Hi there!
I've been looking around the web for a few apps that can help and I came a cross this site.
It's awsome what your doing, thank you for your time!
So, I'm pretty sure I'm infected.
My credit card have been used from outside the country and I really need help cleaning it up.
And exepet from that, I can't "refresh" my computer, it's "some files are missing". I've used /sfc scannow but it said it can't fix it.
Here's the farbar's log:
FRST:
Addition:
Checkup:
And again, THANK YOU SO MUCH FOR YOUR TIME! :)
I've been looking around the web for a few apps that can help and I came a cross this site.
It's awsome what your doing, thank you for your time!
So, I'm pretty sure I'm infected.
My credit card have been used from outside the country and I really need help cleaning it up.
And exepet from that, I can't "refresh" my computer, it's "some files are missing". I've used /sfc scannow but it said it can't fix it.
Here's the farbar's log:
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by user (administrator) on EVYATAR (15-01-2016 09:13:01)
Running from C:\Users\user\Desktop\Strong tools\Farbar safe
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro Advanced\DTShellHlp.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-02-01] (Dell Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48128128 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files\DAEMON Tools Pro Advanced\DTAgent.exe [4807952 2015-02-27] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 168.159.216.74 128.221.224.144
Tcpip\..\Interfaces\{342F0987-9B41-40B8-BF3F-B1698B42202B}: [DhcpNameServer] 168.159.216.74 128.221.224.144
Tcpip\..\Interfaces\{3D326732-7D76-45B4-A3C0-5A6DDCD2CAE0}: [DhcpNameServer] 192.168.77.254
Internet Explorer:
==================
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\chhxdq47.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-11-07] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2813843797-1546752179-644543416-1001: SkypePlugin -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi.dll [2015-10-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2813843797-1546752179-644543416-1001: SkypePlugin64 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\npGatewayNpapi-x64.dll [2015-10-22] (Skype Technologies S.A.)
FF Extension: Quick Searcher - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\chhxdq47.default\extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2015-12-24] [not signed]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\chhxdq47.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google מצגות) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-06]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-06]
CHR Extension: (כונן Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-06]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Quick Searcher) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccodghgodlomliflnlkobciodlakmhmp [2015-12-24]
CHR Extension: (חיפוש Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-06]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-06]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-06]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-06]
CHR Extension: (Any.do) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2015-10-06]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-06]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2013-04-08] (Conexant Systems, Inc.)
R3 Disc Soft Pro Bus Service; C:\Program Files\DAEMON Tools Pro Advanced\DiscSoftBusService.exe [1291024 2015-02-27] (Disc Soft Ltd)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-06-18] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-06-12] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831200 2015-06-12] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-09-22] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [9000256 2012-08-23] (Intel Corporation) [File not signed]
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew01.sys [3354384 2015-05-04] (Intel Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-08-22] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-14 08:04 - 2016-01-14 08:04 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2016-01-14 07:44 - 2016-01-14 07:44 - 00000000 ____D C:\Users\user\AppData\Local\niemiro
2016-01-14 07:34 - 2016-01-15 09:12 - 00000000 ____D C:\FRST
2016-01-14 07:32 - 2016-01-15 09:10 - 00000000 ____D C:\Users\user\Desktop\Strong tools
2016-01-14 07:14 - 2016-01-14 07:14 - 00000942 _____ C:\Users\user\Desktop\SFCFix.txt
2016-01-14 07:14 - 2016-01-14 07:14 - 00000000 ____D C:\SFCFix
2016-01-14 05:42 - 2015-12-11 06:38 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-14 05:42 - 2015-12-11 06:00 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-14 05:42 - 2015-12-11 05:55 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-14 05:42 - 2015-12-11 05:50 - 20367360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-14 05:42 - 2015-12-11 05:45 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-14 05:42 - 2015-12-11 05:21 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-14 05:42 - 2015-12-11 05:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-14 05:42 - 2015-12-11 05:09 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-14 05:42 - 2015-12-11 05:09 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-14 05:42 - 2015-12-11 05:03 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-14 05:42 - 2015-12-11 04:59 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-14 05:42 - 2015-12-11 04:43 - 04610560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-14 05:42 - 2015-12-11 04:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-14 05:42 - 2015-12-11 04:38 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-14 05:42 - 2015-12-11 04:37 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-14 05:42 - 2015-12-11 04:35 - 12856320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-14 05:42 - 2015-12-11 04:26 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-14 05:42 - 2015-12-11 04:14 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-01-14 05:42 - 2015-12-11 04:12 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-14 05:42 - 2015-12-11 04:08 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-14 05:42 - 2015-12-11 04:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-14 05:41 - 2015-12-05 07:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-14 05:41 - 2015-12-05 07:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-14 05:41 - 2015-12-03 20:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-14 05:41 - 2015-12-03 20:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-14 05:41 - 2015-12-03 20:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-14 05:41 - 2015-12-03 20:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-14 05:41 - 2015-12-03 20:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-14 05:41 - 2015-12-03 19:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2016-01-14 05:41 - 2015-12-03 19:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-14 05:41 - 2015-12-03 19:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-14 05:41 - 2015-12-03 19:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-14 05:41 - 2015-12-03 19:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-14 05:41 - 2015-12-03 19:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-14 05:41 - 2015-12-03 19:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-14 05:41 - 2015-12-03 19:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-14 05:41 - 2015-12-03 19:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-14 05:41 - 2015-12-03 19:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-14 05:41 - 2015-12-03 18:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-14 05:41 - 2015-12-03 18:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-14 05:41 - 2015-12-02 17:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-14 05:41 - 2015-12-02 17:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-14 05:40 - 2015-12-30 21:32 - 07453016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-14 05:40 - 2015-12-30 21:32 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-14 05:40 - 2015-12-30 21:32 - 01499912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-14 05:40 - 2015-12-10 02:40 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-01-14 05:40 - 2015-12-07 12:56 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-14 05:40 - 2015-12-04 17:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-14 05:40 - 2015-12-03 21:42 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-14 05:40 - 2015-12-03 21:42 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-14 05:40 - 2015-12-03 21:42 - 00137968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-14 05:40 - 2015-12-03 21:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-14 05:40 - 2015-12-03 21:41 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-14 05:40 - 2015-12-03 20:52 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-14 05:40 - 2015-12-03 20:52 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-14 05:40 - 2015-12-03 20:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-14 05:40 - 2015-12-03 20:28 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-14 05:40 - 2015-12-03 20:28 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-14 05:40 - 2015-12-03 19:51 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-01-14 05:40 - 2015-12-03 19:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-01-14 05:40 - 2015-12-03 19:13 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-14 05:40 - 2015-12-03 19:07 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-14 05:40 - 2015-12-03 18:45 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-14 05:40 - 2015-11-17 23:07 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-14 05:39 - 2015-12-08 21:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-14 05:39 - 2015-12-08 21:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-14 01:09 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.trb
2016-01-14 01:06 - 2016-01-14 01:06 - 00000000 ____D C:\ProgramData\TEMP
2016-01-14 01:05 - 2016-01-14 01:05 - 00001123 _____ C:\Users\Public\Desktop\Trojan Remover.lnk
2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\Users\user\Documents\Simply Super Software
2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Simply Super Software
2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\ProgramData\Simply Super Software
2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2016-01-14 01:05 - 2016-01-14 01:05 - 00000000 ____D C:\Program Files (x86)\Trojan Remover
2016-01-10 01:42 - 2016-01-10 01:42 - 00000000 ____D C:\System
2016-01-09 23:29 - 2016-01-09 23:29 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES
2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2016-01-03 02:08 - 2015-10-22 19:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2016-01-03 02:08 - 2015-10-22 18:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2016-01-03 02:08 - 2015-10-22 18:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-01-03 02:08 - 2015-10-22 18:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-01-03 02:08 - 2015-10-22 17:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-01-03 02:08 - 2015-10-22 17:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-01-03 02:08 - 2015-10-22 16:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-01-03 02:08 - 2015-10-22 16:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-01-02 18:29 - 2016-01-02 18:30 - 00000000 ____D C:\Users\user\Downloads\Super.Porn
2016-01-02 18:29 - 2016-01-02 18:29 - 00000000 ____D C:\Users\user\Downloads\Porn.Auditions.XXX.DVDRip.x264-Pr0nStarS
2016-01-01 23:26 - 2016-01-01 23:35 - 434903118 _____ C:\Users\user\Desktop\voice_029jjk.wav
2016-01-01 23:22 - 2016-01-01 23:43 - 00000000 ____D C:\Users\user\AppData\Roaming\Audacity
2016-01-01 23:18 - 2015-12-19 13:13 - 05473540 ____N C:\Users\user\Desktop\20151219_131344.mp4
2016-01-01 23:18 - 2015-12-19 13:12 - 03319686 ____N C:\Users\user\Desktop\20151219_131217.mp4
2016-01-01 23:18 - 2015-12-19 13:12 - 01500893 ____N C:\Users\user\Desktop\20151219_131243.mp4
2016-01-01 23:18 - 2015-12-19 11:52 - 463060970 ____N C:\Users\user\Desktop\20151219_114835.mp4
2016-01-01 23:13 - 2016-01-01 23:22 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-01-01 23:13 - 2016-01-01 23:13 - 00001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-01-01 23:13 - 2016-01-01 23:13 - 00001021 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-01-01 23:11 - 2015-12-22 13:35 - 79862025 ____N C:\Users\user\Desktop\Voice_029.m4a
2016-01-01 10:52 - 2016-01-01 10:52 - 00000000 ____D C:\Users\user\Documents\Eidos
2016-01-01 09:52 - 2016-01-01 09:52 - 00000220 _____ C:\Users\user\Desktop\Tomb Raider Anniversary.url
2016-01-01 09:52 - 2016-01-01 09:52 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-31 00:05 - 2015-12-31 00:05 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-31 00:05 - 2015-12-31 00:05 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-25 09:34 - 2015-12-25 09:34 - 00001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2015-12-25 09:34 - 2015-12-25 09:34 - 00001045 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2015-12-25 09:32 - 2015-12-25 09:32 - 09662976 _____ (TeamViewer GmbH) C:\Users\user\Desktop\TeamViewer_Setup_he.exe
2015-12-24 21:21 - 2015-11-05 10:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-24 21:20 - 2015-11-11 17:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-24 21:20 - 2015-11-11 17:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-24 21:20 - 2015-11-10 02:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-24 21:20 - 2015-11-10 02:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-24 21:20 - 2015-11-10 02:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-24 21:20 - 2015-11-10 01:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-24 21:20 - 2015-11-10 01:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-24 21:20 - 2015-11-10 01:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-24 21:20 - 2015-11-10 01:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-24 21:20 - 2015-11-09 00:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-24 21:20 - 2015-11-09 00:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-24 21:20 - 2015-11-08 23:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-24 21:20 - 2015-11-08 23:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-24 21:20 - 2015-11-08 23:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-24 21:20 - 2015-11-08 23:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-24 21:20 - 2015-11-08 23:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-24 21:20 - 2015-11-08 23:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-24 21:20 - 2015-11-08 22:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-24 21:18 - 2015-11-22 08:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-24 21:18 - 2015-11-22 08:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-24 21:18 - 2015-11-22 08:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-24 21:18 - 2015-11-22 08:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-24 21:18 - 2015-11-21 20:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-24 21:18 - 2015-11-21 19:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-24 21:18 - 2015-11-21 18:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-24 21:18 - 2015-11-21 18:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-24 21:18 - 2015-11-21 18:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-24 21:18 - 2015-11-21 18:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-24 21:18 - 2015-11-09 02:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-24 21:18 - 2015-11-09 00:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-24 21:18 - 2015-11-08 23:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-24 21:18 - 2015-11-08 23:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-24 21:18 - 2015-11-08 23:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-24 21:18 - 2015-11-08 22:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-24 21:18 - 2015-11-08 22:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-24 21:18 - 2015-11-08 22:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-24 21:18 - 2015-10-10 19:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-24 21:18 - 2015-10-03 21:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-24 21:18 - 2015-10-03 21:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-24 21:17 - 2015-11-21 00:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-24 21:17 - 2015-11-20 20:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-24 21:17 - 2015-11-20 18:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-24 21:17 - 2015-11-20 18:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-24 21:17 - 2015-11-20 18:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-24 21:17 - 2015-11-20 18:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-24 21:17 - 2015-11-20 18:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-24 21:17 - 2015-11-20 18:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-24 21:17 - 2015-11-20 18:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-24 21:17 - 2015-11-20 18:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-24 21:17 - 2015-11-20 18:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-24 21:17 - 2015-11-20 18:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-24 21:17 - 2015-11-20 18:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-24 21:17 - 2015-10-28 17:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-24 21:17 - 2015-10-28 17:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-24 21:17 - 2015-10-11 08:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-24 21:17 - 2015-10-11 08:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-24 21:17 - 2015-10-11 08:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-24 21:17 - 2015-10-11 08:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-24 21:17 - 2015-10-11 08:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-24 21:17 - 2015-10-10 20:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-24 21:17 - 2015-10-10 20:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-24 21:17 - 2015-10-10 20:40 - 00078848 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winusb.sys
2015-12-24 21:17 - 2015-10-08 18:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-24 21:17 - 2015-10-08 17:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-24 21:17 - 2015-10-05 20:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-24 21:17 - 2015-10-05 20:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-24 20:02 - 2015-12-24 20:02 - 00000000 ____D C:\Users\user\AppData\Local\AION
2015-12-21 21:19 - 2015-12-24 20:42 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2015-12-20 17:37 - 2015-12-20 17:37 - 00000000 ____D C:\Users\user\AppData\Roaming\TeamViewer
2015-12-20 17:36 - 2015-12-20 17:36 - 00000000 ____D C:\Users\user\AppData\Local\TeamViewer
2015-12-20 17:34 - 2016-01-15 07:22 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-20 09:43 - 2015-12-20 09:43 - 00000000 ____D C:\Users\user\AppData\Local\Splashtop
2015-12-20 09:42 - 2015-12-21 20:00 - 00000000 ____D C:\ProgramData\Splashtop
2015-12-19 20:43 - 2015-12-24 20:42 - 00000000 ____D C:\Users\user\Documents\Notes
2015-12-19 16:25 - 2015-12-24 20:42 - 00000000 ____D C:\Users\user\AppData\Local\TeamSpeak 3 Client
2015-12-19 16:25 - 2015-12-19 16:29 - 00000000 ____D C:\Users\user\AppData\Roaming\TS3Client
2015-12-19 16:17 - 2015-12-19 16:17 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2015-12-18 08:29 - 2015-12-18 08:31 - 00000021 _____ C:\Users\user\Desktop\lul.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-15 09:01 - 2015-10-06 02:51 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-15 08:38 - 2015-11-19 09:20 - 00000000 ____D C:\Users\user\OneDrive
2016-01-15 08:34 - 2015-10-06 02:51 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-15 01:06 - 2015-08-22 03:50 - 00418330 _____ C:\WINDOWS\system32\perfh00D.dat
2016-01-15 01:06 - 2015-08-22 03:50 - 00065296 _____ C:\WINDOWS\system32\perfc00D.dat
2016-01-15 01:06 - 2014-11-21 10:44 - 01336072 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-15 01:06 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-01-15 01:01 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-15 01:00 - 2013-08-22 16:44 - 04958976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-15 01:00 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-15 01:00 - 2013-04-08 15:16 - 00000000 ____D C:\Program Files (x86)\Intel
2016-01-15 00:58 - 2015-08-24 10:38 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-15 00:58 - 2014-11-21 17:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-15 00:57 - 2015-10-01 16:35 - 00000000 ____D C:\Users\user\AppData\Local\ClassicShell
2016-01-15 00:57 - 2015-08-21 11:14 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-01-14 07:35 - 2013-08-22 15:36 - 00000000 ____D C:\Windows
2016-01-14 07:25 - 2015-08-20 11:00 - 00000000 ____D C:\Users\user\AppData\Local\VirtualStore
2016-01-14 05:48 - 2015-08-20 19:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-14 05:48 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-14 05:46 - 2015-08-20 19:41 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-14 02:06 - 2015-08-20 22:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-14 02:00 - 2015-09-04 10:04 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-01-14 01:25 - 2015-08-20 17:56 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2813843797-1546752179-644543416-1001
2016-01-09 23:27 - 2015-12-03 21:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-08 09:17 - 2015-10-09 08:01 - 00007606 _____ C:\Users\user\AppData\Local\resmon.resmoncfg
2016-01-05 22:04 - 2015-08-24 10:39 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-05 22:04 - 2015-08-24 10:39 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 21:25 - 2015-09-08 11:23 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2016-01-01 23:10 - 2015-11-26 18:12 - 00000000 ____D C:\Users\user\Desktop\Progs
2015-12-31 00:15 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-24 21:18 - 2015-10-01 17:05 - 00001164 _____ C:\Users\user\Desktop\Downloads - Shortcut.lnk
2015-12-24 21:14 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-24 20:42 - 2015-10-06 02:53 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\יישומי Chrome
2015-12-24 20:42 - 2015-10-06 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-24 20:42 - 2015-10-01 16:35 - 00000000 ____D C:\ProgramData\ClassicShell
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 __RSD C:\WINDOWS\Media
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\SystemResources
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\Globalization
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-24 20:42 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-24 20:42 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-24 20:42 - 2013-04-08 18:21 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2015-12-24 20:41 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-24 20:35 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\registration
==================== Files in the root of some directories =======
2015-10-09 08:01 - 2016-01-08 09:17 - 0007606 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-06 23:09
==================== End of FRST.txt ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by user (2016-01-14 07:35:11)
Running from C:\Users\user\Desktop\Strong tools\Farbar safe
Windows 8.1 (X64) (2015-08-21 15:20:18)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2813843797-1546752179-644543416-500 - Administrator - Disabled)
Guest (S-1-5-21-2813843797-1546752179-644543416-501 - Limited - Disabled)
user (S-1-5-21-2813843797-1546752179-644543416-1001 - Administrator - Enabled) => C:\Users\user
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
1.1.3 (HKLM-x32\...\{A4046FE1-986B-4463-B4DD-CFA473A7056B}_is1) (Version: - PDFZilla)
99 Levels To Hell (HKLM-x32\...\Steam App 264280) (Version: - Zaxis Games)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
AMD Catalyst Install Manager (HKLM\...\{572C982F-95F5-0562-AE8F-8A9D7D024A88}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.69.1079 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.46.0 - Conexant)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro Advanced (HKLM-x32\...\DAEMON Tools Pro Advanced) (Version: - DT Soft Ltd.)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.5.4 - ELAN Microelectronic Corp.)
Dungeon Siege 2 (HKLM-x32\...\DungeonSiege2) (Version: - Microsoft)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel(R) Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2849 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C2A72E57-2CC7-4C02-BE19-0A12D74C5D63}) (Version: 18.1.1525.1445 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6f0207e-ac43-48a9-bfff-3d879b45694d}) (Version: 18.12.1 - Intel Corporation)
Last Man (HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\Last Man) (Version: - )
MapleStory (HKLM-x32\...\MapleStory) (Version: - )
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.017 - Dell Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.2.612.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.33.0 - SAMSUNG Electronics Co., Ltd.)
Skype Web Plugin (HKLM-x32\...\{1FA35853-3EBA-449C-8D52-E925CECC2352}) (Version: 7.9.0.56 - Skype Technologies S.A.)
Skype™ 7.13 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 7.13.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
The Sims 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.797.20 - Electronic Arts)
Tomb Raider: Anniversary (HKLM-x32\...\Steam App 8000) (Version: - Crystal Dynamics)
Trine (HKLM-x32\...\Steam App 35700) (Version: - Frozenbyte)
Trojan Remover 6.9.3 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.3 - Simply Super Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2813843797-1546752179-644543416-1001_Classes\CLSID\{3AD65835-62CE-4DBD-95A9-9C52E04F5045}\InprocServer32 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2813843797-1546752179-644543416-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2813843797-1546752179-644543416-1001_Classes\CLSID\{A0D3F860-9D1C-4FEB-9E6C-E23084D15756}\localserver32 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2813843797-1546752179-644543416-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\user\AppData\Local\SkypePlugin\7.9.0.56\EdgeCalling.exe (Skype Technologies S.A.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {406B6AA3-6A87-44F0-9E56-9A8595FFB53B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-06] (Google Inc.)
Task: {437BA73D-4952-4845-B418-9B91EEE1007D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {9937EE5B-46EC-4595-B5A7-FE09F07F7BCC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {A46B5104-6AFF-4F35-97E0-B83D782D26C7} - System32\Tasks\AdobeAAMUpdater-1.0-aviatar-user => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BFCF21EC-593F-4EAF-9F43-42ABD4894C52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-06] (Google Inc.)
Task: {C753786D-015F-436F-ABE7-74DB081563B6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {F36844B8-E8D8-40F8-93DA-1046E8B49E04} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-14] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-07-16 04:45 - 2015-07-16 04:45 - 00105112 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2013-04-08 16:22 - 2012-07-18 10:03 - 00165024 _____ () C:\Program Files\Conexant\SA3\MaxxAudioWrapper.dll
2015-08-22 09:08 - 2015-07-16 04:52 - 00413848 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2015-08-22 09:08 - 2015-07-16 04:59 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2015-08-22 09:08 - 2015-07-16 04:56 - 00130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2015-08-22 09:08 - 2015-07-16 04:56 - 00025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2015-08-22 09:08 - 2015-07-16 04:56 - 00059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2015-08-22 09:08 - 2015-07-16 04:57 - 00194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2015-08-22 09:08 - 2015-07-16 04:58 - 00159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2015-08-22 09:08 - 2015-07-16 04:58 - 00158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2015-08-22 09:08 - 2015-07-16 04:57 - 00050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2015-08-22 09:08 - 2015-07-16 04:55 - 00032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2013-04-08 16:00 - 2012-06-25 07:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-08-20 22:07 - 2015-11-10 21:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-08-20 22:07 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-08-20 22:07 - 2015-12-14 22:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll
2015-08-20 22:07 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-08-20 22:07 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-08-20 22:07 - 2015-09-24 02:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-08-20 22:07 - 2015-09-24 02:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-08-20 22:07 - 2015-09-24 02:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-08-20 22:07 - 2015-09-24 02:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-08-20 22:07 - 2015-09-24 02:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-08-20 22:07 - 2015-12-14 22:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-08-20 22:07 - 2015-11-04 00:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-08-20 22:07 - 2015-11-17 02:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-08-20 22:07 - 2015-09-25 01:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2016-01-14 01:09 - 00000975 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 168.159.216.74 - 128.221.224.144
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2813843797-1546752179-644543416-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C40BB3C0-DFCA-4B4D-887B-F7C3290EFDAF}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ACFE4755-2DFD-4582-96FE-56C5E983114F}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6D8128D5-18B0-4B67-B515-FB1C48D7FC22}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{53896FF0-6A1D-4E70-A14B-C4D1B89F259E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6FBD4ADE-A9D8-4531-955C-A8DA115CE3BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A7C3A1B6-0E4C-45FB-9BAE-79472FF8531C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9D2C297F-E983-4491-9D11-F03230EB9A6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27FC08AE-DD0E-4401-AFB9-52DA670B5C58}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A056415A-24D6-4046-BEC3-8414E7E7C152}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2EEED39D-01F4-4E1C-A811-8F51433C44AD}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F40326AE-5104-48CC-A77E-DD55A08BE9DE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{449E111E-C510-4E16-9465-2ED40641B7CE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A95F4C6F-8B7B-48C5-A628-F61DA9F43B35}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{8F5CDF74-666C-46D1-B887-0E6433A2B64E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{594755B8-156B-4647-BE6E-8A7E0C922420}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1AA09A8B-2C0F-4C11-82EF-458C3AE427DA}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{CD4FCBDA-E01C-4BB2-9297-6647BDE8C3D6}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{B025725F-89CF-4969-8E60-0C0EC4B172AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{C0E99D25-95C6-48EA-8235-093DDC3E5A8F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sacred 2 Gold\system\sacred2.exe
FirewallRules: [{080A7161-FFA5-4077-A23C-B2E38D9669FF}] => (Allow) C:\Program Files (x86)\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe
FirewallRules: [{81901C6E-2E94-4C9E-A3C0-4AA07B4A5578}] => (Allow) C:\Program Files (x86)\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe
FirewallRules: [{2BB80941-0351-4E53-AC5F-520AFEDA20D9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{29C55BE8-448A-40C7-A45C-DFD135A8381C}] => (Allow) LPort=2869
FirewallRules: [{E6B91F89-EA5D-4614-90E9-B1DECC5659EA}] => (Allow) LPort=1900
FirewallRules: [{FF86267E-9FB8-4B7E-B2B8-FE46662EA7A8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{699E92CD-6D2D-48B9-AD3A-CB52C8644655}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{66B4F4F5-2196-4851-9444-1B8DAA548A17}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{AA06A890-6BE7-4AA7-94C9-26BD99D42583}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [TCP Query User{757B0986-25D9-4482-BF4C-0F26C6AE2A9C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A5B278FB-B8E6-4E46-B957-B18CE727C2CF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{BC1CEADD-AD41-4B18-B3B9-E7DE87D110E8}C:\users\user\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe
FirewallRules: [UDP Query User{8BBAEFE0-112F-4B6D-8AC2-5FDEB99C58FA}C:\users\user\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe] => (Allow) C:\users\user\appdata\local\skypeplugin\7.9.0.56\pluginhost.exe
FirewallRules: [{E6218BDA-C999-4E51-A1A4-BCE1D0EC7AB2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\99 Levels To Hell\99 Levels To Hell.exe
FirewallRules: [{43ED794E-7582-4308-AEDC-E24E90D630CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\99 Levels To Hell\99 Levels To Hell.exe
FirewallRules: [{C5D7C9D6-130C-4FD6-9139-5B55BF371265}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8746196E-5FFB-4056-B8EC-9576A31BB9DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C74DB924-B7C9-4AA7-80F3-3FD5739F7104}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{01A6B9D1-40B0-4173-9137-CB725D80430E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D15BD864-5B0D-4C62-BF2C-252FFCAF3E87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{42CB59A4-4E00-4816-B762-C99B59A610EA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Anniversary\tra.exe
FirewallRules: [{F344A7F9-B362-4D73-A40A-750E37EA032F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider Anniversary\tra.exe
==================== Restore Points =========================
31-12-2015 00:03:53 Windows Update
03-01-2016 04:04:38 Windows Update
14-01-2016 01:30:03 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/06/2016 10:48:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: f10
Start Time: 01d148c2cceb4915
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: c5aab66c-b4b6-11e5-be92-84a6c845a6e0
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (12/25/2015 08:08:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.125.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 8e8
Start Time: 01d13e7b62a65b1e
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
Report Id: dd801d72-aacd-11e5-be8f-84a6c845a6e0
Faulting package full name:
Faulting package-relative application ID:
Error: (12/24/2015 09:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1340) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU003AE.log.
Error: (12/19/2015 04:10:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esrv_svc.exe, version: 1.2.1.1025, time stamp: 0x55a7a91f
Faulting module name: ntdll.dll, version: 6.3.9600.18146, time stamp: 0x5650b9bb
Exception code: 0xc0000374
Fault offset: 0x00000000000f12e0
Faulting process id: 0x66c
Faulting application start time: 0xesrv_svc.exe0
Faulting application path: esrv_svc.exe1
Faulting module path: esrv_svc.exe2
Report Id: esrv_svc.exe3
Faulting package full name: esrv_svc.exe4
Faulting package-relative application ID: esrv_svc.exe5
Error: (12/15/2015 06:44:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1354
Start Time: 01d135ab5ad88714
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 189f6bac-a34b-11e5-be90-84a6c845a6e0
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (12/10/2015 12:12:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: bac
Start Time: 01d132ca34524e8a
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 773a9ca4-9ebd-11e5-be8d-84a6c845a6e0
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (12/03/2015 09:08:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Exception code: 0xc0000005
Fault offset: 0x001e7650
Faulting process id: 0x1274
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
Error: (12/03/2015 01:32:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: e48
Start Time: 01d12a686d36e637
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: d737c3cd-994c-11e5-be89-84a6c845a6e0
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
Error: (11/23/2015 06:20:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: IAStorDataMgrSvc.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
at System.ServiceModel.Channels.PipeConnection+Exceptions.CreateReadException(Int32)
at System.ServiceModel.Channels.PipeConnection.OnAsyncReadComplete(Boolean, Int32, Int32)
at System.ServiceModel.Channels.OverlappedContext.CompleteCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
at System.Runtime.Fx+IOCompletionThunk.UnhandledExceptionFrame(UInt32, UInt32, System.Threading.NativeOverlapped*)
at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
Error: (11/21/2015 12:23:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 22ac
Start Time: 01d123e154237360
Termination Time: 4294967295
Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe
Report Id: 47e1c088-8fd5-11e5-be85-84a6c845a6e0
Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe
Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1
System errors:
=============
Error: (01/14/2016 01:02:06 AM) (Source: Schannel) (EventID: 4114) (User: EVYATAR)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
Error: (01/14/2016 01:02:06 AM) (Source: Schannel) (EventID: 4120) (User: EVYATAR)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
Error: (01/10/2016 06:22:53 AM) (Source: Schannel) (EventID: 4114) (User: EVYATAR)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
Error: (01/10/2016 06:22:53 AM) (Source: Schannel) (EventID: 4120) (User: EVYATAR)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
Error: (01/10/2016 01:55:43 AM) (Source: Schannel) (EventID: 4114) (User: EVYATAR)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
Error: (01/10/2016 01:55:43 AM) (Source: Schannel) (EventID: 4120) (User: EVYATAR)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
Error: (01/10/2016 01:24:29 AM) (Source: Schannel) (EventID: 4114) (User: EVYATAR)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
Error: (01/10/2016 01:24:29 AM) (Source: Schannel) (EventID: 4120) (User: EVYATAR)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
Error: (01/10/2016 01:24:28 AM) (Source: Schannel) (EventID: 4114) (User: EVYATAR)
Description: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
Error: (01/10/2016 01:24:28 AM) (Source: Schannel) (EventID: 4120) (User: EVYATAR)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 48. The Windows SChannel error state is 552.
CodeIntegrity:
===================================
Date: 2015-08-29 10:36:30.412
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-08-29 10:13:20.112
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-08-24 11:59:01.477
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-08-24 11:59:00.821
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-08-24 11:42:10.033
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-08-24 11:38:29.211
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-08-22 10:02:23.081
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-08-21 18:13:22.299
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 6005.85 MB
Available physical RAM: 2967.92 MB
Total Virtual: 8693.85 MB
Available Virtual: 5205.05 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:931.17 GB) (Free:794.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3829D9DC)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Checkup:
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Trojan Remover 6.9.3
Adobe Flash Player 19.0.0.245 Flash Player out of Date!
Mozilla Firefox 40.0.2 Firefox out of Date!
Google Chrome (46.0.2490.86)
Google Chrome (47.0.2526.106)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
And again, THANK YOU SO MUCH FOR YOUR TIME! :)
