 - 2015-08-22 03:50 - 00065296 _____ C:\WINDOWS\system32\perfc00D.dat
2016-01-15 01:06 - 2014-11-21 10:44 - 01336072 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-15 01:06 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-15 01:01 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-15 01:00 - 2013-08-22 16:44 - 04958976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-15 01:00 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-15 01:00 - 2013-04-08 15:16 - 00000000 ____D C:\Program Files (x86)\Intel
2016-01-15 00:58 - 2015-08-24 10:38 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-15 00:58 - 2014-11-21 17:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-15 00:57 - 2015-10-01 16:35 - 00000000 ____D C:\Users\user\AppData\Local\ClassicShell
2016-01-15 00:57 - 2015-08-21 11:14 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-01-14 07:35 - 2013-08-22 15:36 - 00000000 ____D C:\Windows
2016-01-14 07:25 - 2015-08-20 11:00 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2016-01-14 05:48 - 2015-08-20 19:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-14 05:48 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-14 05:46 - 2015-08-20 19:41 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-14 02:06 - 2015-08-20 22:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-14 02:00 - 2015-09-04 10:04 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-01-14 01:25 - 2015-08-20 17:56 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2813843797-1546752179-644543416-1001
2016-01-09 23:27 - 2015-12-03 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-08 09:17 - 2015-10-09 08:01 - 00007606 _____ C:\Users\user\AppData\Local\resmon.resmoncfg
2016-01-05 22:04 - 2015-08-24 10:39 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-05 22:04 - 2015-08-24 10:39 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 21:25 - 2015-09-08 11:23 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2016-01-01 23:10 - 2015-11-26 18:12 - 00000000 ____D C:\Users\user\Desktop\Progs
2015-12-31 00:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-24 21:18 - 2015-10-01 17:05 - 00001164 _____ C:\Users\user\Desktop\Downloads - Shortcut.lnk
2015-12-24 21:14 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-24 20:42 - 2015-10-06 02:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\יישומי Chrome
2015-12-24 20:42 - 2015-10-06 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-24 20:42 - 2015-10-01 16:35 - 00000000 ____D C:\ProgramData\ClassicShell
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SystemResources
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Globalization
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-24 20:42 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-24 20:42 - 2013-04-08 18:21 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2015-12-24 20:41 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-24 20:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration
==================== Files in the root of some directories =======
2015-10-09 08:01 - 2016-01-08 09:17 - 0007606 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-06 23:09
==================== End of FRST.txt ============================