Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016 Ran by Sora (administrator) on CLARA (02-10-2016 00:12:55) Running from C:\Users\Sora\Downloads Loaded Profiles: Sora (Available Profiles: Sora) Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe (Windows (R) Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Tixati Software Inc.) C:\Program Files\tixati\tixati.exe (Flux Software LLC) C:\Users\Sora\AppData\Local\FluxSoftware\Flux\flux.exe () C:\Users\Sora\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-26] (Intel Corporation) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25242560 2016-10-01] (Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\...\Run: [tixati] => C:\Program Files\tixati\tixati.exe [35478776 2016-06-03] (Tixati Software Inc.) HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\...\Run: [GameCompanion] => "C:\Users\Sora\AppData\Roaming\GameCompanion\GameCompanion.exe" HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-02] (Piriform Ltd) HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\...\Run: [f.lux] => C:\Users\Sora\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC) HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\...\Run: [MiPhoneManager] => C:\Users\Sora\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe [157624 2016-03-11] () HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\...\Run: [GoogleChromeAutoLaunch_304EAB1E27914EBBD8DE8265A9DF3499] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1135208 2016-09-25] (Google Inc.) HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab) HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sora\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sora\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sora\AppData\Local\MEGAsync\ShellExtX64.dll No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sora\AppData\Local\MEGAsync\ShellExtX32.dll No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sora\AppData\Local\MEGAsync\ShellExtX32.dll No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sora\AppData\Local\MEGAsync\ShellExtX32.dll No File ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-01] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-10-01] ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{65ED8052-9F94-45FE-95F4-F171D8D2AEC5}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avast.com/AV772/search/web?q={searchTerms} HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://search.avast.com/AV772/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms} SearchScopes: HKU\S-1-5-21-1712944369-4094399640-1560360031-1001 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms} SearchScopes: HKU\S-1-5-21-1712944369-4094399640-1560360031-1001 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms} BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-05-27] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-27] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-27] (Oracle Corporation) Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Sora\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\aqrvvk0f.default FF Plugin: psionline.com/PSIIAPlugin -> C:\Program Files (x86)\PSI In-application Plugin\npPSIInappPlugin64.dll [2016-06-01] (PSI) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-01] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-01] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-27] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-05-27] (Microsoft Corporation) FF Extension: (Greasemonkey) - C:\Users\Sora\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\aqrvvk0f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-09-26] FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28] FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi Chrome: ======= CHR HomePage: Default -> hxxp://google.com/ CHR StartupUrls: Default -> "hxxp://www.mylucky123.com/?type=hp&ts=1475207946&z=d8809940daca0a02b9f9498gdzem3w6odeam5taz7w&from=uvc0929&uid=ST1000LM024XHN-M101MBB_S32XJ9CG315954" CHR Profile: C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default [2016-10-02] CHR Extension: (Google Slides) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-29] CHR Extension: (Google Docs) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-29] CHR Extension: (Google Drive) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-29] CHR Extension: (YouTube) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-29] CHR Extension: (Adblock Plus) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-29] CHR Extension: (Tampermonkey) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-29] CHR Extension: (Session Buddy) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-09-29] CHR Extension: (Torrent Turbo Search App) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif [2016-09-29] CHR Extension: (Google Sheets) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-29] CHR Extension: (Kaspersky Protection) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-10-01] CHR Extension: (Avira Browser Safety) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-01] CHR Extension: (Google Docs Offline) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-29] CHR Extension: (Window Resizer) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2016-09-29] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-09-29] CHR Extension: (Chrome Web Store Payments) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-29] CHR Extension: (Check All) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbihdpkeohjdfncchjhidbbonnihaob [2016-09-29] CHR Extension: (Better History) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-09-29] CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-09-29] CHR Extension: (Gmail) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-29] CHR Extension: (Chrome Media Router) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-29] CHR Extension: (RightToCopy) - C:\Users\Sora\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmcimdddlobkphnofejmeidjblideca [2016-09-29] CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib CHR HKU\S-1-5-21-1712944369-4094399640-1560360031-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-03] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-03] (Dropbox, Inc.) R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-10-01] (Windows (R) Win 7 DDK provider) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-26] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-04-29] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-20] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-03] (Intel Corporation) [File not signed] S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-03] (Intel Corporation) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [209184 2016-03-16] (Intel Corporation) S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab) R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab) S2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed] S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-11-21] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2015-01-17] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-01-17] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4226560 2014-10-17] (Qualcomm Atheros Communications, Inc.) R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [19768 2013-07-03] (ASUSTek Computer Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [73512 2014-11-22] (ASUS Corporation) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-13] (EldoS Corporation) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-09-30] () R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-11] (Intel Corporation) R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-11] (Intel Corporation) R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-04-30] (Intel Corporation) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab) R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab) R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\drivers\klhk.sys [435032 2016-10-01] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1012056 2016-10-01] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [50008 2016-10-01] (AO Kaspersky Lab) R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab) R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab) R3 kltap; C:\Windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project) S4 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [127896 2016-10-01] (AO Kaspersky Lab) R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab) R3 kxspb; C:\Windows\System32\drivers\kxspb.sys [56728 2014-06-12] (Kionix, Inc.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-01] (Malwarebytes) S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [242688 2016-08-30] (QUALCOMM Incorporated) R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-08-01] (Realtek Semiconductor Corporation ) R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [777944 2016-01-14] (Realsil Semiconductor Corporation) U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [413912 2015-12-23] (Realsil Semiconductor Corporation) U0 sconny; C:\Windows\System32\drivers\rymf.sys [79064 2016-10-01] (Malwarebytes) R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35320 2015-01-17] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258368 2015-01-17] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-01-17] (Microsoft Corporation) U0 aswVmm; no ImagePath S3 dbx; system32\DRIVERS\dbx.sys [X] S3 dcdbas; \SystemRoot\System32\drivers\dcdbas64.sys [X] S3 HWiNFO32; \??\C:\Users\Sora\AppData\Local\Temp\HWiNFO64A.SYS [X] S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-01 23:52 - 2016-10-01 23:52 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\rymf.sys 2016-10-01 23:46 - 2016-10-01 23:46 - 00001042 _____ C:\Users\Sora\Desktop\malware.txt 2016-10-01 23:21 - 2016-10-01 23:21 - 00000000 ____D C:\Users\Sora\Downloads\FRST-OlderVersion 2016-10-01 11:25 - 2016-10-01 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-10-01 05:13 - 2016-10-01 13:26 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2016-10-01 05:13 - 2016-10-01 05:13 - 00002099 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk 2016-10-01 05:13 - 2016-10-01 05:13 - 00001390 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk 2016-10-01 05:13 - 2016-10-01 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection 2016-10-01 05:13 - 2016-10-01 05:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2016-10-01 05:12 - 2016-10-01 05:23 - 01012056 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-10-01 05:12 - 2016-06-26 15:14 - 00191312 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2016-10-01 05:12 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2016-10-01 04:55 - 2016-10-01 05:10 - 175941664 _____ (Kaspersky Lab) C:\Users\Sora\Downloads\kav17.0.0.611en_11479.exe 2016-10-01 04:51 - 2016-10-01 04:51 - 00001111 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk 2016-10-01 04:51 - 2016-10-01 04:51 - 00001071 ____H C:\Users\Public\Desktop\Kaspersky Security Scan.lnk 2016-10-01 04:51 - 2016-10-01 04:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta 2016-10-01 04:51 - 2016-10-01 04:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan 2016-10-01 04:50 - 2016-10-01 23:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-10-01 04:50 - 2016-10-01 05:13 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2016-10-01 04:47 - 2016-10-01 13:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2016-10-01 04:43 - 2016-10-01 04:45 - 02622304 _____ (Kaspersky Lab) C:\Users\Sora\Downloads\kss16.0.0.1344en_9702.exe 2016-10-01 02:55 - 2016-10-01 04:47 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Avira 2016-10-01 02:54 - 2016-10-01 13:08 - 00000000 ____D C:\Program Files (x86)\Avira 2016-10-01 02:46 - 2016-10-01 02:46 - 01474568 _____ C:\Users\Sora\Downloads\avira-free-antivirus.exe 2016-10-01 01:44 - 2016-10-01 01:44 - 00042792 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe 2016-10-01 01:38 - 2016-10-01 01:38 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys 2016-10-01 01:38 - 2016-10-01 01:38 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys 2016-10-01 01:38 - 2016-10-01 01:38 - 00073840 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys 2016-09-30 23:30 - 2016-09-30 23:30 - 00000258 _____ C:\Users\Sora\Documents\lucky123.txt 2016-09-30 23:27 - 2016-09-30 23:27 - 374638568 _____ C:\Users\Sora\Documents\lucky123.reg 2016-09-30 22:52 - 2016-09-30 22:52 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Xiaomi 2016-09-30 22:46 - 2016-09-30 22:46 - 00002002 _____ C:\Users\Sora\Desktop\JRT.txt 2016-09-30 22:43 - 2016-09-30 23:31 - 00000000 ____D C:\AdwCleaner 2016-09-30 22:43 - 2016-09-30 22:43 - 01615456 _____ (Malwarebytes) C:\Users\Sora\Downloads\JRT.exe 2016-09-30 22:42 - 2016-09-30 22:42 - 03861056 _____ C:\Users\Sora\Downloads\AdwCleaner.exe 2016-09-30 22:35 - 2016-09-30 22:35 - 00001387 _____ C:\Users\Sora\Documents\trojan1.txt 2016-09-30 22:24 - 2016-10-01 23:26 - 00043860 _____ C:\Users\Sora\Downloads\Addition.txt 2016-09-30 22:23 - 2016-10-02 00:12 - 00031720 _____ C:\Users\Sora\Downloads\FRST.txt 2016-09-30 22:23 - 2016-10-02 00:12 - 00000000 ____D C:\FRST 2016-09-30 22:23 - 2016-10-01 23:21 - 02404352 _____ (Farbar) C:\Users\Sora\Downloads\FRST64.exe 2016-09-30 22:17 - 2016-10-01 23:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-09-30 22:17 - 2016-09-30 22:17 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-30 22:17 - 2016-09-30 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-30 22:17 - 2016-09-30 22:17 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-09-30 22:17 - 2016-09-30 22:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-30 22:17 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-09-30 22:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-09-30 22:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-09-30 22:12 - 2016-09-30 22:12 - 00566128 _____ (Malwarebytes) C:\Users\Sora\Downloads\mbam-clean-2.3.0.1001.exe 2016-09-30 22:09 - 2016-09-30 22:09 - 01453048 _____ (RaMMicHaeL) C:\Users\Sora\Downloads\unchecky_setup.exe 2016-09-30 22:01 - 2016-09-30 22:02 - 22851472 _____ (Malwarebytes ) C:\Users\Sora\Downloads\mbam-setup-2.2.1.1043.exe 2016-09-30 21:04 - 2016-09-30 21:04 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys 2016-09-30 21:03 - 2016-09-30 21:03 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Sora\Downloads\SpyHunter-Installer.exe 2016-09-30 20:58 - 2016-09-30 21:00 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2016-09-30 20:58 - 2016-09-30 20:58 - 00001095 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk 2016-09-30 20:58 - 2016-09-30 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2016-09-30 20:58 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2016-09-30 20:53 - 2016-09-30 20:53 - 00002259 _____ C:\Windows\epplauncher.mif 2016-09-30 20:52 - 2016-09-30 20:53 - 14324408 _____ (Microsoft Corporation) C:\Users\Sora\Downloads\MSEInstall (1).exe 2016-09-30 20:51 - 2016-09-30 20:51 - 11640664 _____ (Microsoft Corporation) C:\Users\Sora\Downloads\MSEInstall.exe 2016-09-30 20:22 - 2016-09-30 20:24 - 04291320 _____ (BrightFort LLC ) C:\Users\Sora\Downloads\spywareblastersetup55.exe 2016-09-30 20:17 - 2016-09-22 23:33 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160930-201701.backup 2016-09-30 20:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe 2016-09-30 20:04 - 2016-09-30 22:36 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-09-30 20:04 - 2016-09-30 20:04 - 00001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-09-30 20:04 - 2016-09-30 20:04 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2016-09-30 20:04 - 2016-09-30 20:04 - 00000656 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job 2016-09-30 20:04 - 2016-09-30 20:04 - 00000628 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2016-09-30 20:04 - 2016-09-30 20:04 - 00000458 _____ C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job 2016-09-30 20:04 - 2016-09-30 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-09-30 20:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2016-09-30 20:03 - 2016-09-30 20:10 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-09-30 20:02 - 2016-09-30 20:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Sora\Downloads\spybot-2.4.exe 2016-09-30 20:02 - 2016-09-30 20:02 - 10921409 _____ C:\Users\Sora\Downloads\audacity-win-2.1.2.zip 2016-09-30 19:52 - 2016-09-30 19:52 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sora\Downloads\HijackThis.exe 2016-09-30 19:46 - 2016-09-30 19:46 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Sora\Downloads\esetonlinescanner_enu (1).exe 2016-09-30 18:27 - 2016-09-30 18:27 - 00000000 ____D C:\Users\Sora\AppData\Local\ESET 2016-09-30 18:26 - 2016-09-30 18:27 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Sora\Downloads\esetonlinescanner_enu.exe 2016-09-30 17:58 - 2016-09-30 17:58 - 00013400 _____ C:\Users\Sora\Downloads\virtonomics_magic_number.txt 2016-09-30 12:56 - 2016-09-30 13:02 - 00453262 _____ C:\Windows\Dark Cases The Blood Ruby CE Uninstall Log.txt 2016-09-30 12:22 - 2016-09-30 12:45 - 00000080 _____ C:\Users\Public\Desktop\Root_«Aé.lnk 2016-09-30 11:59 - 2016-09-30 12:43 - 00000000 ____D C:\ProgramData\UvConverter 2016-09-30 01:58 - 2016-09-30 01:58 - 00013403 _____ C:\Users\Sora\Downloads\magnicnumber.user.js 2016-09-30 01:38 - 2016-09-30 01:38 - 00013403 _____ C:\Users\Sora\Documents\magnicnumber.user.js 2016-09-29 18:04 - 2016-09-30 11:49 - 00000011 _____ C:\Users\Public\Documents\temp.dat 2016-09-28 15:37 - 2016-09-30 22:49 - 00000000 ____D C:\Windows\system32\log 2016-09-26 23:21 - 2016-09-30 12:45 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Light.lnk 2016-09-26 23:21 - 2016-09-26 23:21 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Light 2016-09-26 23:21 - 2016-09-26 23:21 - 00000000 ____D C:\Users\Sora\AppData\Local\Light 2016-09-26 23:21 - 2016-09-26 23:21 - 00000000 ____D C:\Program Files\Light 2016-09-26 23:17 - 2016-09-26 23:17 - 00000000 ____D C:\Users\Sora\AppData\Local\fontconfig 2016-09-26 23:15 - 2016-09-26 23:20 - 00000000 ____D C:\Users\Sora\AppData\Local\midori 2016-09-26 23:15 - 2016-09-26 23:18 - 00000000 ____D C:\Users\Sora\AppData\Local\webkit 2016-09-26 23:15 - 2016-09-26 23:16 - 00000000 ____D C:\Users\Sora\.dbus-keyrings 2016-09-26 23:13 - 2016-09-26 23:14 - 39535258 _____ C:\Users\Sora\Downloads\midori_0.5.11_32_.exe 2016-09-26 23:06 - 2016-09-26 23:13 - 23878285 _____ (Light) C:\Users\Sora\Downloads\light-47.0.en-US.win64.installer.exe 2016-09-26 22:37 - 2016-09-26 22:37 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Mozilla 2016-09-26 22:36 - 2016-09-30 12:45 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk 2016-09-26 22:36 - 2016-09-30 12:45 - 00000935 _____ C:\Users\Public\Desktop\Pale Moon.lnk 2016-09-26 22:36 - 2016-09-26 22:36 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Moonchild Productions 2016-09-26 22:36 - 2016-09-26 22:36 - 00000000 ____D C:\Users\Sora\AppData\Local\Moonchild Productions 2016-09-26 22:35 - 2016-09-26 22:35 - 24888984 _____ (Moonchild Productions) C:\Users\Sora\Downloads\palemoon-26.4.1.win64.installer.exe 2016-09-26 22:33 - 2016-09-26 22:34 - 00800024 _____ C:\Users\Sora\Downloads\palemoon-websetup.exe 2016-09-26 19:07 - 2016-09-30 23:04 - 00007859 _____ C:\Users\Sora\AppData\Roaming\pcouffin.cat 2016-09-26 19:07 - 2016-09-30 23:04 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Vso 2016-09-26 19:07 - 2016-09-26 19:07 - 00082816 _____ (VSO Software) C:\Windows\system32\Drivers\pcouffin.sys 2016-09-26 19:07 - 2016-09-26 19:07 - 00000000 ____D C:\Users\Sora\Documents\PcSetup 2016-09-26 19:06 - 2016-09-30 23:04 - 00000000 ____D C:\Program Files (x86)\CloneDVD 7 Ultimate 2016-09-26 19:06 - 2016-09-26 19:08 - 00000000 ____D C:\Windows\SysWOW64\sysdir 2016-09-26 18:44 - 2016-09-26 18:58 - 51464254 _____ (CloneDVD Studio ) C:\Users\Sora\Downloads\CloneDVDSetup.exe 2016-09-26 18:42 - 2016-09-26 18:42 - 00000085 ___SH C:\ProgramData\.zreglib 2016-09-26 18:41 - 2016-09-26 18:42 - 00000000 ____D C:\ProgramData\Elaborate Bytes 2016-09-26 18:41 - 2016-09-26 18:41 - 05262920 _____ C:\Users\Sora\Downloads\SetupCloneDVD2933RedFox.exe 2016-09-26 18:41 - 2016-09-26 18:41 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes 2016-09-23 19:15 - 2016-09-23 19:15 - 00002707 _____ C:\Users\Sora\Downloads\1234496 2016-09-23 06:46 - 2016-09-23 06:47 - 00005372 _____ C:\Users\Sora\Downloads\Virtonomics- Product Quality Calculator (1).user.js 2016-09-22 23:57 - 2016-09-29 18:11 - 00000000 ____D C:\ProgramData\corss 2016-09-22 00:40 - 2016-09-22 00:40 - 00005372 _____ C:\Users\Sora\Downloads\Virtonomics- Product Quality Calculator.user.js 2016-09-21 21:46 - 2016-09-21 21:46 - 00029356 _____ C:\Users\Sora\Downloads\83D5.tmp 2016-09-21 21:46 - 2016-09-21 21:46 - 00010601 _____ C:\Users\Sora\Downloads\3841917.htm 2016-09-21 18:26 - 2016-09-30 23:06 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MobiKin 2016-09-21 18:26 - 2016-09-30 23:06 - 00000000 ____D C:\Program Files (x86)\MobiKin 2016-09-20 00:15 - 2016-09-20 00:17 - 11591379 _____ C:\Users\Sora\Downloads\Photos_downloaded_by_AirDroid (1).zip 2016-09-16 02:50 - 2016-09-30 12:45 - 00002569 _____ C:\Users\Public\Desktop\XiaoMiFlash.exe.lnk 2016-09-16 02:50 - 2016-09-16 02:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XiaoMiFlash 2016-09-16 01:57 - 2016-09-30 12:45 - 00002096 _____ C:\Users\Sora\AppData\Roaming\Microsoft\Windows\Start Menu\MiFlash.lnk 2016-09-16 01:56 - 2015-10-28 15:11 - 00116736 _____ (XiaoMi Corporation) C:\Windows\SysWOW64\qcCoInstaller.dll 2016-09-16 00:39 - 2016-09-16 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack 2016-09-15 17:11 - 2016-09-15 17:11 - 00000000 ____D C:\Users\Sora\Desktop\[DEVICE TEAM] Flash (Unbrick) Redmi Note 3(SD) with Locked Bootloader - All ROMS - Redmi Note 3 - Xiaomi MIUI Official Forum_files 2016-09-15 17:10 - 2016-09-15 17:11 - 00960251 _____ C:\Users\Sora\Desktop\[DEVICE TEAM] Flash (Unbrick) Redmi Note 3(SD) with Locked Bootloader - All ROMS - Redmi Note 3 - Xiaomi MIUI Official Forum.html 2016-09-15 16:06 - 2016-09-15 16:06 - 00000000 ____D C:\Users\Sora\Documents\My FTPRush Downloads 2016-09-15 15:49 - 2016-09-15 15:58 - 00000000 ____D C:\Users\Sora\AppData\Roaming\FileZilla 2016-09-14 19:53 - 2016-09-14 20:00 - 1163947362 _____ C:\Users\Sora\Downloads\libra%5Fimages%5F6.1.7%5F20151221.0000.11%5F5.1%5Fcn%5Fb09dac70a0.tgz 2016-09-14 18:08 - 2016-09-14 18:08 - 04997896 _____ C:\Users\Sora\Downloads\UPDATE-SuperSU-v2.78-20160905010000.zip.tmmb0pl.partial 2016-09-14 17:27 - 2016-09-14 17:27 - 00000000 ____D C:\Users\Sora\AppData\Roaming\KingRoot 2016-09-14 17:22 - 2016-09-14 17:23 - 10090451 _____ C:\Users\Sora\Downloads\NewKingrootV4.9.6_C151_B309_en_release_2016_09_12_247573.apk 2016-09-14 02:43 - 2016-09-14 02:43 - 00571822 _____ C:\Users\Sora\Desktop\[DEVICE TEAM] TWRP and ROOT_Temp Bootloader Unlock_Redmi Note 3 SD - Brick Free - Redmi Note 3 - Xiaomi MIUI Official Forum.html 2016-09-14 02:43 - 2016-09-14 02:43 - 00427268 _____ C:\Users\Sora\Downloads\thread-280771-1-1.html 2016-09-14 02:43 - 2016-09-14 02:43 - 00000000 ____D C:\Users\Sora\Desktop\[DEVICE TEAM] TWRP and ROOT_Temp Bootloader Unlock_Redmi Note 3 SD - Brick Free - Redmi Note 3 - Xiaomi MIUI Official Forum_files 2016-09-14 02:38 - 2016-09-14 02:38 - 00575388 _____ C:\Users\Sora\Downloads\safe_emmc_appsboot.mbn 2016-09-14 01:16 - 2016-09-14 01:16 - 00000000 ____D C:\Users\Sora\AppData\Roaming\ADBDriverInstaller 2016-09-14 01:07 - 2016-09-14 01:08 - 00000000 ____D C:\Users\Sora\Desktop\rmn3 2016-09-14 00:58 - 2016-09-30 12:45 - 00001364 _____ C:\Users\Sora\Desktop\MiPCSuite.lnk 2016-09-14 00:58 - 2016-09-14 01:04 - 00000000 ____D C:\Users\Sora\AppData\Local\MiPhoneManager 2016-09-14 00:58 - 2016-09-14 00:58 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xiaomi 2016-09-12 15:12 - 2016-09-12 15:12 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Shuame 2016-09-12 15:02 - 2016-09-22 23:04 - 00450000 _____ C:\Windows\system32\prfh0804.dat 2016-09-12 15:02 - 2016-09-22 23:04 - 00140290 _____ C:\Windows\system32\prfc0804.dat 2016-09-12 15:02 - 2016-09-12 15:00 - 00113084 _____ C:\Windows\system32\prfi0804.dat 2016-09-12 15:02 - 2016-09-12 15:00 - 00033362 _____ C:\Windows\system32\prfd0804.dat 2016-09-12 15:01 - 2016-09-12 15:01 - 00000000 ____D C:\Windows\SysWOW64\zh-HANS 2016-09-12 15:01 - 2016-09-12 15:01 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer 2016-09-12 15:00 - 2016-09-12 15:00 - 00000000 ____D C:\Windows\system32\zh-HANS 2016-09-12 14:55 - 2016-09-12 15:12 - 00000000 ____D C:\Users\Sora\Documents\MEGAsync Downloads 2016-09-12 14:54 - 2016-09-22 23:03 - 00000000 ____D C:\Users\Sora\AppData\Local\MEGAsync 2016-09-12 14:54 - 2016-09-12 14:54 - 00000000 ____D C:\Users\Sora\AppData\Local\Mega Limited 2016-09-12 03:03 - 2016-09-12 03:03 - 15657985 _____ C:\Users\Sora\Downloads\Root Redmi Note 3-1.zip 2016-09-12 02:54 - 2016-09-12 02:54 - 00964401 _____ C:\Users\Sora\Downloads\UniversalAndroot-1.6.2-beta5.apk 2016-09-12 01:24 - 2011-08-26 16:49 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2016-09-12 01:24 - 2011-08-26 16:48 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll 2016-09-12 01:23 - 2016-09-30 22:37 - 00040924 __RSH C:\ProgramData\ntuser.pol 2016-09-12 01:23 - 2016-09-30 13:41 - 00000180 _____ C:\Users\Sora\AppData\Local\uts.ini 2016-09-12 01:23 - 2016-09-29 14:23 - 00000000 ____D C:\ProgramData\{9B555E36-1117-D4F0-97D1-4AB20D93C17C} 2016-09-12 01:23 - 2016-09-14 08:26 - 00000000 ____D C:\Users\Sora\.android 2016-09-12 01:23 - 2016-09-12 01:23 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Kingosoft 2016-09-12 01:23 - 2016-09-12 01:23 - 00000000 ____D C:\Users\Sora\AppData\Roaming\{F24AC4F1-D718-A987-BC2E-8E5560FC736B} 2016-09-12 01:23 - 2016-09-12 01:23 - 00000000 ____D C:\Users\Sora\AppData\Local\uts 2016-09-12 01:23 - 2016-09-12 01:23 - 00000000 ____D C:\Users\Sora\AppData\Local\Kingosoft 2016-09-12 01:22 - 2016-09-30 13:39 - 00000000 ____D C:\Program Files (x86)\Kingo ROOT 2016-09-12 01:22 - 2016-09-12 01:22 - 00000000 ____D C:\ProgramData\cosun 2016-09-11 23:52 - 2016-09-11 23:52 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2016-09-11 22:20 - 2016-09-12 02:58 - 2045304478 _____ C:\Users\Sora\Downloads\Files_airmore (2).zip 2016-09-11 21:42 - 2016-09-11 21:51 - 55949630 _____ C:\Users\Sora\Downloads\Files_airmore (1).zip 2016-09-11 21:40 - 2016-09-11 21:41 - 00000000 _____ C:\Users\Sora\Downloads\192_168_1_2.htm 2016-09-11 21:20 - 2016-09-11 21:33 - 74832489 _____ C:\Users\Sora\Downloads\Files_airmore.zip 2016-09-11 20:24 - 2016-09-11 20:24 - 00000000 _____ C:\Users\Sora\Downloads\Camera 2016-09-10 22:04 - 2016-09-30 12:45 - 00001312 _____ C:\Users\Public\Desktop\More Great Games.lnk 2016-09-10 17:47 - 2016-09-10 17:47 - 00000000 ____D C:\Users\Sora\Documents\Dark Realm - Lord of the Winds CE 2016-09-10 11:56 - 2016-09-10 11:56 - 00000000 ____D C:\Users\Sora\Downloads\COMPARATIVA-CAMERA-APP 2016-09-10 11:55 - 2016-09-10 11:55 - 47262094 _____ C:\Users\Sora\Downloads\COMPARATIVA-CAMERA-APP.rar 2016-09-07 21:27 - 2016-09-07 21:27 - 00019059 _____ C:\Users\Sora\Downloads\ia6w3l14xd8l.html 2016-09-06 21:59 - 2016-09-30 12:45 - 00001178 _____ C:\Users\Sora\Desktop\Potplayer.lnk 2016-09-06 21:59 - 2016-09-06 21:59 - 00000000 ____D C:\Users\Sora\AppData\Roaming\PotPlayerMini 2016-09-06 21:59 - 2016-09-06 21:59 - 00000000 ____D C:\Program Files (x86)\DAUM 2016-09-06 21:57 - 2016-09-06 21:58 - 20317832 _____ (Kakao) C:\Users\Sora\Downloads\PotPlayerSetup.exe 2016-09-06 17:37 - 2016-09-06 17:37 - 00353988 _____ C:\Users\Sora\Downloads\_b62ac4dc438704da4c3f527dc0721874_Nelson-Dellis.pdf 2016-09-05 21:19 - 2016-09-30 12:45 - 00002437 _____ C:\Users\Sora\Desktop\Dark Realm 3 - Lord of the Winds Collector's Edition.lnk 2016-09-05 21:19 - 2016-09-05 21:19 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Realm 3 - Lord of the Winds Collector's Edition 2016-09-05 21:19 - 2016-09-05 21:19 - 00000000 ____D C:\Program Files (x86)\Dark Realm 3 - Lord of the Winds Collector's Edition 2016-09-04 22:33 - 2016-09-04 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TypeFaster 2016-09-04 22:32 - 2016-09-04 22:32 - 01936008 _____ C:\Users\Sora\Downloads\TypeFaster-v0.4.2-install.exe 2016-09-04 22:27 - 2016-09-04 22:28 - 11114676 _____ C:\Users\Sora\Downloads\PortableKeyboardLayout_DreymaR.zip 2016-09-03 22:12 - 2016-09-03 07:26 - 403363438 _____ C:\Users\Sora\Downloads\Dark Realm 3 - Lord of the Winds Collector's Edition.exe 2016-09-03 22:01 - 2016-09-21 18:15 - 00000000 ____D C:\Users\Sora\Downloads\Compressed 2016-09-03 22:00 - 2016-09-22 23:33 - 00000000 ____D C:\Users\Sora\AppData\Roaming\DownloadNinja 2016-09-03 21:58 - 2016-09-03 21:58 - 04216840 _____ (Microsoft Corporation) C:\Users\Sora\Downloads\vcredist_x86.exe 2016-09-03 21:54 - 2016-09-03 21:57 - 16290768 _____ (Ninja Download Manager ) C:\Users\Sora\Downloads\ninja.download.manager_build33.exe 2016-09-03 21:20 - 2016-09-03 21:58 - 403363604 _____ C:\Users\Sora\Downloads\[Cboxera.com]__Dark Realm 3 - Lord of the Winds Collectors Edition.rar 2016-09-02 16:08 - 2016-09-03 00:23 - 00000000 ____D C:\Users\Sora\Desktop\money 2016-09-02 01:02 - 2016-09-02 01:02 - 00000000 _____ C:\Users\Sora\Documents\AutoHotkey.ahk 2016-09-02 00:59 - 2016-09-02 01:00 - 03094887 _____ C:\Users\Sora\Downloads\AutoHotkey112401_Install.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-10-02 00:14 - 2016-06-03 05:45 - 00000000 ____D C:\Users\Sora\AppData\Roaming\tixati 2016-10-01 23:52 - 2016-08-27 01:17 - 00000000 ____D C:\Windows\Dark Cases The Blood Ruby CE 2016-10-01 23:52 - 2016-05-31 19:21 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-10-01 23:31 - 2016-06-23 18:07 - 00000000 ____D C:\Users\Sora\AppData\Local\CrashDumps 2016-10-01 23:20 - 2016-06-03 06:15 - 00000916 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-10-01 21:19 - 2016-06-03 06:10 - 00000000 ___RD C:\Users\Sora\Google Drive 2016-10-01 16:37 - 2016-05-31 19:20 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-10-01 15:20 - 2016-06-03 06:15 - 00000912 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-10-01 13:33 - 2016-05-31 19:00 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1712944369-4094399640-1560360031-1001 2016-10-01 13:12 - 2016-07-29 16:11 - 00001541 _____ C:\Users\Sora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk 2016-10-01 13:11 - 2016-05-31 18:51 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-10-01 13:11 - 2016-05-31 18:51 - 00000000 __SHD C:\Users\Sora\IntelGraphicsProfiles 2016-10-01 13:09 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-10-01 11:26 - 2016-06-03 06:15 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-10-01 05:25 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf 2016-10-01 05:24 - 2016-06-02 22:39 - 00127896 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys 2016-10-01 05:23 - 2016-06-20 23:41 - 00050008 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys 2016-10-01 05:22 - 2016-06-20 17:54 - 00435032 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-10-01 05:21 - 2016-05-31 19:21 - 00000000 ____D C:\Program Files\Common Files\AV 2016-10-01 05:13 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2016-10-01 05:12 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\ELAMBKUP 2016-10-01 04:48 - 2016-05-31 18:43 - 00000000 ____D C:\ProgramData\Package Cache 2016-10-01 03:09 - 2016-07-23 00:49 - 00000000 ____D C:\ProgramData\Foxit Software 2016-10-01 03:09 - 2016-05-31 19:19 - 00000000 ____D C:\ProgramData\AVAST Software 2016-09-30 23:04 - 2016-07-24 20:05 - 01256782 _____ C:\Windows\ntbtlog.txt 2016-09-30 22:36 - 2016-07-24 22:17 - 00000000 ____D C:\Windows\PCHEALTH 2016-09-30 22:07 - 2016-06-01 13:28 - 00000000 ____D C:\ProgramData\TEMP 2016-09-30 20:59 - 2016-06-18 04:51 - 00000000 ____D C:\ProgramData\Licenses 2016-09-30 19:44 - 2016-06-12 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-09-30 19:43 - 2016-08-18 16:32 - 00000000 ____D C:\Users\Sora\AppData\Local\Chromium 2016-09-30 19:32 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2016-09-30 13:41 - 2014-11-21 15:18 - 00000000 ____D C:\Windows\ShellNew 2016-09-30 12:45 - 2016-08-29 19:06 - 00002428 _____ C:\Users\Sora\Desktop\The Curio Society 2 - New Order Collector's Edition.lnk 2016-09-30 12:45 - 2016-08-25 21:40 - 00002419 _____ C:\Users\Sora\Desktop\Grim Tales 11 - Crimson Hollow Collector's Edition.lnk 2016-09-30 12:45 - 2016-08-23 17:36 - 00002474 _____ C:\Users\Sora\Desktop\Ominous Objects 4 - Lumina Camera Collector's Edition.lnk 2016-09-30 12:45 - 2016-08-21 03:07 - 00001943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk 2016-09-30 12:45 - 2016-08-21 03:07 - 00001248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk 2016-09-30 12:45 - 2016-08-21 03:07 - 00000969 _____ C:\Users\Public\Desktop\Games.lnk 2016-09-30 12:45 - 2016-08-20 16:08 - 00002449 _____ C:\Users\Sora\Desktop\Shadowplay - Darkness Incarnate Collector's Edition.lnk 2016-09-30 12:45 - 2016-08-19 13:03 - 00001080 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk 2016-09-30 12:45 - 2016-08-15 01:28 - 00002540 _____ C:\Users\Sora\Desktop\Reflections of Life 4 - Call of the Ancestors Collector's Edition.lnk 2016-09-30 12:45 - 2016-08-02 12:53 - 00001129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk 2016-09-30 12:45 - 2016-08-02 12:53 - 00001041 _____ C:\Users\Public\Desktop\foobar2000.lnk 2016-09-30 12:45 - 2016-07-28 22:08 - 00002554 _____ C:\Users\Sora\Desktop\Mystery Trackers 11- Train to Hellswich Collectors Edition.lnk 2016-09-30 12:45 - 2016-07-23 00:49 - 00001059 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2016-09-30 12:45 - 2016-07-21 21:53 - 00001029 _____ C:\Users\Public\Desktop\Notepad++.lnk 2016-09-30 12:45 - 2016-07-19 10:49 - 00001047 _____ C:\Users\Sora\Desktop\WinDirStat.lnk 2016-09-30 12:45 - 2016-07-18 08:35 - 00002805 _____ C:\Users\Sora\Desktop\PowerPoint 2013.lnk 2016-09-30 12:45 - 2016-07-12 14:11 - 00001151 _____ C:\Users\Sora\Desktop\Media Player Classic Home Cinema (64bit).lnk 2016-09-30 12:45 - 2016-07-07 10:51 - 00001473 _____ C:\Users\Sora\Desktop\Windows Media Player (2).lnk 2016-09-30 12:45 - 2016-07-07 10:50 - 00002787 _____ C:\Users\Sora\Desktop\Excel 2013.lnk 2016-09-30 12:45 - 2016-07-03 13:02 - 00002835 _____ C:\Users\Sora\Desktop\Word 2013.lnk 2016-09-30 12:45 - 2016-06-13 20:10 - 00000872 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-09-30 12:45 - 2016-06-03 13:55 - 00000723 _____ C:\Users\Sora\Desktop\Tixati downloads - Shortcut.lnk 2016-09-30 12:45 - 2016-06-03 06:21 - 00001246 _____ C:\Users\Sora\Desktop\Dropbox.lnk 2016-09-30 12:45 - 2016-06-03 06:10 - 00001694 _____ C:\Users\Sora\Desktop\Google Drive.lnk 2016-09-30 12:45 - 2016-06-03 05:45 - 00000840 _____ C:\Users\Sora\Desktop\Tixati.lnk 2016-09-30 12:45 - 2016-06-02 15:11 - 00000973 _____ C:\Users\Public\Desktop\Steam.lnk 2016-09-30 12:45 - 2016-05-31 21:31 - 00001014 _____ C:\Users\Sora\Desktop\IrfanView.lnk 2016-09-30 12:45 - 2016-05-31 19:21 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-30 12:45 - 2016-05-31 18:52 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk 2016-09-30 12:45 - 2016-05-31 18:39 - 00001422 _____ C:\Users\Sora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-09-30 12:45 - 2016-05-31 18:39 - 00000445 _____ C:\Users\Sora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk 2016-09-30 12:45 - 2016-05-31 18:39 - 00000443 _____ C:\Users\Sora\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk 2016-09-29 18:13 - 2016-05-31 19:20 - 00000000 ____D C:\Program Files (x86)\Google 2016-09-26 23:15 - 2016-05-31 18:39 - 00000000 ____D C:\Users\Sora 2016-09-22 23:36 - 2016-05-31 19:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-09-22 23:36 - 2016-05-31 19:02 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-09-22 23:36 - 2016-05-31 18:59 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-09-22 23:35 - 2016-08-27 01:43 - 00000000 ____D C:\Users\Sora\AppData\Local\NVIDIA 2016-09-22 23:35 - 2016-06-23 17:35 - 00000000 ____D C:\Users\Sora\AppData\Local\NVIDIA Corporation 2016-09-22 23:32 - 2016-06-02 15:11 - 00000000 ____D C:\Program Files (x86)\Steam 2016-09-22 23:04 - 2014-11-21 15:38 - 01438230 _____ C:\Windows\system32\PerfStringBackup.INI 2016-09-13 23:09 - 2016-06-01 13:27 - 00000000 ____D C:\BigFishCache 2016-09-13 22:02 - 2016-06-03 09:31 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Elephant Games 2016-09-13 21:34 - 2016-06-03 06:20 - 00000000 ___RD C:\Users\Sora\Dropbox 2016-09-13 06:40 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache 2016-09-12 15:02 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp 2016-09-12 15:01 - 2014-11-21 15:18 - 00000000 ____D C:\Program Files\Windows Journal 2016-09-12 15:01 - 2014-11-21 14:54 - 00000000 ____D C:\Windows\SysWOW64\winrm 2016-09-12 15:01 - 2014-11-21 14:54 - 00000000 ____D C:\Windows\SysWOW64\WCN 2016-09-12 15:01 - 2014-11-21 14:54 - 00000000 ____D C:\Windows\SysWOW64\slmgr 2016-09-12 15:01 - 2014-11-21 14:54 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts 2016-09-12 15:01 - 2014-11-21 14:54 - 00000000 ____D C:\Windows\system32\winrm 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\WinStore 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\MUI 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\Com 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\migwiz 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\IME 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Windows Defender 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files\Common Files\System 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-09-12 15:01 - 2013-08-22 23:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-09-12 15:01 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\oobe 2016-09-12 15:01 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-09-12 15:01 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\servicing 2016-09-12 15:00 - 2014-11-21 14:54 - 00000000 ____D C:\Windows\system32\WCN 2016-09-12 15:00 - 2014-11-21 14:54 - 00000000 ____D C:\Windows\system32\slmgr 2016-09-12 15:00 - 2014-11-21 14:54 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts 2016-09-12 15:00 - 2013-08-22 23:36 - 00000000 ___SD C:\Windows\system32\dsc 2016-09-12 15:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform 2016-09-12 15:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\MUI 2016-09-12 15:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\Com 2016-09-12 15:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\Help 2016-09-12 15:00 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\FileManager 2016-09-12 15:00 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Sysprep 2016-09-12 15:00 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\oobe 2016-09-12 15:00 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\system32\Dism 2016-09-12 01:23 - 2013-08-22 23:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-09-12 01:23 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2016-09-06 21:59 - 2016-07-09 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum 2016-09-05 21:26 - 2016-06-14 13:35 - 00000000 ____D C:\Users\Sora\AppData\Roaming\Mad Head Games 2016-09-05 21:14 - 2016-06-21 22:18 - 00000000 ____D C:\Users\Sora\DfDownloads ==================== Files in the root of some directories ======= 2016-09-26 19:07 - 2016-09-30 23:04 - 0007859 _____ () C:\Users\Sora\AppData\Roaming\pcouffin.cat 2016-09-26 19:07 - 2016-09-30 23:04 - 0001167 _____ () C:\Users\Sora\AppData\Roaming\pcouffin.inf 2016-09-26 19:07 - 2016-09-30 23:04 - 0000033 _____ () C:\Users\Sora\AppData\Roaming\pcouffin.log 2016-06-23 17:55 - 2016-06-23 17:55 - 0000058 _____ () C:\Users\Sora\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat 2016-09-12 01:23 - 2016-09-30 13:41 - 0000180 _____ () C:\Users\Sora\AppData\Local\uts.ini 2016-09-26 18:42 - 2016-09-26 18:42 - 0000085 ___SH () C:\ProgramData\.zreglib 2016-05-31 19:33 - 2016-05-31 19:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Sora\AppData\Local\Temp\avgnt.exe C:\Users\Sora\AppData\Local\Temp\cabex.dll C:\Users\Sora\AppData\Local\Temp\DAPREMOVE.EXE C:\Users\Sora\AppData\Local\Temp\libeay32.dll C:\Users\Sora\AppData\Local\Temp\msvcr120.dll C:\Users\Sora\AppData\Local\Temp\nvStInst.exe C:\Users\Sora\AppData\Local\Temp\rtop_setup.exe C:\Users\Sora\AppData\Local\Temp\RunWizards.exe C:\Users\Sora\AppData\Local\Temp\SetupUtils6.dll C:\Users\Sora\AppData\Local\Temp\sqlite3.dll C:\Users\Sora\AppData\Local\Temp\sz4cnxsc.dll C:\Users\Sora\AppData\Local\Temp\Uninstall.exe C:\Users\Sora\AppData\Local\Temp\vcredist_x86.exe C:\Users\Sora\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-25 12:50 ==================== End of FRST.txt ============================