Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Chrome_Elf Dll Is Missing Error


  • Please log in to reply

#1
InfinityFalse

InfinityFalse

    Member

  • Member
  • PipPip
  • 64 posts

Hello.

 

I'm new to this whole forum thing, and I would like to have some assistance with solving this problem of mine.

 

Currently, I'm running Google Chrome, and after some files I've downloaded in earlier point of time, it turned out to be virus and malware, after I've cleared it away with my Malwarebytes anti-virus program, I've attempted to start Google Chrome, it has said that Chrome_Elf Dll is missing, I've tried to reinstall this several times, including restarting my laptop too. 

 

Can you help me please?


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 18,779 posts
  • MVP
Let's see what is going on.  The first two just remove common adware.  FRST allows me to see what is running and the File Search will look to see if the file is on your PC anywhere.  It's probably easier to post a log as you get it instead of waiting and trying to collect them all for one giant post.
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
     
    •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
    If not still running: Run FRST (right click and Run As Admin).  Put 
    Chrome_Elf.Dll
    in the Search: box
    and then hit Search Files.  After a few minutes it will create a Search.txt file in the same folder as FRST.  Please copy and paste the text.

    • 0

    #3
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Hello, 

     

    After I've finished with first part ( AdwCleaner ), when I've logged into my laptop and saw a copy of report, at that moment, my Malwarebytes detected a trojan at startup, and it immediately quarantined it, it's saying that it's a trojan proxy agent (evyzuf.dll). anyway, here's a report from Adwcleaner. --> I'm going to get started on junkware removal tool and will post log along with FRST.

     

    # AdwCleaner v6.044 - Logfile created 02/03/2017 at 10:13:34 
    # Updated on 28/02/2017 by Malwarebytes
    # Database : 2017-03-01.1 [Server]
    # Operating System : Windows 7 Home Premium Service Pack 1 (X64)
    # Username : R - R-PC
    # Running from : C:\Users\R\Downloads\AdwCleaner.exe
    # Mode: Clean
     
     
     
    ***** [ Services ] *****
     
     
     
    ***** [ Folders ] *****
     
    [-] Folder deleted: C:\ProgramData\ytd video downloader
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\ytd video downloader
    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
    [-] Folder deleted: C:\Program Files (x86)\GreenTree Applications
    [-] Folder deleted: C:\Users\R\AppData\Local\Geckofx
     
     
    ***** [ Files ] *****
     
    [-] File deleted: C:\Users\Public\Desktop\YTD Video Downloader.lnk
    [-] File deleted: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\invalidprefs.js
     
     
    ***** [ DLL ] *****
     
     
     
    ***** [ WMI ] *****
     
     
     
    ***** [ Shortcuts ] *****
     
     
     
    ***** [ Scheduled Tasks ] *****
     
     
     
    ***** [ Registry ] *****
     
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
    [-] Data restored: HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main [Start Page] 
    [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
    [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] 
    [-] Key deleted: HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
     
     
    ***** [ Web browsers ] *****
     
    [-] Firefox preferences cleaned: "browser.search.defaultenginename" -  "Yahoo! Powered"
    [-] Firefox preferences cleaned: "browser.search.selectedEngine" -  "Yahoo! Powered"
    [-] [C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
     
     
    *************************
     
    :: "Tracing" keys deleted
    :: Winsock settings cleared
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[C0].txt - [2608 Bytes] - [02/03/2017 10:13:34]
    C:\AdwCleaner\AdwCleaner[S0].txt - [2965 Bytes] - [02/03/2017 10:12:15]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2754 Bytes] ##########

    • 0

    #4
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Here is a log from JRT - 

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.1 (02.11.2017)
    Operating System: Windows 7 Home Premium x64 
    Ran by R (Administrator) on 02/03/2017 at 10:27:31.97
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 79 
     
    Successfully deleted: C:\ProgramData\mntemp (File) 
    Successfully deleted: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\extensions\trash (Folder) 
    Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-1351455686-1081943194-175279126-1000 (Task)
    Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)
    Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-1351455686-1081943194-175279126-1000.job (Task) 
    Successfully deleted: C:\Windows\Tasks\update-sys.job (Task) 
    Successfully deleted: C:\Windows\wininit.ini (File) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IB4W3TM (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TNW7T27 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\454SKZII (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DRXREM1 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4M7WOJQC (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OHA19LZ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SAIK8YQ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55JVL2NB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WQ096XX (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\691K1576 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RJV0WNM (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8KA571US (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98S6GYB6 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BGAE88D (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D52QS9Q0 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E82KIKVS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F38V3FXY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGU22J1R (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDH0QOID (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HR715ASU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IOXV6D2W (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI5CMXXN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZZK974W (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0BAY4T0 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PAUJNNY5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFXYHQMY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIBQSV2K (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QI4PSJVG (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP4K2LR4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMI9VZDU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T793MFGQ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN26OJPL (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1NFCK9Y (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG4X2OV5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Users\R\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZO1264BA (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IB4W3TM (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TNW7T27 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\454SKZII (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DRXREM1 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4M7WOJQC (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OHA19LZ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4SAIK8YQ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55JVL2NB (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5WQ096XX (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\691K1576 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6RJV0WNM (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8KA571US (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98S6GYB6 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BGAE88D (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D52QS9Q0 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E82KIKVS (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F38V3FXY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GGU22J1R (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDH0QOID (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HR715ASU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IOXV6D2W (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI5CMXXN (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OZZK974W (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P0BAY4T0 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PAUJNNY5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFXYHQMY (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIBQSV2K (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QI4PSJVG (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP4K2LR4 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMI9VZDU (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T793MFGQ (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UN26OJPL (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1NFCK9Y (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG4X2OV5 (Temporary Internet Files Folder) 
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZO1264BA (Temporary Internet Files Folder) 
     
     
     
    Registry: 2 
     
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 02/03/2017 at 10:30:36.81
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #5
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    This log is from FRST. 

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
    Ran by R (administrator) on R-PC (02-03-2017 10:34:36)
    Running from C:\Users\R\Downloads
    Loaded Profiles: R (Available Profiles: R)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    (Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Malwarebytes) C:\Users\R\Downloads\JRT.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Farbar) C:\Users\R\Downloads\FRST64 (1).exe
     
    ==================== Registry (Whitelisted) ====================
    0x0D0A28496620616E20656E74727920697320696E636C7564656420696E20746865206669786C6973742C20746865207265676973747279206974656D2077696C6C20626520726573746F72656420746F2064656661756C74206F722072656D6F7665642E205468652066696C652077696C6C206E6F74206265206D6F7665642E290D0A0D0A484B4C4D5C2E2E2E5C52756E3A205B496E74656C544252756E4F6E63655D203D3E20777363726970742E657865202F2F62202F2F6E6F6C6F676F2022433A5C50726F6772616D2046696C65735C496E74656C5C547572626F426F6F73745C52756E54424761646765744F6E63652E766273222020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202028746865206461746120656E74727920686173203635206D6F72652063686172616374657273292E0D0A484B4C4D5C2E2E2E5C52756E3A205B6D776C4461656D6F6E5D203D3E20433A5C50726F6772616D2046696C65732028783836295C45676973546563204D7957696E4C6F636B65725C7838365C6D776C4461656D6F6E2E65786500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202028746865206461746120656E74727920686173203635206D6F72652063686172616374657273292E0D0A484B4C4D5C2E2E2E5C52756E3A205B4C6F67697465636820446F776E6C6F616420417373697374616E745D203D3E20433A5C57696E646F77735C73797374656D33325C72756E646C6C33322E65786520433A5C57696E646F77735C53797374656D33325C4C6F67694C44412E646C6C2C4C6F676946657463680D0A484B4C4D5C2E2E2E5C52756E3A205B4D616C77617265627974657320547261794170705D203D3E20433A5C50524F4752414D2046494C45535C4D414C5741524542595445535C414E54492D4D414C574152455C6D62616D747261792E657865205B3237383031313220323031372D30312D32305D20284D616C776172656279746573290D0A484B4C4D5C2E2E2E5C57696E6C6F676F6E3A205B55736572696E69745D20433A5C57696E646F77735C73797374656D33325C75736572696E69742E6578652C205B333037323020323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D2D7833325C2E2E2E5C57696E6C6F676F6E3A205B55736572696E69745D20433A5C57696E646F77735C737973574F5736345C75736572696E69742E657865205B323636323420323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C57696E6C6F676F6E3A205B5368656C6C5D206578706C6F7265722E657865205B3332323936393620323031362D30382D32395D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D2D7833325C2E2E2E5C57696E6C6F676F6E3A205B5368656C6C5D206578706C6F7265722E657865205B3239373236373220323031362D30382D32395D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C506F6C69636965735C4578706C6F7265723A205B4E6F4163746976654465736B746F705D20310D0A484B4C4D5C2E2E2E5C506F6C69636965735C4578706C6F7265723A205B4E6F4163746976654465736B746F704368616E6765735D20310D0A484B4C4D5C2E2E2E5C506F6C69636965735C4578706C6F7265723A205B466F7263654163746976654465736B746F704F6E5D20300D0A484B555C532D312D352D31395C2E2E2E5C52756E3A205B536964656261725D203D3E20433A5C50726F6772616D2046696C65735C57696E646F777320536964656261725C536964656261722E657865205B3134373535383420323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D31395C2E2E2E5C52756E4F6E63653A205B6D637461646D696E5D203D3E20433A5C57696E646F77735C53797374656D33325C6D637461646D696E2E657865205B393732383020323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D32305C2E2E2E5C52756E3A205B536964656261725D203D3E20433A5C50726F6772616D2046696C65735C57696E646F777320536964656261725C536964656261722E657865205B3134373535383420323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D32305C2E2E2E5C52756E4F6E63653A205B6D637461646D696E5D203D3E20433A5C57696E646F77735C53797374656D33325C6D637461646D696E2E657865205B393732383020323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B576F726C64206F662054616E6B735D203D3E20433A5C47616D65735C576F726C645F6F665F54616E6B735C57617267616D696E6747616D65557064617465722E657865205B3331333537353220323031362D31312D31385D202857617267616D696E672E6E6574290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B576F726C64206F662054616E6B73202831295D203D3E2022433A5C47616D65735C576F726C645F6F665F54616E6B735F43545C57617267616D696E6747616D65557064617465722E657865220D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B43436C65616E6572204D6F6E69746F72696E675D203D3E20433A5C50726F6772616D2046696C65735C43436C65616E65725C43436C65616E657236342E657865205B3932383834303820323031362D31322D30365D202850697269666F726D204C7464290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B537465616D5D203D3E20443A5C537465616D5C737465616D2E657865205B3238383138323420323031372D30312D31385D202856616C766520436F72706F726174696F6E290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B6576797A75665D203D3E2072756E646C6C33322E6578652022433A5C55736572735C525C417070446174615C4C6F63616C5C6576797A75662E646C6C222C6576797A7566203C3D3D3D3D3D20415454454E54494F4E0D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C436F6E74726F6C2050616E656C5C4465736B746F705C5C5343524E534156452E455845202D3E20433A5C57696E646F77735C73797374656D33325C7363726E736176652E736372205B313132363420323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D31385C2E2E2E5C52756E4F6E63653A205B53505265766965775D203D3E20433A5C57696E646F77735C53797374656D33325C53505265766965775C53505265766965772E657865205B33303135363820323031362D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C50726F7669646572735C496E7465726E6574205072696E742050726F76696465723A20433A5C57696E646F77735C73797374656D33325C696E657470702E646C6C205B31363634303020323031362D30362D32355D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C50726F7669646572735C4C616E4D616E205072696E742053657276696365733A20433A5C57696E646F77735C73797374656D33325C77696E333273706C2E646C6C205B37353637333620323031362D30392D30395D20284D6963726F736F667420436F72706F726174696F6E290D0A4C73613A205B41757468656E7469636174696F6E205061636B616765735D206D7376315F300D0A4C73613A205B4E6F74696669636174696F6E205061636B616765735D20736365636C69204567697350776446696C7465722045676973445350776446696C7465720D0A536563757269747950726F7669646572733A20637265647373702E646C6C0D0A53534F444C3A20576562436865636B202D207B45364642354532302D444533352D313143462D394338372D3030414130303531323745447D202D20204E6F2046696C650D0A53534F444C2D7833323A20576562436865636B202D207B45364642354532302D444533352D313143462D394338372D3030414130303531323745447D202D20204E6F2046696C650D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B2041636345787449636F315D202D3E207B41423943463946382D384139362D344639442D424632312D4345383537313443334134377D203D3E20433A5C50726F6772616D2046696C65732028783836295C41646F62655C41646F626520437265617469766520436C6F75645C436F726553796E63457874656E73696F6E5C436F726553796E635F7836342E646C6C205B323031362D31302D32355D2028290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B2041636345787449636F325D202D3E207B38353342374530352D433437442D343938352D393039412D4430444335433644373330337D203D3E20433A5C50726F6772616D2046696C65732028783836295C41646F62655C41646F626520437265617469766520436C6F75645C436F726553796E63457874656E73696F6E5C436F726553796E635F7836342E646C6C205B323031362D31302D32355D2028290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B2041636345787449636F335D202D3E207B34324433384632452D393845392D343338322D423534362D4532344534443644303442427D203D3E20433A5C50726F6772616D2046696C65732028783836295C41646F62655C41646F626520437265617469766520436C6F75645C436F726553796E63457874656E73696F6E5C436F726553796E635F7836342E646C6C205B323031362D31302D32355D2028290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B456E68616E63656453746F726167655368656C6C5D202D3E207B44393134344443442D453939382D344543412D414236412D4443443833434342413136447D203D3E20433A5C57696E646F77735C73797374656D33325C456853746F725368656C6C2E646C6C205B323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B53686172696E67507269766174655D202D3E207B30383234344545362D393246302D343766322D394643392D3932394241413245373233357D203D3E20433A5C57696E646F77735C73797374656D33325C6E7473687275692E646C6C205B323031322D30312D30345D20284D6963726F736F667420436F72706F726174696F6E290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572732D7833323A205B456E68616E63656453746F726167655368656C6C5D202D3E207B44393134344443442D453939382D344543412D414236412D4443443833434342413136447D203D3E20433A5C57696E646F77735C537973574F5736345C456853746F725368656C6C2E646C6C205B323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572732D7833323A205B53686172696E67507269766174655D202D3E207B30383234344545362D393246302D343766322D394643392D3932394241413245373233357D203D3E20433A5C57696E646F77735C537973574F5736345C6E7473687275692E646C6C205B323031322D30312D30345D20284D6963726F736F667420436F72706F726174696F6E290D0A537461727475703A20433A5C55736572735C525C417070446174615C526F616D696E675C4D6963726F736F66745C57696E646F77735C5374617274204D656E755C50726F6772616D735C537461727475705C43757273652E6C6E6B205B323031372D30322D32355D0D0A53686F72746375745461726765743A2043757273652E6C6E6B202D3E20433A5C55736572735C525C417070446174615C526F616D696E675C437572736520436C69656E745C42696E5C43757273652E657865202843757273652C20496E63290D0AGroupPolicy: Restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{394F5267-8939-41D4-BC12-0033DBBC006C}: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{F835098A-5C5B-4E94-872E-A0914277B5D4}: [DhcpNameServer] 192.168.1.254 75.153.171.122
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1351455686-1081943194-175279126-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1351455686-1081943194-175279126-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll [2010-11-05] (Egis Technology Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll [2010-11-05] (Egis Technology Inc.)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
     
    FireFox:
    ========
    FF DefaultProfile: ol1w0beo.default
    FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default [2017-03-02]
    FF NewTab: Mozilla\Firefox\Profiles\ol1w0beo.default -> about:newtab
    FF Keyword.URL: Mozilla\Firefox\Profiles\ol1w0beo.default -> user_pref("keyword.URL", true);
    FF Extension: (Firefox Hotfix) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
    FF Extension: (Adblock Plus) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-12]
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\features\{04e6bdea-11bc-4de6-903d-1ad87024f393}\disableSHA1rollout@mozilla.org.xpi [2017-03-01]
    FF Extension: (TLS 1.3 Compatibility Testing 3) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\features\{04e6bdea-11bc-4de6-903d-1ad87024f393}\tls13-compat-ff51@mozilla.org.xpi [2017-03-01]
    FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
    FF Extension: ( Password Bank Extension ) - C:\Program Files (x86)\Acer Bio Protection\FFExt [2014-07-02] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-23] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-23] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-01] (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @my.com/Games -> C:\Users\R\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @nsroblox.roblox.com/launcher -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\R\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-24] (Unity Technologies ApS)
     
    Chrome: 
    =======
    CHR Profile: C:\Users\R\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
    CHR Extension: (Google Slides) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-01]
    CHR Extension: (Google Docs) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-01]
    CHR Extension: (Google Drive) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-01]
    CHR Extension: (YouTube) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-01]
    CHR Extension: (Adblock Plus) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-01]
    CHR Extension: (Google Sheets) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-01]
    CHR Extension: (Google Docs Offline) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-01]
    CHR Extension: (ROBLOX+) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2017-03-01]
    CHR Extension: (Morpheon Dark) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-03-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-01]
    CHR Extension: (Gmail) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-01]
    CHR Extension: (Chrome Media Router) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-01]
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
    S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
    S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-21] ()
    R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [315248 2010-11-05] (Egis Technology Inc. )
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
    S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
    S3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2010-04-26] (Windows ® Win 7 DDK provider) [File not signed]
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-02] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-02] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-02] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-02] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-02] (Malwarebytes)
    S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation) [File not signed]
    S3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2010-04-26] (Nuvoton Technology Corporation) [File not signed]
    R3 nuvotonir; C:\Windows\System32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
    S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
    R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-05-19] (CyberLink Corp.)
    S0 bradqris; System32\drivers\vbkdf.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-02 10:34 - 2017-03-02 10:35 - 00024495 _____ C:\Users\R\Downloads\FRST.txt
    2017-03-02 10:34 - 2017-03-02 10:34 - 00000000 ____D C:\FRST
    2017-03-02 10:32 - 2017-03-02 10:32 - 02423808 _____ (Farbar) C:\Users\R\Downloads\FRST64 (1).exe
    2017-03-02 10:30 - 2017-03-02 10:30 - 00013061 _____ C:\Users\R\Desktop\JRT.txt
    2017-03-02 10:26 - 2017-03-02 10:26 - 01663736 _____ (Malwarebytes) C:\Users\R\Downloads\JRT.exe
    2017-03-02 10:09 - 2017-03-02 10:13 - 00000000 ____D C:\AdwCleaner
    2017-03-02 10:08 - 2017-03-02 10:08 - 04031440 _____ C:\Users\R\Downloads\AdwCleaner.exe
    2017-03-01 23:53 - 2017-03-01 23:53 - 02423808 _____ (Farbar) C:\Users\R\Downloads\FRST64.exe
    2017-03-01 21:18 - 2017-03-01 21:18 - 02729024 _____ (DLL-Files.com Client ) C:\Users\R\Downloads\clientsetup_fde-0.exe
    2017-03-01 21:17 - 2017-03-01 21:17 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-03-01 21:17 - 2017-03-01 21:17 - 00002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-03-01 21:16 - 2017-03-01 21:16 - 01129376 _____ (Google Inc.) C:\Users\R\Downloads\ChromeSetup(1).exe
    2017-03-01 20:44 - 2017-03-01 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\R\Downloads\OTL.exe
    2017-03-01 20:39 - 2017-03-01 20:39 - 01129376 _____ (Google Inc.) C:\Users\R\Downloads\ChromeSetup.exe
    2017-03-01 20:39 - 2017-03-01 20:39 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-03-01 20:39 - 2017-03-01 20:39 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-03-01 20:15 - 2017-03-02 10:15 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-03-01 20:15 - 2017-03-02 10:15 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-03-01 20:15 - 2017-03-02 10:15 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-03-01 20:14 - 2017-03-02 10:15 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-03-01 20:14 - 2017-03-02 10:15 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-03-01 20:14 - 2017-03-01 20:14 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-03-01 20:14 - 2017-03-01 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-03-01 20:14 - 2017-03-01 20:14 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-03-01 20:14 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-03-01 20:12 - 2017-03-01 20:13 - 57131432 _____ (Malwarebytes ) C:\Users\R\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
    2017-03-01 20:09 - 2017-03-01 20:09 - 00002006 ___RS C:\Users\R\Desktop\RОBLOX Рlаyer.lnk
    2017-03-01 20:09 - 2017-03-01 20:09 - 00001822 ___RS C:\Users\R\Desktop\Wоrld оf Tаnks.lnk
    2017-03-01 20:09 - 2017-03-01 20:09 - 00001429 ___RS C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Exрlоrеr.lnk
    2017-03-01 20:08 - 2017-03-01 20:09 - 01050653 _____ C:\Users\R\Downloads\Ch_028_Yuusha_Isagi_no_Maou_Hanashi.rar
    2017-02-28 03:35 - 2017-02-28 03:36 - 00000000 ____D C:\Users\R\Documents\Old Places
    2017-02-27 23:51 - 2017-02-28 00:15 - 00000000 ____D C:\Users\R\Documents\RobloxPlaces
    2017-02-27 23:47 - 2017-02-27 23:47 - 00000000 ____D C:\Users\R\Documents\RobloxStuff
    2017-02-27 13:47 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2017-02-27 13:47 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2017-02-27 13:14 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2017-02-27 13:14 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2017-02-27 13:14 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2017-02-27 13:14 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2017-02-27 13:14 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2017-02-27 13:14 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2017-02-27 13:14 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2017-02-27 13:14 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2017-02-27 13:14 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2017-02-27 13:14 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2017-02-27 13:14 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2017-02-27 13:14 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2017-02-27 13:14 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2017-02-27 13:14 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2017-02-27 13:14 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2017-02-27 13:14 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2017-02-27 13:14 - 2013-10-01 13:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2017-02-27 13:14 - 2013-10-01 13:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2017-02-27 13:05 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2017-02-27 13:05 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2017-02-27 13:05 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2017-02-27 13:05 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2017-02-27 12:39 - 2016-11-14 16:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-02-27 12:39 - 2016-11-14 15:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-02-27 12:39 - 2016-11-12 12:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-02-27 12:39 - 2016-11-12 12:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-02-27 12:39 - 2016-11-12 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-02-27 12:39 - 2016-11-12 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-02-27 12:39 - 2016-11-12 12:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-02-27 12:39 - 2016-11-12 12:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-02-27 12:39 - 2016-11-12 12:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-02-27 12:39 - 2016-11-12 12:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-02-27 12:39 - 2016-11-12 12:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-02-27 12:39 - 2016-11-12 12:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-02-27 12:39 - 2016-11-12 12:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-02-27 12:39 - 2016-11-12 12:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-02-27 12:39 - 2016-11-12 12:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-02-27 12:39 - 2016-11-12 12:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-02-27 12:39 - 2016-11-12 12:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-02-27 12:39 - 2016-11-12 11:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-02-27 12:39 - 2016-11-12 11:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-02-27 12:39 - 2016-11-12 11:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-02-27 12:39 - 2016-11-12 11:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-02-27 12:39 - 2016-11-12 11:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-02-27 12:39 - 2016-11-12 11:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-02-27 12:39 - 2016-11-12 11:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-02-27 12:39 - 2016-11-12 11:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-02-27 12:39 - 2016-11-12 11:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-02-27 12:39 - 2016-11-12 11:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-02-27 12:39 - 2016-11-12 11:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-02-27 12:39 - 2016-11-12 11:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-02-27 12:39 - 2016-11-12 11:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-02-27 12:39 - 2016-11-12 11:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-02-27 12:39 - 2016-11-12 11:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-02-27 12:39 - 2016-11-12 11:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-02-27 12:39 - 2016-11-12 11:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-02-27 12:39 - 2016-11-12 11:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-02-27 12:39 - 2016-11-12 11:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-02-27 12:39 - 2016-11-12 11:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-02-27 12:39 - 2016-11-12 11:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-02-27 12:39 - 2016-11-12 11:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-02-27 12:39 - 2016-11-12 11:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-02-27 12:39 - 2016-11-12 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-02-27 12:39 - 2016-11-12 10:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-02-27 12:39 - 2016-11-12 10:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-02-27 12:39 - 2016-11-12 10:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-02-27 12:39 - 2016-11-12 10:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-02-27 12:39 - 2016-11-12 10:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-02-27 12:39 - 2016-11-12 10:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-02-27 12:39 - 2016-11-12 10:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-02-27 12:39 - 2016-11-12 10:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-02-27 12:39 - 2016-11-12 10:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-02-27 12:39 - 2016-11-12 10:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-02-27 12:39 - 2016-11-12 10:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-02-27 12:39 - 2016-11-12 10:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-02-27 12:39 - 2016-11-12 10:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-02-27 12:39 - 2016-11-12 10:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-02-27 12:39 - 2016-11-12 10:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-02-27 12:39 - 2016-11-12 10:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-02-27 12:39 - 2016-11-12 10:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-02-27 12:39 - 2016-11-12 10:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-02-27 12:39 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2017-02-27 12:39 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2017-02-27 12:39 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2017-02-27 12:38 - 2017-01-05 11:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-02-27 12:38 - 2017-01-05 11:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-02-27 12:38 - 2017-01-05 11:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-02-27 12:38 - 2017-01-05 10:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-02-27 12:38 - 2017-01-05 10:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-02-27 12:38 - 2017-01-05 10:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-02-27 12:38 - 2017-01-05 10:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-02-27 12:38 - 2017-01-05 10:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-02-27 12:38 - 2017-01-05 10:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-02-27 12:38 - 2017-01-05 10:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-02-27 12:38 - 2017-01-05 10:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-02-27 12:38 - 2016-11-21 11:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2017-02-27 12:38 - 2016-11-20 09:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2017-02-27 12:38 - 2016-11-20 07:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2017-02-27 12:38 - 2016-11-17 09:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2017-02-27 12:38 - 2016-11-12 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-02-27 12:38 - 2016-11-12 11:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-02-27 12:38 - 2016-11-12 11:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-02-27 12:38 - 2016-11-10 09:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2017-02-27 12:38 - 2016-11-10 09:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2017-02-27 12:38 - 2016-11-09 09:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2017-02-27 12:38 - 2016-11-09 09:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-02-27 12:38 - 2016-11-09 09:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2017-02-27 12:38 - 2016-11-09 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2017-02-27 12:38 - 2016-11-06 09:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-02-27 12:38 - 2016-11-06 09:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-02-27 12:38 - 2016-11-06 09:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-02-27 12:38 - 2016-11-02 08:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-02-27 12:38 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-02-27 12:38 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-02-27 12:38 - 2016-11-02 08:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-02-27 12:38 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-02-27 12:38 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-02-27 12:38 - 2016-10-27 08:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-02-27 12:38 - 2016-10-27 08:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-02-27 12:38 - 2016-10-15 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2017-02-27 12:38 - 2016-10-15 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2017-02-27 12:38 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2017-02-27 12:38 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2017-02-27 12:38 - 2016-10-11 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-02-27 12:38 - 2016-10-11 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-02-27 12:38 - 2016-10-11 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-02-27 12:38 - 2016-10-11 08:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
    2017-02-27 12:38 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2017-02-27 12:38 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-02-27 12:38 - 2016-10-11 08:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-02-27 12:38 - 2016-10-11 08:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
    2017-02-27 12:38 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2017-02-27 12:38 - 2016-10-11 08:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-02-27 12:38 - 2016-10-11 08:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-02-27 12:38 - 2016-10-11 08:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-02-27 12:38 - 2016-10-11 07:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-02-27 12:38 - 2016-10-11 07:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-02-27 12:38 - 2016-10-11 07:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
    2017-02-27 12:38 - 2016-10-11 07:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-02-27 12:38 - 2016-10-11 07:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-02-27 12:38 - 2016-10-11 07:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-02-27 12:38 - 2016-10-11 07:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-02-27 12:38 - 2016-10-11 07:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-02-27 12:38 - 2016-10-11 07:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 07:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 07:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 07:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2017-02-27 12:38 - 2016-10-11 06:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
    2017-02-27 12:38 - 2016-10-11 06:17 - 00419648 _____ C:\Windows\system32\locale.nls
    2017-02-27 12:38 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
    2017-02-27 12:38 - 2016-10-08 06:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2017-02-27 12:38 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2017-02-27 12:38 - 2016-10-07 08:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2017-02-27 12:38 - 2016-10-07 08:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2017-02-27 12:38 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2017-02-27 12:38 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2017-02-27 12:38 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2017-02-27 12:38 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
    2017-02-27 12:38 - 2016-10-04 08:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2017-02-27 12:38 - 2016-10-04 08:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2017-02-27 12:38 - 2016-10-04 08:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2017-02-27 12:38 - 2016-10-04 08:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2017-02-27 12:38 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
    2017-02-27 12:38 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
    2017-02-27 12:38 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2017-02-27 12:38 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-02-27 12:38 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-02-27 12:38 - 2016-09-09 11:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-02-27 12:38 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2017-02-27 12:38 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2017-02-27 12:38 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2017-02-27 12:38 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2017-02-27 12:38 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2017-02-27 12:38 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2017-02-27 12:38 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2017-02-27 12:38 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2017-02-27 12:38 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2017-02-27 12:38 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2017-02-27 12:38 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2017-02-27 12:38 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2017-02-27 12:38 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
    2017-02-27 12:38 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2017-02-27 12:38 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
    2017-02-27 12:38 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2017-02-27 12:38 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
    2017-02-27 12:38 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
    2017-02-27 12:38 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2017-02-27 12:38 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2017-02-27 12:38 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2017-02-27 12:38 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2017-02-27 12:38 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2017-02-27 12:38 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2017-02-27 12:38 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2017-02-27 12:38 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2017-02-27 12:38 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2017-02-27 12:38 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2017-02-27 12:38 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2017-02-27 12:38 - 2016-05-13 15:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-02-27 12:38 - 2016-05-13 15:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-02-27 12:38 - 2016-05-13 15:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-02-27 12:38 - 2016-05-13 15:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-02-27 12:38 - 2016-05-13 14:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-02-27 12:38 - 2016-05-13 14:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-02-27 12:38 - 2016-05-13 14:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-02-27 12:38 - 2016-05-13 14:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-02-27 12:38 - 2016-05-13 14:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-02-27 12:38 - 2016-05-13 14:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-02-27 12:38 - 2016-05-13 14:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-02-27 12:38 - 2016-05-13 14:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-02-27 12:38 - 2016-05-13 14:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-02-27 12:38 - 2016-05-13 14:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-02-27 12:38 - 2016-05-13 14:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-02-27 12:38 - 2016-05-13 14:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-02-27 12:38 - 2016-05-12 08:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
    2017-02-27 12:37 - 2017-02-02 09:36 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-02-27 12:37 - 2017-02-02 09:32 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-02-27 12:37 - 2017-02-02 07:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-02-27 12:37 - 2015-08-05 10:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2017-02-27 12:37 - 2015-08-05 10:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2017-02-27 12:36 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-02-27 12:36 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-02-27 12:36 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-02-27 12:36 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-02-27 12:36 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2017-02-27 12:36 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2017-02-27 12:36 - 2016-08-12 09:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-02-27 12:36 - 2016-08-12 09:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-02-27 12:36 - 2016-08-12 09:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-02-27 12:36 - 2016-07-07 08:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2017-02-27 12:36 - 2016-07-07 08:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2017-02-27 12:36 - 2016-07-07 08:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2017-02-27 12:36 - 2016-07-07 08:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2017-02-27 12:36 - 2015-12-16 11:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2017-02-27 12:36 - 2015-12-16 11:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2017-02-27 12:36 - 2015-12-16 11:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2017-02-27 12:25 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2017-02-25 19:22 - 2017-02-25 19:22 - 00000000 ____D C:\Windows\jre
    2017-02-25 19:22 - 2017-02-25 19:22 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
    2017-02-25 18:11 - 2017-03-02 10:16 - 00000000 ____D C:\Users\R\AppData\Roaming\Curse Client
    2017-02-25 18:11 - 2017-02-25 18:11 - 00001020 _____ C:\Users\R\Desktop\Curse.lnk
    2017-02-25 18:11 - 2017-02-25 18:11 - 00001006 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
    2017-02-25 15:27 - 2017-02-25 15:28 - 00000202 _____ C:\Users\R\Desktop\The Elder Scrolls Online Tamriel Unlimited.url
    2017-02-25 15:05 - 2017-02-27 13:28 - 00278760 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-02-25 14:38 - 2017-02-25 14:38 - 00000202 _____ C:\Users\R\Desktop\STAR WARS Knights of the Old Republic II The Sith Lords.url
    2017-02-25 00:20 - 2017-02-25 00:20 - 00219714 _____ C:\Users\R\Documents\bookmarks.html
    2017-02-24 23:10 - 2017-02-24 23:10 - 00000522 _____ C:\Users\Public\Desktop\Steam.lnk
    2017-02-24 23:10 - 2017-02-24 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2017-02-24 22:05 - 2017-02-24 22:05 - 00003204 _____ C:\Windows\System32\Tasks\Adobe Uninstaller
    2017-02-24 22:05 - 2017-02-24 22:05 - 00003154 _____ C:\Windows\System32\Tasks\{C5AC3A7E-E579-40EB-86AC-0909653DEF76}
    2017-02-24 18:09 - 2017-02-24 18:09 - 00066592 _____ C:\Users\R\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-02-24 17:17 - 2017-02-24 17:17 - 00000000 ____D C:\Users\R\AppData\LocalLow\Sony Online Entertainment
    2017-02-22 00:51 - 2017-02-22 00:51 - 00000000 __SHD C:\found.002
    2017-02-14 01:50 - 2017-02-14 01:58 - 00000000 ____D C:\Users\R\AppData\Local\Facebook
    2017-02-03 11:18 - 2017-03-01 20:09 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2017-02-03 11:18 - 2017-03-01 09:02 - 00001344 ____H C:\Users\R\Desktop\ROBLOX Player.lnk
    2017-02-03 11:18 - 2017-03-01 09:01 - 00001163 _____ C:\Users\R\Desktop\ROBLOX Studio.lnk
    2017-02-01 14:38 - 2017-02-01 14:38 - 00000000 ____D C:\Users\R\Documents\ROBLOX
    2017-01-31 13:30 - 2017-01-31 17:09 - 00000000 ____D C:\Users\R\Documents\Fanfiction
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-02 10:23 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-03-02 10:23 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-03-02 10:14 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-02 00:21 - 2016-12-17 00:18 - 00000000 ____D C:\Users\R\AppData\LocalLow\Mozilla
    2017-03-01 21:16 - 2016-07-01 14:18 - 00000000 ____D C:\Program Files (x86)\Google
    2017-03-01 20:14 - 2016-07-14 01:29 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-03-01 20:09 - 2016-12-01 19:07 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
    2017-03-01 18:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2017-02-28 03:49 - 2016-05-26 15:30 - 00000000 ____D C:\Users\R\AppData\Local\Roblox
    2017-02-28 01:08 - 2016-07-09 14:36 - 00000000 ____D C:\Users\R\AppData\Roaming\Skype
    2017-02-27 23:50 - 2016-12-31 13:19 - 00000000 ____D C:\Users\R\Documents\Noble Special Investigation Site 29
    2017-02-27 21:59 - 2009-07-13 22:13 - 00782352 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-27 21:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2017-02-27 13:53 - 2017-01-04 01:09 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2017-02-27 13:25 - 2016-08-06 11:20 - 00000000 ___SD C:\Windows\system32\CompatTel
    2017-02-27 13:25 - 2016-08-06 11:20 - 00000000 ____D C:\Windows\system32\appraiser
    2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
    2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2017-02-27 13:20 - 2016-07-12 23:26 - 00000000 ____D C:\Windows\system32\MRT
    2017-02-27 13:16 - 2016-07-12 23:26 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-02-27 12:56 - 2016-07-14 00:47 - 00774934 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-02-25 19:22 - 2014-07-02 12:46 - 00000000 ____D C:\Users\R
    2017-02-25 15:28 - 2016-05-26 18:47 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2017-02-24 22:08 - 2016-10-03 20:33 - 00000000 ____D C:\Program Files\Adobe
    2017-02-24 18:14 - 2016-10-04 23:32 - 00000000 ____D C:\Users\R\AppData\Roaming\obs-studio
    2017-02-24 17:42 - 2016-11-06 10:38 - 00000000 ____D C:\Users\R\AppData\Local\Jagex
    2017-02-24 17:42 - 2016-11-06 10:38 - 00000000 ____D C:\ProgramData\Jagex
    2017-02-24 17:32 - 2017-01-04 15:27 - 00000000 ____D C:\ProgramData\VEGAS
    2017-02-24 17:30 - 2016-07-12 22:49 - 00000000 ____D C:\ProgramData\Package Cache
    2017-02-24 17:19 - 2016-08-05 14:57 - 00000059 _____ C:\Users\R\AppData\Local\UserProducts.xml
    2017-02-24 17:19 - 2016-08-05 14:57 - 00000000 ____D C:\Program Files (x86)\Skillbrains
    2017-02-24 17:18 - 2014-07-02 12:48 - 00000000 ____D C:\Users\R\AppData\Local\VirtualStore
    2017-02-24 17:17 - 2016-06-01 17:44 - 00000000 ____D C:\Users\R\AppData\Local\CrashDumps
    2017-02-24 17:12 - 2014-07-02 17:15 - 00000000 ____D C:\Windows\Minidump
    2017-02-24 16:53 - 2016-11-20 21:11 - 00000000 ____D C:\Users\R\AppData\Roaming\discord
    2017-02-24 15:57 - 2009-07-13 22:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-02-21 23:31 - 2016-06-10 18:23 - 00000000 ____D C:\Users\R\AppData\Local\Deployment
    2017-02-16 19:42 - 2016-07-31 22:48 - 00000000 ____D C:\Users\R\AppData\Roaming\SoftGrid Client
    2017-02-15 11:57 - 2016-05-26 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-02-12 00:16 - 2016-12-14 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-02-09 21:26 - 2016-05-26 16:54 - 00000000 ____D C:\Games
    2017-02-09 01:11 - 2017-01-02 18:09 - 00000000 ____D C:\tmp
    2017-02-03 13:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SchCache
    2017-02-03 11:19 - 2016-05-26 15:30 - 00000246 _____ C:\Users\R\AppData\LocalLow\rbxcsettings.rbx
    2017-02-02 20:16 - 2016-10-05 18:04 - 00000000 ____D C:\Users\R\Documents\OBJ FILE
    2017-01-31 20:18 - 2017-01-15 11:11 - 00000000 ____D C:\Users\R\Documents\Euro Truck Simulator 2
    2017-01-31 18:56 - 2016-10-03 20:42 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
     
    ==================== Files in the root of some directories =======
     
    2014-07-03 04:21 - 2016-10-08 21:16 - 0007626 _____ () C:\Users\R\AppData\Local\resmon.resmoncfg
    2016-08-05 14:57 - 2016-08-05 14:57 - 0000003 _____ () C:\Users\R\AppData\Local\updater.log
    2016-08-05 14:57 - 2017-02-24 17:19 - 0000059 _____ () C:\Users\R\AppData\Local\UserProducts.xml
    2014-07-02 10:34 - 2014-07-02 10:36 - 0017744 _____ () C:\ProgramData\ArcadeDeluxe4.log
    2017-01-04 01:15 - 2017-01-04 01:15 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
     
    Some files in TEMP:
    ====================
    2017-02-24 17:17 - 2012-02-13 13:41 - 0314784 _____ () C:\Users\R\AppData\Local\Temp\Uninstaller-1996.exe
    2017-03-01 20:09 - 2017-03-01 20:09 - 1239402 _____ (VideoBox                                                    ) C:\Users\R\AppData\Local\Temp\videobox.exe
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-02-22 19:52
     
    ==================== End of FRST.txt ============================

    • 0

    #6
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    This log is from addition. 

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
    Ran by R (02-03-2017 10:36:20)
    Running from C:\Users\R\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2014-07-02 19:46:18)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-1351455686-1081943194-175279126-500 - Administrator - Disabled)
    Guest (S-1-5-21-1351455686-1081943194-175279126-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1351455686-1081943194-175279126-1002 - Limited - Enabled)
    R (S-1-5-21-1351455686-1081943194-175279126-1000 - Administrator - Enabled) => C:\Users\R
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.8316 - CyberLink Corp.)
    Acer Arcade Deluxe (x32 Version: 4.1.8316 - CyberLink Corp.) Hidden
    Acer Arcade Movie (x32 Version: 9.0.7029 - CyberLink Corp.) Hidden
    Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
    Acer Bio Protection (HKLM-x32\...\InstallShield_{FD588AD4-9150-4A41-83E8-61596E0954E4}) (Version: 7.0.60.0 - Egis Technology Inc.)
    Acer Crystal Eye webcam Ver:1.1.193.827 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.193.827 - Chicony Electronics Co.,Ltd.)
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
    Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
    Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated)
    Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
    Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
    Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
    BioExcess (Version: 7.0.60.0 - Egis Technology Inc.) Hidden
    Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
    Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
    ccc-core-static (x32 Version: 2010.1028.1114.18274 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    Discord (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
    Fingerprint Solution (x32 Version: 7.0.60.0 - Egis Technology Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Gyazo 3.2.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.51.6 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nuvoton CIR Device Drivers (HKLM-x32\...\{46851691-3C64-4C14-ABD8-179AE8801F55}) (Version: 8.60.2004 - Nuvoton Technology Corporation)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.4 - OBS Project)
    paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.27.920.2010 - Realtek)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
    ROBLOX Player for R (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
    ROBLOX Studio for R (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
    Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
    STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM\...\Steam App 208580) (Version:  - Obsidian Entertainment)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
    The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.5.0.0 - Zenimax Online Studios)
    The Elder Scrolls Online: Tamriel Unlimited (HKLM\...\Steam App 306130) (Version:  - Zenimax Online Studios)
    Tweaks.com Logon Changer (HKLM-x32\...\{D2223C9B-0AB9-4546-A4C0-A1ED27C42039}) (Version: 3.1.0 - Advanced PC Media LLC)
    Unity Web Player (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\UnityWebPlayer) (Version: 5.2.5f1 - Unity Technologies ApS)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
    World of Tanks (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
    XVM version 6.5.5 (HKLM-x32\...\{2865cd27-6b8b-4413-8272-cd968f316050}_is1) (Version: 6.5.5 - XVM team)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{593bc936-d803-49b7-9084-251d7f6425e6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\RobloxProxy64.dll (ROBLOX Corporation)
    CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {0968AACF-E55C-4B22-A007-7C2354D2E36A} - System32\Tasks\{C5AC3A7E-E579-40EB-86AC-0909653DEF76} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
    Task: {1FDCD200-4FF6-4FBD-8726-43CE3A257F97} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
    Task: {253E1326-F65A-45BC-82F1-D987625F7481} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-23] (Adobe Systems Incorporated)
    Task: {275E4617-1E30-46F1-9D17-34A2DEC87778} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
    Task: {88C5C7FC-B9B8-4ECF-899F-FC6E02F363E3} - System32\Tasks\{7FF02BFD-E1DF-4AA3-9FB5-4A5E32646FF1} => pcalua.exe -a C:\Users\R\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\RobloxPlayerLauncher.exe -c -uninstall
    Task: {89BBA2DA-75CC-4E87-9AC2-A5E16A990791} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
    Task: {90D8AF3B-D36E-475B-B947-C02C25CC939C} - System32\Tasks\{AAF8D37A-B36F-4C33-972A-5FA5A21208C2} => pcalua.exe -a C:\Users\R\Downloads\setup.exe -d C:\Users\R\Downloads
    Task: {965304F7-3472-4DB8-B83D-F1E7C20A447C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
    Task: {B2DBC4E6-3AE8-414A-93CF-0E5AF370941F} - System32\Tasks\Acer Registration - Data Sending task => C:\Program Files (x86)\Acer\Registration\GREG.exe [2010-04-27] (Acer Incorporated)
    Task: {B8FB24E3-1D14-4200-B319-ED7B648EA362} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-08-03] ()
    Task: {C05F300F-FF62-4B16-981F-2C86304CB2E3} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-08-03] ()
    Task: {CCA22504-5F5A-42FA-93AB-F31236C5CE44} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-10-25] (Adobe Systems Incorporated)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\Acer Registration - Data Sending task.job => C:\Program Files (x86)\Acer\Registration\GREG.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    Shortcut: C:\Users\R\Desktop\RОBLOX Рlаyer.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.rehcnualreyalpxolbor.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\Desktop\Wоrld оf Tаnks.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.rehcnualtow.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Exрlоrеr.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Wоrld of Tanks.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.rehcnualtow.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\RОBLOX Рlayеr.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.rehcnualreyalpxolbor.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Еxрlorеr (No Аdd-ons).lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Chrоmе.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Eхрlоrer Вrоwser.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Chrome.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
     
    ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2009-01-21 13:45 - 2009-01-21 13:45 - 01401856 _____ () C:\Program Files (x86)\Acer Bio Protection\x64\LIBEAY32.dll
    2016-10-25 08:57 - 2016-10-25 08:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2017-03-01 20:14 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-03-01 20:14 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-03-01 21:17 - 2017-02-01 02:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
    2017-03-01 21:17 - 2017-02-01 02:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 19:34 - 2017-01-04 11:50 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\R\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254 - 75.153.171.122
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
    MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"                                                                                                                                                                                          
    MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k                                                                                                                                                                             
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
    MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"                                              
    MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Steam => "C:\Users\R\Documents\New folder\steam.exe" -silent
    MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: VitaKeyTSR => "C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe" /run
    MSCONFIG\startupreg: World of Tanks (1) => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [{473262E6-F944-4F9F-B934-0107442E0970}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    FirewallRules: [{27DCB9A0-25FE-43FC-AD68-434068364948}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\VC.exe
    FirewallRules: [{187F5E7B-FF38-4834-80DA-441B80F0EB45}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{314D40DA-8D86-4D8E-A6CE-0BEA7A325400}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{A323BEA2-C8CE-4559-A48B-7A130E96F8A0}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
    FirewallRules: [{D3C45009-2DEE-4975-8B59-992498F5AD37}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1BDFE467-30E4-46BE-A790-B1D1F7DCE773}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3907FE25-51F0-4472-B9DA-C227C3F86D81}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{CC4184EE-AF26-43E0-8126-ECA524F3ADCF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{009663B2-4640-4852-AAD0-CC90589B3F96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
    FirewallRules: [{DF8C5E33-2720-413B-A85C-57A378F76296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
    FirewallRules: [{5C2E51FB-F13A-46EE-BCF6-D58F1B8FD250}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe
    FirewallRules: [{48E2DD5F-736E-4D19-9D7D-09786C319A1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe
    FirewallRules: [TCP Query User{C1B3BC92-2043-49E0-A79B-A1C387432B4C}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe
    FirewallRules: [UDP Query User{4867A320-31B5-4240-BC47-94D11D67B2D9}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe
    FirewallRules: [{3A86A9C8-8250-4E66-8529-245016B6133D}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
    FirewallRules: [{8F859C3F-90E4-4470-AD0A-107D0B45E177}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
    FirewallRules: [{646DEC8E-4CD6-4EB2-AF7F-43ACB95B4832}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
    FirewallRules: [{074C53D1-0247-458F-A7D7-083070330EF9}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
    FirewallRules: [{D195E6A9-2440-4813-AB31-F29BB3C0BB07}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Knights of the Old Republic II\swkotor2.exe
    FirewallRules: [{87C5C97E-B1D4-47CD-A0EA-C4C3D90A4C7C}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Knights of the Old Republic II\swkotor2.exe
    FirewallRules: [TCP Query User{876C8CDE-22F1-4096-AC6A-4E0394F13C69}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe
    FirewallRules: [UDP Query User{67103985-FF94-4C86-B53F-60E418CF94A0}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe
    FirewallRules: [{AA3CD8E2-EB7A-4D97-BFF0-35195929BF25}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{6E62E594-EF7A-40F8-87CC-AC7A574269EA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{9A29E102-55B2-49F4-8C64-F3D3EAE8B5B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{EB758D1B-82B9-4BC0-9D63-D70AAA7BF95B}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
    FirewallRules: [{A2EFBC2D-91DF-4277-BDEA-BEDDD892F503}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
    FirewallRules: [{01D54FC1-95DF-435D-BC73-F10C4893D731}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
    FirewallRules: [{4BFFF960-8367-4B4E-B5DC-D47C6428DBB2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
    FirewallRules: [{E6AA0A86-34AE-4AF0-939A-22B0494719D5}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
    FirewallRules: [{E2FC24AA-F1D3-411F-881B-F4166F207F04}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
    FirewallRules: [{66F1FA3B-1019-4A78-B39D-8A345FC4C0FC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{4889BE61-1E65-4A55-A56D-95E26F6E1F0E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{6D3A8AE6-B1BF-40B4-B379-726AB35FA2E8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{6C42EBEB-88D4-43A1-BD10-669876C6B8C0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{00A731EE-3E30-4477-82C1-D5F6D056BC98}] => (Allow) svchost.exe
    FirewallRules: [{7310DE9C-F494-4850-BC44-24516CAC70F6}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{5904D895-0BBF-43CD-9618-18C06774A57E}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{9C1D0267-ECF5-460A-8596-F97103CE18A6}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{B9C5A73F-7CA6-49A8-8F9A-E1A2014E853A}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{0EBD6171-A0E6-43FD-9C2D-8E4DE21DE5DD}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
    FirewallRules: [{7B24AC15-438A-4321-B95E-127C80246A25}] => (Allow) C:\Users\R\Documents\New folder\Steam.exe
    FirewallRules: [{36498857-4A5D-4A7B-9B75-F80D4CE5EA8E}] => (Allow) C:\Users\R\Documents\New folder\Steam.exe
    FirewallRules: [{8EFFC487-6FDF-42AF-AB2E-36F84F2969D8}] => (Allow) C:\Users\R\Documents\New folder\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{0922CB52-977F-4DAD-8E81-DF56C363175F}] => (Allow) C:\Users\R\Documents\New folder\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{07B550D6-758D-45A5-AF90-4BA76C3B521F}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
    FirewallRules: [{337D1162-D1B5-45E5-881B-3069A1B71379}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
    FirewallRules: [{7929503A-6131-406C-89E6-8B66F64137E0}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
    FirewallRules: [{62349F81-838C-4778-898E-665476966AB3}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
    FirewallRules: [{4D0AD345-AC13-4A89-8634-E587D28803BA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{7B5EDF2B-27BA-44EA-9AAE-4208E3001CB5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [TCP Query User{F4191932-1307-49C0-8B29-E4F25FC42265}C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe
    FirewallRules: [UDP Query User{1BE58C9A-3E9C-4F5E-9825-3FFF45EA130F}C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe
    FirewallRules: [TCP Query User{3E3F2381-DC07-4E0E-AB18-8ADF0BAB2768}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [UDP Query User{A33F52A3-F96A-4384-867C-EA285BD468FC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [TCP Query User{3507EB71-76CE-4DA5-8AC6-BB8424C6A7F5}C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe
    FirewallRules: [UDP Query User{B429ACA3-99EB-40B7-B2AE-CDB339813961}C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe
    FirewallRules: [TCP Query User{3C873F9F-93F7-43B4-B0EE-8820B7F22562}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [UDP Query User{11F6721E-56E9-4FF0-8752-83AE5CF81A02}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [{98B2A9BB-9750-45C3-991C-D4EF944180ED}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{0A07EA7F-3F64-4C6D-A443-8B9C0BD6F524}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{B67FAC51-12E8-40D8-9EE3-96BADD86FE26}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{55375A40-F346-46D0-9568-B93032638C9A}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{7AECE7BC-FC00-4CE7-9C0B-BC8B53A397E3}] => (Allow) D:\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe
    FirewallRules: [{9796CBDA-7EDD-4514-8C3D-A06E18F65EFB}] => (Allow) D:\Steam\steamapps\common\Knights of the Old Republic II\swkotor2.exe
    FirewallRules: [{0907F3EF-8B04-4CE8-8C42-7DF24106AB67}] => (Allow) D:\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
    FirewallRules: [{89F75754-8830-460B-9113-C223034E3270}] => (Allow) D:\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
    FirewallRules: [TCP Query User{05AE7197-A154-45B4-B9DA-DC3D53E3893D}C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{2071F468-3D0F-44CC-BADF-EECD3EC751A4}C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{38A7D7A6-AB9D-44AC-86FA-A6583427B52E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
     
    ==================== Restore Points =========================
     
    02-03-2017 10:27:32 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
    Name: 1.3M WebCam
    Description: USB Video Device
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Microsoft
    Service: usbvideo
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (03/02/2017 10:25:06 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
     
    Error: (03/02/2017 09:42:57 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
     
    Error: (03/02/2017 09:42:00 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
     
    Error: (03/02/2017 09:41:55 AM) (Source: SideBySide) (EventID: 35) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
    Component identity found in manifest does not match the identity of the component requested.
    Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
    Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
    Please use sxstrace.exe for detailed diagnosis.
     
    Error: (03/01/2017 09:16:24 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
     
    Error: (03/01/2017 08:38:39 PM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
     
    Error: (03/01/2017 08:10:00 PM) (Source: MsiInstaller) (EventID: 11925) (User: R-PC)
    Description: Product: NowUSeeIt Player -- Error 1925. You do not have sufficient privileges to complete this installation for all users of the machine.  Log on as administrator and then retry this installation.
     
    Error: (03/01/2017 09:43:46 AM) (Source: CVHSVC) (EventID: 100) (User: )
    Description: Information only.
    (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
     
    Error: (03/01/2017 09:04:40 AM) (Source: SideBySide) (EventID: 63) (User: )
    Description: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3.
    The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
     
    Error: (03/01/2017 09:03:43 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
    Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
     
     
    System errors:
    =============
    Error: (03/02/2017 10:15:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    bradqris
     
    Error: (03/02/2017 10:13:48 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
    An instance of the service is already running.
     
    Error: (03/02/2017 10:13:20 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/02/2017 10:13:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
     
    Error: (03/02/2017 10:13:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/02/2017 10:13:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (03/02/2017 10:13:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (03/02/2017 10:13:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/02/2017 10:13:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Updater Service service terminated unexpectedly.  It has done this 1 time(s).
     
    Error: (03/02/2017 10:13:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Application Virtualization Service Agent service terminated unexpectedly.  It has done this 1 time(s).
     
     
    CodeIntegrity:
    ===================================
      Date: 2016-07-19 17:13:05.521
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-07-19 17:13:05.442
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-07-19 17:13:05.364
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-07-19 17:13:05.285
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-07-19 17:13:05.205
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-07-19 17:13:05.121
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-07-19 17:13:03.840
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-07-19 17:13:03.758
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-07-19 17:13:03.678
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.
     
      Date: 2016-07-19 17:13:03.527
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
    Percentage of memory in use: 38%
    Total physical RAM: 6125.86 MB
    Available physical RAM: 3762.89 MB
    Total Virtual: 12249.9 MB
    Available Virtual: 9738.75 MB
     
    ==================== Drives ================================
     
    Drive c: (Acer) (Fixed) (Total:465.76 GB) (Free:383.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:852.26 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C352CBF0)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D32A87A1)
    Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
     
    ==================== End of Addition.txt ============================

    • 0

    #7
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    This is from search log. 

     

    Farbar Recovery Scan Tool (x64) Version: 01-03-2017
    Ran by R (02-03-2017 10:37:27)
    Running from C:\Users\R\Downloads
    Boot Mode: Normal
     
    ================== Search Files: "Chrome_Elf.Dll" =============
     
    C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_elf.dll
    [2017-03-01 21:17][2017-02-01 02:47] 0539992 ____A (Google Inc.) 7E6FBEFBFA098C2CBF9545EACC35A6A6 [File is digitally signed]
     
    ====== End of Search ======

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 18,779 posts
    • MVP

    Looks like you do have something evil.  Some of it's been partially removed:

     

    S0 bradqris; System32\drivers\vbkdf.sys [X]

     

     

    The X means the file is missing.

    and lots of tricked out shortcuts:

    Shortcut: C:\Users\R\Desktop\RОBLOX Рlаyer.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.rehcnualreyalpxolbor.bat (No File) <===== Cyrillic

     

     

     

    These appear to be broken because the file is missing but sometimes it can hide.  Something messed up the first part of the FRST scan.  The section right after:

    ==================== Registry (Whitelisted) ====================

    is garbled so there may still be something active.

     

     

     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   6.94KB   19 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.  See if Chrome will run now.
     
     
     

    • 0

    #9
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Alright, here's the requested log from FRST FIX LOG  - I'll post another FRST and Addition after this - 

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
    Ran by R (02-03-2017 13:11:43) Run:1
    Running from C:\Users\R\Downloads
    Loaded Profiles: R (Available Profiles: R)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main,Start Page = 
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @my.com/Games -> C:\Users\R\AppData\Local\MyComGames\NPMyComDetector.dll [No File]
    S0 bradqris; System32\drivers\vbkdf.sys [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
    Task: {1FDCD200-4FF6-4FBD-8726-43CE3A257F97} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-25] (Microsoft Corporation)
    Task: {90D8AF3B-D36E-475B-B947-C02C25CC939C} - System32\Tasks\{AAF8D37A-B36F-4C33-972A-5FA5A21208C2} => pcalua.exe -a C:\Users\R\Downloads\setup.exe -d C:\Users\R\Downloads
    Task: {B8FB24E3-1D14-4200-B319-ED7B648EA362} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-08-03] ()
    Task: {C05F300F-FF62-4B16-981F-2C86304CB2E3} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-08-03] ()
    Task: C:\Windows\Tasks\Acer Registration - Data Sending task.job => C:\Program Files (x86)\Acer\Registration\GREG.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Shortcut: C:\Users\R\Desktop\RОBLOX Рlаyer.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.rehcnualreyalpxolbor.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\Desktop\Wоrld оf Tаnks.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.rehcnualtow.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Exрlоrеr.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Wоrld of Tanks.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.rehcnualtow.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\RОBLOX Рlayеr.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.rehcnualreyalpxolbor.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Еxрlorеr (No Аdd-ons).lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Chrоmе.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Eхрlоrer Вrоwser.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.erolpxei.bat (No File) <===== Cyrillic
    Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Chrome.lnk -> C:\Users\R\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
    SetDefaultFilePermissions: C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_elf.dll
    REG: reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /s
    REG: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s
    CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"  
     
     
     
     
    *****************
     
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => key removed successfully
    HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found. 
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\MozillaPlugins\@my.com/Games => key removed successfully
    C:\Users\R\AppData\Local\MyComGames\NPMyComDetector.dll => not found.
    HKLM\System\CurrentControlSet\Services\bradqris => key removed successfully
    bradqris => service removed successfully
    HKLM\System\CurrentControlSet\Services\IntcAzAudAddService => key removed successfully
    IntcAzAudAddService => service removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FDCD200-4FF6-4FBD-8726-43CE3A257F97} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FDCD200-4FF6-4FBD-8726-43CE3A257F97} => key removed successfully
    C:\Windows\System32\Tasks\Microsoft\Windows\Setup\EOSNotify => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{90D8AF3B-D36E-475B-B947-C02C25CC939C} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{90D8AF3B-D36E-475B-B947-C02C25CC939C} => key removed successfully
    C:\Windows\System32\Tasks\{AAF8D37A-B36F-4C33-972A-5FA5A21208C2} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AAF8D37A-B36F-4C33-972A-5FA5A21208C2} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B8FB24E3-1D14-4200-B319-ED7B648EA362} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8FB24E3-1D14-4200-B319-ED7B648EA362} => key removed successfully
    C:\Windows\System32\Tasks\GyazoUpdateTaskMachine => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachine => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C05F300F-FF62-4B16-981F-2C86304CB2E3} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C05F300F-FF62-4B16-981F-2C86304CB2E3} => key removed successfully
    C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GyazoUpdateTaskMachineDaily => key removed successfully
    C:\Windows\Tasks\Acer Registration - Data Sending task.job => moved successfully
    C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
    C:\Users\R\Desktop\RОBLOX Рlаyer.lnk => moved successfully
    C:\Users\R\Desktop\Wоrld оf Tаnks.lnk => not found.
    C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intеrnet Exрlоrеr.lnk => moved successfully
    C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Wоrld of Tanks.lnk => moved successfully
    C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\RОBLOX Рlayеr.lnk => moved successfully
    C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnet Еxрlorеr (No Аdd-ons).lnk => moved successfully
    C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Chrоmе.lnk => moved successfully
    C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Eхрlоrer Вrоwser.lnk => moved successfully
    C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gооgle Chrome.lnk => moved successfully
    "C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\chrome_elf.dll" => Default permissions restored successfully.
     
    ========= reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /s =========
     
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
        IntelTBRunOnce    REG_SZ    wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"                                                                                                                                                                                         
        mwlDaemon    REG_SZ    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
        Logitech Download Assistant    REG_SZ    C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
        Malwarebytes TrayApp    REG_SZ    C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
     
     
     
    ========= End of Reg: =========
     
     
    ========= reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s =========
     
     
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
        World of Tanks    REG_SZ    "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
        World of Tanks (1)    REG_SZ    "C:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
        CCleaner Monitoring    REG_SZ    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
        Steam    REG_SZ    "D:\Steam\steam.exe" -silent
        evyzuf    REG_SZ    rundll32.exe "C:\Users\R\AppData\Local\evyzuf.dll",evyzuf
        World of Tanks (2)    REG_SZ    "C:\Games\WargamingGameUpdater.exe"
     
     
     
    ========= End of Reg: =========
     
     
    ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
     
     
    ========= End of CMD: =========
     
     
    ==== End of Fixlog 13:12:12 ====

    • 0

    #10
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Here is FRST log 

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
    Ran by R (administrator) on R-PC (02-03-2017 13:12:39)
    Running from C:\Users\R\Downloads
    Loaded Profiles: R (Available Profiles: R)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    (Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Wargaming.net) C:\Games\WargamingGameUpdater.exe
    (Valve Corporation) D:\Steam\Steam.exe
    (Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\R\Downloads\FRST64 (1).exe
     
    ==================== Registry (Whitelisted) ====================
    0x0D0A28496620616E20656E74727920697320696E636C7564656420696E20746865206669786C6973742C20746865207265676973747279206974656D2077696C6C20626520726573746F72656420746F2064656661756C74206F722072656D6F7665642E205468652066696C652077696C6C206E6F74206265206D6F7665642E290D0A0D0A484B4C4D5C2E2E2E5C52756E3A205B496E74656C544252756E4F6E63655D203D3E20777363726970742E657865202F2F62202F2F6E6F6C6F676F2022433A5C50726F6772616D2046696C65735C496E74656C5C547572626F426F6F73745C52756E54424761646765744F6E63652E766273222020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202028746865206461746120656E74727920686173203635206D6F72652063686172616374657273292E0D0A484B4C4D5C2E2E2E5C52756E3A205B6D776C4461656D6F6E5D203D3E20433A5C50726F6772616D2046696C65732028783836295C45676973546563204D7957696E4C6F636B65725C7838365C6D776C4461656D6F6E2E65786500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202028746865206461746120656E74727920686173203635206D6F72652063686172616374657273292E0D0A484B4C4D5C2E2E2E5C52756E3A205B4C6F67697465636820446F776E6C6F616420417373697374616E745D203D3E20433A5C57696E646F77735C73797374656D33325C72756E646C6C33322E65786520433A5C57696E646F77735C53797374656D33325C4C6F67694C44412E646C6C2C4C6F676946657463680D0A484B4C4D5C2E2E2E5C52756E3A205B4D616C77617265627974657320547261794170705D203D3E20433A5C50524F4752414D2046494C45535C4D414C5741524542595445535C414E54492D4D414C574152455C6D62616D747261792E657865205B3237383031313220323031372D30312D32305D20284D616C776172656279746573290D0A484B4C4D5C2E2E2E5C57696E6C6F676F6E3A205B55736572696E69745D20433A5C57696E646F77735C73797374656D33325C75736572696E69742E6578652C205B333037323020323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D2D7833325C2E2E2E5C57696E6C6F676F6E3A205B55736572696E69745D20433A5C57696E646F77735C737973574F5736345C75736572696E69742E657865205B323636323420323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C57696E6C6F676F6E3A205B5368656C6C5D206578706C6F7265722E657865205B3332323936393620323031362D30382D32395D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D2D7833325C2E2E2E5C57696E6C6F676F6E3A205B5368656C6C5D206578706C6F7265722E657865205B3239373236373220323031362D30382D32395D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C506F6C69636965735C4578706C6F7265723A205B4E6F4163746976654465736B746F705D20310D0A484B4C4D5C2E2E2E5C506F6C69636965735C4578706C6F7265723A205B4E6F4163746976654465736B746F704368616E6765735D20310D0A484B4C4D5C2E2E2E5C506F6C69636965735C4578706C6F7265723A205B466F7263654163746976654465736B746F704F6E5D20300D0A484B555C532D312D352D31395C2E2E2E5C52756E3A205B536964656261725D203D3E20433A5C50726F6772616D2046696C65735C57696E646F777320536964656261725C536964656261722E657865205B3134373535383420323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D31395C2E2E2E5C52756E4F6E63653A205B6D637461646D696E5D203D3E20433A5C57696E646F77735C53797374656D33325C6D637461646D696E2E657865205B393732383020323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D32305C2E2E2E5C52756E3A205B536964656261725D203D3E20433A5C50726F6772616D2046696C65735C57696E646F777320536964656261725C536964656261722E657865205B3134373535383420323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D32305C2E2E2E5C52756E4F6E63653A205B6D637461646D696E5D203D3E20433A5C57696E646F77735C53797374656D33325C6D637461646D696E2E657865205B393732383020323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B576F726C64206F662054616E6B735D203D3E2022433A5C47616D65735C576F726C645F6F665F54616E6B735C57617267616D696E6747616D65557064617465722E657865220D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B576F726C64206F662054616E6B73202831295D203D3E2022433A5C47616D65735C576F726C645F6F665F54616E6B735F43545C57617267616D696E6747616D65557064617465722E657865220D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B43436C65616E6572204D6F6E69746F72696E675D203D3E20433A5C50726F6772616D2046696C65735C43436C65616E65725C43436C65616E657236342E657865205B3932383834303820323031362D31322D30365D202850697269666F726D204C7464290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B537465616D5D203D3E20443A5C537465616D5C737465616D2E657865205B3238383138323420323031372D30312D31385D202856616C766520436F72706F726174696F6E290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B6576797A75665D203D3E2072756E646C6C33322E6578652022433A5C55736572735C525C417070446174615C4C6F63616C5C6576797A75662E646C6C222C6576797A7566203C3D3D3D3D3D20415454454E54494F4E0D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B576F726C64206F662054616E6B73202832295D203D3E20433A5C47616D65735C57617267616D696E6747616D65557064617465722E657865205B3331333537353220323031362D31312D31385D202857617267616D696E672E6E6574290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C436F6E74726F6C2050616E656C5C4465736B746F705C5C5343524E534156452E455845202D3E20433A5C57696E646F77735C73797374656D33325C7363726E736176652E736372205B313132363420323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D31385C2E2E2E5C52756E4F6E63653A205B53505265766965775D203D3E20433A5C57696E646F77735C53797374656D33325C53505265766965775C53505265766965772E657865205B33303135363820323031362D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C50726F7669646572735C496E7465726E6574205072696E742050726F76696465723A20433A5C57696E646F77735C73797374656D33325C696E657470702E646C6C205B31363634303020323031362D30362D32355D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C50726F7669646572735C4C616E4D616E205072696E742053657276696365733A20433A5C57696E646F77735C73797374656D33325C77696E333273706C2E646C6C205B37353637333620323031362D30392D30395D20284D6963726F736F667420436F72706F726174696F6E290D0A4C73613A205B41757468656E7469636174696F6E205061636B616765735D206D7376315F300D0A4C73613A205B4E6F74696669636174696F6E205061636B616765735D20736365636C69204567697350776446696C7465722045676973445350776446696C7465720D0A536563757269747950726F7669646572733A20637265647373702E646C6C0D0A53534F444C3A20576562436865636B202D207B45364642354532302D444533352D313143462D394338372D3030414130303531323745447D202D20204E6F2046696C650D0A53534F444C2D7833323A20576562436865636B202D207B45364642354532302D444533352D313143462D394338372D3030414130303531323745447D202D20204E6F2046696C650D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B2041636345787449636F315D202D3E207B41423943463946382D384139362D344639442D424632312D4345383537313443334134377D203D3E20433A5C50726F6772616D2046696C65732028783836295C41646F62655C41646F626520437265617469766520436C6F75645C436F726553796E63457874656E73696F6E5C436F726553796E635F7836342E646C6C205B323031362D31302D32355D2028290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B2041636345787449636F325D202D3E207B38353342374530352D433437442D343938352D393039412D4430444335433644373330337D203D3E20433A5C50726F6772616D2046696C65732028783836295C41646F62655C41646F626520437265617469766520436C6F75645C436F726553796E63457874656E73696F6E5C436F726553796E635F7836342E646C6C205B323031362D31302D32355D2028290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B2041636345787449636F335D202D3E207B34324433384632452D393845392D343338322D423534362D4532344534443644303442427D203D3E20433A5C50726F6772616D2046696C65732028783836295C41646F62655C41646F626520437265617469766520436C6F75645C436F726553796E63457874656E73696F6E5C436F726553796E635F7836342E646C6C205B323031362D31302D32355D2028290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B456E68616E63656453746F726167655368656C6C5D202D3E207B44393134344443442D453939382D344543412D414236412D4443443833434342413136447D203D3E20433A5C57696E646F77735C73797374656D33325C456853746F725368656C6C2E646C6C205B323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B53686172696E67507269766174655D202D3E207B30383234344545362D393246302D343766322D394643392D3932394241413245373233357D203D3E20433A5C57696E646F77735C73797374656D33325C6E7473687275692E646C6C205B323031322D30312D30345D20284D6963726F736F667420436F72706F726174696F6E290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572732D7833323A205B456E68616E63656453746F726167655368656C6C5D202D3E207B44393134344443442D453939382D344543412D414236412D4443443833434342413136447D203D3E20433A5C57696E646F77735C537973574F5736345C456853746F725368656C6C2E646C6C205B323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572732D7833323A205B53686172696E67507269766174655D202D3E207B30383234344545362D393246302D343766322D394643392D3932394241413245373233357D203D3E20433A5C57696E646F77735C537973574F5736345C6E7473687275692E646C6C205B323031322D30312D30345D20284D6963726F736F667420436F72706F726174696F6E290D0A537461727475703A20433A5C55736572735C525C417070446174615C526F616D696E675C4D6963726F736F66745C57696E646F77735C5374617274204D656E755C50726F6772616D735C537461727475705C43757273652E6C6E6B205B323031372D30322D32355D0D0A53686F72746375745461726765743A2043757273652E6C6E6B202D3E20433A5C55736572735C525C417070446174615C526F616D696E675C437572736520436C69656E745C42696E5C43757273652E657865202843757273652C20496E63290D0AGroupPolicy: Restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{394F5267-8939-41D4-BC12-0033DBBC006C}: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{F835098A-5C5B-4E94-872E-A0914277B5D4}: [DhcpNameServer] 192.168.1.254 75.153.171.122
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1351455686-1081943194-175279126-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1351455686-1081943194-175279126-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll [2010-11-05] (Egis Technology Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll [2010-11-05] (Egis Technology Inc.)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
     
    FireFox:
    ========
    FF DefaultProfile: ol1w0beo.default
    FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default [2017-03-02]
    FF NewTab: Mozilla\Firefox\Profiles\ol1w0beo.default -> about:newtab
    FF Keyword.URL: Mozilla\Firefox\Profiles\ol1w0beo.default -> user_pref("keyword.URL", true);
    FF Extension: (Firefox Hotfix) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
    FF Extension: (Adblock Plus) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-12]
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\features\{04e6bdea-11bc-4de6-903d-1ad87024f393}\disableSHA1rollout@mozilla.org.xpi [2017-03-01]
    FF Extension: (TLS 1.3 Compatibility Testing 3) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\features\{04e6bdea-11bc-4de6-903d-1ad87024f393}\tls13-compat-ff51@mozilla.org.xpi [2017-03-01]
    FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
    FF Extension: ( Password Bank Extension ) - C:\Program Files (x86)\Acer Bio Protection\FFExt [2014-07-02] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-23] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-23] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-01] (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @nsroblox.roblox.com/launcher -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\R\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-24] (Unity Technologies ApS)
     
    Chrome: 
    =======
    CHR Profile: C:\Users\R\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
    CHR Extension: (Google Slides) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-01]
    CHR Extension: (Google Docs) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-01]
    CHR Extension: (Google Drive) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-01]
    CHR Extension: (YouTube) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-01]
    CHR Extension: (Adblock Plus) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-01]
    CHR Extension: (Google Sheets) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-01]
    CHR Extension: (Google Docs Offline) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-01]
    CHR Extension: (ROBLOX+) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2017-03-01]
    CHR Extension: (Morpheon Dark) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-03-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-01]
    CHR Extension: (Gmail) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-01]
    CHR Extension: (Chrome Media Router) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-01]
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
    S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
    S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-21] ()
    R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [315248 2010-11-05] (Egis Technology Inc. )
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
    S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
    S3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2010-04-26] (Windows ® Win 7 DDK provider) [File not signed]
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-02] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-02] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-02] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-02] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-02] (Malwarebytes)
    S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation) [File not signed]
    S3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2010-04-26] (Nuvoton Technology Corporation) [File not signed]
    R3 nuvotonir; C:\Windows\System32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
    S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
    R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-05-19] (CyberLink Corp.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-02 13:11 - 2017-03-02 13:12 - 00010083 _____ C:\Users\R\Downloads\Fixlog.txt
    2017-03-02 12:13 - 2017-03-02 12:13 - 04278280 _____ (Wargaming.net ) C:\Users\R\Downloads\WoT_internet_install_na.exe
    2017-03-02 12:13 - 2017-03-02 12:13 - 00000600 _____ C:\Users\R\Desktop\World of Tanks.lnk
    2017-03-02 10:37 - 2017-03-02 10:39 - 00000441 _____ C:\Users\R\Downloads\Search.txt
    2017-03-02 10:36 - 2017-03-02 10:36 - 00045995 _____ C:\Users\R\Downloads\Addition.txt
    2017-03-02 10:34 - 2017-03-02 13:14 - 00024387 _____ C:\Users\R\Downloads\FRST.txt
    2017-03-02 10:34 - 2017-03-02 13:12 - 00000000 ____D C:\FRST
    2017-03-02 10:32 - 2017-03-02 10:32 - 02423808 _____ (Farbar) C:\Users\R\Downloads\FRST64 (1).exe
    2017-03-02 10:30 - 2017-03-02 10:30 - 00013061 _____ C:\Users\R\Desktop\JRT.txt
    2017-03-02 10:26 - 2017-03-02 10:26 - 01663736 _____ (Malwarebytes) C:\Users\R\Downloads\JRT.exe
    2017-03-02 10:09 - 2017-03-02 10:13 - 00000000 ____D C:\AdwCleaner
    2017-03-02 10:08 - 2017-03-02 10:08 - 04031440 _____ C:\Users\R\Downloads\AdwCleaner.exe
    2017-03-01 23:53 - 2017-03-01 23:53 - 02423808 _____ (Farbar) C:\Users\R\Downloads\FRST64.exe
    2017-03-01 21:18 - 2017-03-01 21:18 - 02729024 _____ (DLL-Files.com Client ) C:\Users\R\Downloads\clientsetup_fde-0.exe
    2017-03-01 21:17 - 2017-03-01 21:17 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-03-01 21:17 - 2017-03-01 21:17 - 00002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-03-01 21:16 - 2017-03-01 21:16 - 01129376 _____ (Google Inc.) C:\Users\R\Downloads\ChromeSetup(1).exe
    2017-03-01 20:44 - 2017-03-01 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\R\Downloads\OTL.exe
    2017-03-01 20:39 - 2017-03-01 20:39 - 01129376 _____ (Google Inc.) C:\Users\R\Downloads\ChromeSetup.exe
    2017-03-01 20:39 - 2017-03-01 20:39 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-03-01 20:39 - 2017-03-01 20:39 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-03-01 20:15 - 2017-03-02 12:20 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-03-01 20:15 - 2017-03-02 10:15 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-03-01 20:15 - 2017-03-02 10:15 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-03-01 20:14 - 2017-03-02 10:15 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-03-01 20:14 - 2017-03-02 10:15 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-03-01 20:14 - 2017-03-01 20:14 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-03-01 20:14 - 2017-03-01 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-03-01 20:14 - 2017-03-01 20:14 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-03-01 20:14 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-03-01 20:12 - 2017-03-01 20:13 - 57131432 _____ (Malwarebytes ) C:\Users\R\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
    2017-03-01 20:08 - 2017-03-01 20:09 - 01050653 _____ C:\Users\R\Downloads\Ch_028_Yuusha_Isagi_no_Maou_Hanashi.rar
    2017-02-28 03:35 - 2017-02-28 03:36 - 00000000 ____D C:\Users\R\Documents\Old Places
    2017-02-27 23:51 - 2017-02-28 00:15 - 00000000 ____D C:\Users\R\Documents\RobloxPlaces
    2017-02-27 23:47 - 2017-02-27 23:47 - 00000000 ____D C:\Users\R\Documents\RobloxStuff
    2017-02-27 13:47 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2017-02-27 13:47 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2017-02-27 13:14 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2017-02-27 13:14 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2017-02-27 13:14 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2017-02-27 13:14 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2017-02-27 13:14 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2017-02-27 13:14 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2017-02-27 13:14 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2017-02-27 13:14 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2017-02-27 13:14 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2017-02-27 13:14 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2017-02-27 13:14 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2017-02-27 13:14 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2017-02-27 13:14 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2017-02-27 13:14 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2017-02-27 13:14 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2017-02-27 13:14 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2017-02-27 13:14 - 2013-10-01 13:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2017-02-27 13:14 - 2013-10-01 13:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2017-02-27 13:05 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2017-02-27 13:05 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2017-02-27 13:05 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2017-02-27 13:05 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2017-02-27 12:39 - 2016-11-14 16:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-02-27 12:39 - 2016-11-14 15:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-02-27 12:39 - 2016-11-12 12:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-02-27 12:39 - 2016-11-12 12:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-02-27 12:39 - 2016-11-12 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-02-27 12:39 - 2016-11-12 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-02-27 12:39 - 2016-11-12 12:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-02-27 12:39 - 2016-11-12 12:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-02-27 12:39 - 2016-11-12 12:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-02-27 12:39 - 2016-11-12 12:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-02-27 12:39 - 2016-11-12 12:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-02-27 12:39 - 2016-11-12 12:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-02-27 12:39 - 2016-11-12 12:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-02-27 12:39 - 2016-11-12 12:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-02-27 12:39 - 2016-11-12 12:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-02-27 12:39 - 2016-11-12 12:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-02-27 12:39 - 2016-11-12 12:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-02-27 12:39 - 2016-11-12 11:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-02-27 12:39 - 2016-11-12 11:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-02-27 12:39 - 2016-11-12 11:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-02-27 12:39 - 2016-11-12 11:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-02-27 12:39 - 2016-11-12 11:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-02-27 12:39 - 2016-11-12 11:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-02-27 12:39 - 2016-11-12 11:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-02-27 12:39 - 2016-11-12 11:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-02-27 12:39 - 2016-11-12 11:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-02-27 12:39 - 2016-11-12 11:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-02-27 12:39 - 2016-11-12 11:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-02-27 12:39 - 2016-11-12 11:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-02-27 12:39 - 2016-11-12 11:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-02-27 12:39 - 2016-11-12 11:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-02-27 12:39 - 2016-11-12 11:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-02-27 12:39 - 2016-11-12 11:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-02-27 12:39 - 2016-11-12 11:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-02-27 12:39 - 2016-11-12 11:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-02-27 12:39 - 2016-11-12 11:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-02-27 12:39 - 2016-11-12 11:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-02-27 12:39 - 2016-11-12 11:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-02-27 12:39 - 2016-11-12 11:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-02-27 12:39 - 2016-11-12 11:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-02-27 12:39 - 2016-11-12 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-02-27 12:39 - 2016-11-12 10:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-02-27 12:39 - 2016-11-12 10:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-02-27 12:39 - 2016-11-12 10:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-02-27 12:39 - 2016-11-12 10:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-02-27 12:39 - 2016-11-12 10:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-02-27 12:39 - 2016-11-12 10:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-02-27 12:39 - 2016-11-12 10:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-02-27 12:39 - 2016-11-12 10:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-02-27 12:39 - 2016-11-12 10:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-02-27 12:39 - 2016-11-12 10:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-02-27 12:39 - 2016-11-12 10:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-02-27 12:39 - 2016-11-12 10:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-02-27 12:39 - 2016-11-12 10:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-02-27 12:39 - 2016-11-12 10:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-02-27 12:39 - 2016-11-12 10:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-02-27 12:39 - 2016-11-12 10:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-02-27 12:39 - 2016-11-12 10:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-02-27 12:39 - 2016-11-12 10:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-02-27 12:39 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2017-02-27 12:39 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2017-02-27 12:39 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2017-02-27 12:38 - 2017-01-05 11:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-02-27 12:38 - 2017-01-05 11:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-02-27 12:38 - 2017-01-05 11:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-02-27 12:38 - 2017-01-05 10:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-02-27 12:38 - 2017-01-05 10:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-02-27 12:38 - 2017-01-05 10:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-02-27 12:38 - 2017-01-05 10:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-02-27 12:38 - 2017-01-05 10:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-02-27 12:38 - 2017-01-05 10:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-02-27 12:38 - 2017-01-05 10:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-02-27 12:38 - 2017-01-05 10:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-02-27 12:38 - 2016-11-21 11:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2017-02-27 12:38 - 2016-11-20 09:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2017-02-27 12:38 - 2016-11-20 07:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2017-02-27 12:38 - 2016-11-17 09:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2017-02-27 12:38 - 2016-11-12 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-02-27 12:38 - 2016-11-12 11:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-02-27 12:38 - 2016-11-12 11:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-02-27 12:38 - 2016-11-10 09:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2017-02-27 12:38 - 2016-11-10 09:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2017-02-27 12:38 - 2016-11-09 09:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2017-02-27 12:38 - 2016-11-09 09:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-02-27 12:38 - 2016-11-09 09:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2017-02-27 12:38 - 2016-11-09 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2017-02-27 12:38 - 2016-11-06 09:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-02-27 12:38 - 2016-11-06 09:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-02-27 12:38 - 2016-11-06 09:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-02-27 12:38 - 2016-11-02 08:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-02-27 12:38 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-02-27 12:38 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-02-27 12:38 - 2016-11-02 08:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-02-27 12:38 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-02-27 12:38 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-02-27 12:38 - 2016-10-27 08:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-02-27 12:38 - 2016-10-27 08:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-02-27 12:38 - 2016-10-15 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2017-02-27 12:38 - 2016-10-15 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2017-02-27 12:38 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2017-02-27 12:38 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2017-02-27 12:38 - 2016-10-11 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-02-27 12:38 - 2016-10-11 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-02-27 12:38 - 2016-10-11 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-02-27 12:38 - 2016-10-11 08:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
    2017-02-27 12:38 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2017-02-27 12:38 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-02-27 12:38 - 2016-10-11 08:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-02-27 12:38 - 2016-10-11 08:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
    2017-02-27 12:38 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2017-02-27 12:38 - 2016-10-11 08:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-02-27 12:38 - 2016-10-11 08:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-02-27 12:38 - 2016-10-11 08:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-02-27 12:38 - 2016-10-11 07:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-02-27 12:38 - 2016-10-11 07:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-02-27 12:38 - 2016-10-11 07:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
    2017-02-27 12:38 - 2016-10-11 07:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-02-27 12:38 - 2016-10-11 07:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-02-27 12:38 - 2016-10-11 07:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-02-27 12:38 - 2016-10-11 07:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-02-27 12:38 - 2016-10-11 07:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-02-27 12:38 - 2016-10-11 07:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 07:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 07:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 07:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2017-02-27 12:38 - 2016-10-11 06:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
    2017-02-27 12:38 - 2016-10-11 06:17 - 00419648 _____ C:\Windows\system32\locale.nls
    2017-02-27 12:38 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
    2017-02-27 12:38 - 2016-10-08 06:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2017-02-27 12:38 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2017-02-27 12:38 - 2016-10-07 08:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2017-02-27 12:38 - 2016-10-07 08:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2017-02-27 12:38 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2017-02-27 12:38 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2017-02-27 12:38 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2017-02-27 12:38 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
    2017-02-27 12:38 - 2016-10-04 08:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2017-02-27 12:38 - 2016-10-04 08:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2017-02-27 12:38 - 2016-10-04 08:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2017-02-27 12:38 - 2016-10-04 08:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2017-02-27 12:38 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
    2017-02-27 12:38 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
    2017-02-27 12:38 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2017-02-27 12:38 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-02-27 12:38 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-02-27 12:38 - 2016-09-09 11:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-02-27 12:38 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2017-02-27 12:38 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2017-02-27 12:38 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2017-02-27 12:38 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2017-02-27 12:38 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2017-02-27 12:38 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2017-02-27 12:38 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2017-02-27 12:38 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2017-02-27 12:38 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2017-02-27 12:38 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2017-02-27 12:38 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2017-02-27 12:38 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2017-02-27 12:38 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
    2017-02-27 12:38 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2017-02-27 12:38 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
    2017-02-27 12:38 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2017-02-27 12:38 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
    2017-02-27 12:38 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
    2017-02-27 12:38 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2017-02-27 12:38 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2017-02-27 12:38 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2017-02-27 12:38 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2017-02-27 12:38 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2017-02-27 12:38 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2017-02-27 12:38 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2017-02-27 12:38 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2017-02-27 12:38 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2017-02-27 12:38 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2017-02-27 12:38 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2017-02-27 12:38 - 2016-05-13 15:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-02-27 12:38 - 2016-05-13 15:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-02-27 12:38 - 2016-05-13 15:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-02-27 12:38 - 2016-05-13 15:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-02-27 12:38 - 2016-05-13 14:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-02-27 12:38 - 2016-05-13 14:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-02-27 12:38 - 2016-05-13 14:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-02-27 12:38 - 2016-05-13 14:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-02-27 12:38 - 2016-05-13 14:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-02-27 12:38 - 2016-05-13 14:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-02-27 12:38 - 2016-05-13 14:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-02-27 12:38 - 2016-05-13 14:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-02-27 12:38 - 2016-05-13 14:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-02-27 12:38 - 2016-05-13 14:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-02-27 12:38 - 2016-05-13 14:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-02-27 12:38 - 2016-05-13 14:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-02-27 12:38 - 2016-05-12 08:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
    2017-02-27 12:37 - 2017-02-02 09:36 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-02-27 12:37 - 2017-02-02 09:32 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-02-27 12:37 - 2017-02-02 07:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-02-27 12:37 - 2015-08-05 10:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2017-02-27 12:37 - 2015-08-05 10:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2017-02-27 12:36 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-02-27 12:36 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-02-27 12:36 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-02-27 12:36 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-02-27 12:36 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2017-02-27 12:36 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2017-02-27 12:36 - 2016-08-12 09:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-02-27 12:36 - 2016-08-12 09:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-02-27 12:36 - 2016-08-12 09:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-02-27 12:36 - 2016-07-07 08:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2017-02-27 12:36 - 2016-07-07 08:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2017-02-27 12:36 - 2016-07-07 08:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2017-02-27 12:36 - 2016-07-07 08:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2017-02-27 12:36 - 2015-12-16 11:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2017-02-27 12:36 - 2015-12-16 11:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2017-02-27 12:36 - 2015-12-16 11:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2017-02-27 12:25 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2017-02-25 19:22 - 2017-02-25 19:22 - 00000000 ____D C:\Windows\jre
    2017-02-25 19:22 - 2017-02-25 19:22 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
    2017-02-25 18:11 - 2017-03-02 10:16 - 00000000 ____D C:\Users\R\AppData\Roaming\Curse Client
    2017-02-25 18:11 - 2017-02-25 18:11 - 00001020 _____ C:\Users\R\Desktop\Curse.lnk
    2017-02-25 18:11 - 2017-02-25 18:11 - 00001006 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
    2017-02-25 15:05 - 2017-02-27 13:28 - 00278760 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-02-25 00:20 - 2017-02-25 00:20 - 00219714 _____ C:\Users\R\Documents\bookmarks.html
    2017-02-24 23:10 - 2017-02-24 23:10 - 00000522 _____ C:\Users\Public\Desktop\Steam.lnk
    2017-02-24 23:10 - 2017-02-24 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2017-02-24 22:05 - 2017-02-24 22:05 - 00003204 _____ C:\Windows\System32\Tasks\Adobe Uninstaller
    2017-02-24 22:05 - 2017-02-24 22:05 - 00003154 _____ C:\Windows\System32\Tasks\{C5AC3A7E-E579-40EB-86AC-0909653DEF76}
    2017-02-24 18:09 - 2017-02-24 18:09 - 00066592 _____ C:\Users\R\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-02-24 17:17 - 2017-02-24 17:17 - 00000000 ____D C:\Users\R\AppData\LocalLow\Sony Online Entertainment
    2017-02-22 00:51 - 2017-02-22 00:51 - 00000000 __SHD C:\found.002
    2017-02-14 01:50 - 2017-02-14 01:58 - 00000000 ____D C:\Users\R\AppData\Local\Facebook
    2017-02-03 11:18 - 2017-03-02 13:11 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2017-02-03 11:18 - 2017-03-01 09:02 - 00001344 ____H C:\Users\R\Desktop\ROBLOX Player.lnk
    2017-02-03 11:18 - 2017-03-01 09:01 - 00001163 _____ C:\Users\R\Desktop\ROBLOX Studio.lnk
    2017-02-01 14:38 - 2017-02-01 14:38 - 00000000 ____D C:\Users\R\Documents\ROBLOX
    2017-01-31 13:30 - 2017-01-31 17:09 - 00000000 ____D C:\Users\R\Documents\Fanfiction
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-02 13:11 - 2016-12-01 19:07 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
    2017-03-02 12:37 - 2016-05-26 16:54 - 00000000 ____D C:\Games
    2017-03-02 12:15 - 2016-05-26 18:47 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2017-03-02 12:14 - 2014-07-02 12:46 - 00000000 ____D C:\Users\R
    2017-03-02 10:23 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-03-02 10:23 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-03-02 10:14 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-02 00:21 - 2016-12-17 00:18 - 00000000 ____D C:\Users\R\AppData\LocalLow\Mozilla
    2017-03-01 21:16 - 2016-07-01 14:18 - 00000000 ____D C:\Program Files (x86)\Google
    2017-03-01 20:14 - 2016-07-14 01:29 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-03-01 18:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2017-02-28 03:49 - 2016-05-26 15:30 - 00000000 ____D C:\Users\R\AppData\Local\Roblox
    2017-02-28 01:08 - 2016-07-09 14:36 - 00000000 ____D C:\Users\R\AppData\Roaming\Skype
    2017-02-27 23:50 - 2016-12-31 13:19 - 00000000 ____D C:\Users\R\Documents\Noble Special Investigation Site 29
    2017-02-27 21:59 - 2009-07-13 22:13 - 00782352 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-27 21:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2017-02-27 13:53 - 2017-01-04 01:09 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2017-02-27 13:25 - 2016-08-06 11:20 - 00000000 ___SD C:\Windows\system32\CompatTel
    2017-02-27 13:25 - 2016-08-06 11:20 - 00000000 ____D C:\Windows\system32\appraiser
    2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
    2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2017-02-27 13:20 - 2016-07-12 23:26 - 00000000 ____D C:\Windows\system32\MRT
    2017-02-27 13:16 - 2016-07-12 23:26 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-02-27 12:56 - 2016-07-14 00:47 - 00774934 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-02-24 22:08 - 2016-10-03 20:33 - 00000000 ____D C:\Program Files\Adobe
    2017-02-24 18:14 - 2016-10-04 23:32 - 00000000 ____D C:\Users\R\AppData\Roaming\obs-studio
    2017-02-24 17:42 - 2016-11-06 10:38 - 00000000 ____D C:\Users\R\AppData\Local\Jagex
    2017-02-24 17:42 - 2016-11-06 10:38 - 00000000 ____D C:\ProgramData\Jagex
    2017-02-24 17:32 - 2017-01-04 15:27 - 00000000 ____D C:\ProgramData\VEGAS
    2017-02-24 17:30 - 2016-07-12 22:49 - 00000000 ____D C:\ProgramData\Package Cache
    2017-02-24 17:19 - 2016-08-05 14:57 - 00000059 _____ C:\Users\R\AppData\Local\UserProducts.xml
    2017-02-24 17:19 - 2016-08-05 14:57 - 00000000 ____D C:\Program Files (x86)\Skillbrains
    2017-02-24 17:18 - 2014-07-02 12:48 - 00000000 ____D C:\Users\R\AppData\Local\VirtualStore
    2017-02-24 17:17 - 2016-06-01 17:44 - 00000000 ____D C:\Users\R\AppData\Local\CrashDumps
    2017-02-24 17:12 - 2014-07-02 17:15 - 00000000 ____D C:\Windows\Minidump
    2017-02-24 16:53 - 2016-11-20 21:11 - 00000000 ____D C:\Users\R\AppData\Roaming\discord
    2017-02-24 15:57 - 2009-07-13 22:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-02-21 23:31 - 2016-06-10 18:23 - 00000000 ____D C:\Users\R\AppData\Local\Deployment
    2017-02-16 19:42 - 2016-07-31 22:48 - 00000000 ____D C:\Users\R\AppData\Roaming\SoftGrid Client
    2017-02-15 11:57 - 2016-05-26 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-02-12 00:16 - 2016-12-14 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-02-09 01:11 - 2017-01-02 18:09 - 00000000 ____D C:\tmp
    2017-02-03 13:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SchCache
    2017-02-03 11:19 - 2016-05-26 15:30 - 00000246 _____ C:\Users\R\AppData\LocalLow\rbxcsettings.rbx
    2017-02-02 20:16 - 2016-10-05 18:04 - 00000000 ____D C:\Users\R\Documents\OBJ FILE
    2017-01-31 20:18 - 2017-01-15 11:11 - 00000000 ____D C:\Users\R\Documents\Euro Truck Simulator 2
    2017-01-31 18:56 - 2016-10-03 20:42 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
     
    ==================== Files in the root of some directories =======
     
    2014-07-03 04:21 - 2016-10-08 21:16 - 0007626 _____ () C:\Users\R\AppData\Local\resmon.resmoncfg
    2016-08-05 14:57 - 2016-08-05 14:57 - 0000003 _____ () C:\Users\R\AppData\Local\updater.log
    2016-08-05 14:57 - 2017-02-24 17:19 - 0000059 _____ () C:\Users\R\AppData\Local\UserProducts.xml
    2014-07-02 10:34 - 2014-07-02 10:36 - 0017744 _____ () C:\ProgramData\ArcadeDeluxe4.log
    2017-01-04 01:15 - 2017-01-04 01:15 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
     
    Some files in TEMP:
    ====================
    2017-02-24 17:17 - 2012-02-13 13:41 - 0314784 _____ () C:\Users\R\AppData\Local\Temp\Uninstaller-1996.exe
    2017-03-01 20:09 - 2017-03-01 20:09 - 1239402 _____ (VideoBox                                                    ) C:\Users\R\AppData\Local\Temp\videobox.exe
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-02-22 19:52
     
    ==================== End of FRST.txt ============================

    • 0

    Advertisements


    #11
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    and here is Additon log -

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
    Ran by R (02-03-2017 13:14:47)
    Running from C:\Users\R\Downloads
    Windows 7 Home Premium Service Pack 1 (X64) (2014-07-02 19:46:18)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-1351455686-1081943194-175279126-500 - Administrator - Disabled)
    Guest (S-1-5-21-1351455686-1081943194-175279126-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1351455686-1081943194-175279126-1002 - Limited - Enabled)
    R (S-1-5-21-1351455686-1081943194-175279126-1000 - Administrator - Enabled) => C:\Users\R
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.8316 - CyberLink Corp.)
    Acer Arcade Deluxe (x32 Version: 4.1.8316 - CyberLink Corp.) Hidden
    Acer Arcade Movie (x32 Version: 9.0.7029 - CyberLink Corp.) Hidden
    Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
    Acer Bio Protection (HKLM-x32\...\InstallShield_{FD588AD4-9150-4A41-83E8-61596E0954E4}) (Version: 7.0.60.0 - Egis Technology Inc.)
    Acer Crystal Eye webcam Ver:1.1.193.827 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.193.827 - Chicony Electronics Co.,Ltd.)
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
    Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
    Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated)
    Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
    Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
    Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
    Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
    Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
    AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
    BioExcess (Version: 7.0.60.0 - Egis Technology Inc.) Hidden
    Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
    Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
    ccc-core-static (x32 Version: 2010.1028.1114.18274 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
    Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
    Discord (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
    Fingerprint Solution (x32 Version: 7.0.60.0 - Egis Technology Inc.) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Gyazo 3.2.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
    Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
    Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.51.6 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nuvoton CIR Device Drivers (HKLM-x32\...\{46851691-3C64-4C14-ABD8-179AE8801F55}) (Version: 8.60.2004 - Nuvoton Technology Corporation)
    OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.4 - OBS Project)
    paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.27.920.2010 - Realtek)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
    ROBLOX Player for R (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
    ROBLOX Studio for R (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
    Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
    The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.5.0.0 - Zenimax Online Studios)
    Tweaks.com Logon Changer (HKLM-x32\...\{D2223C9B-0AB9-4546-A4C0-A1ED27C42039}) (Version: 3.1.0 - Advanced PC Media LLC)
    Unity Web Player (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\UnityWebPlayer) (Version: 5.2.5f1 - Unity Technologies ApS)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
    World of Tanks (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{593bc936-d803-49b7-9084-251d7f6425e6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\RobloxProxy64.dll (ROBLOX Corporation)
    CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {0968AACF-E55C-4B22-A007-7C2354D2E36A} - System32\Tasks\{C5AC3A7E-E579-40EB-86AC-0909653DEF76} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
    Task: {253E1326-F65A-45BC-82F1-D987625F7481} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-23] (Adobe Systems Incorporated)
    Task: {275E4617-1E30-46F1-9D17-34A2DEC87778} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
    Task: {88C5C7FC-B9B8-4ECF-899F-FC6E02F363E3} - System32\Tasks\{7FF02BFD-E1DF-4AA3-9FB5-4A5E32646FF1} => pcalua.exe -a C:\Users\R\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\RobloxPlayerLauncher.exe -c -uninstall
    Task: {89BBA2DA-75CC-4E87-9AC2-A5E16A990791} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
    Task: {965304F7-3472-4DB8-B83D-F1E7C20A447C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
    Task: {B2DBC4E6-3AE8-414A-93CF-0E5AF370941F} - System32\Tasks\Acer Registration - Data Sending task => C:\Program Files (x86)\Acer\Registration\GREG.exe [2010-04-27] (Acer Incorporated)
    Task: {CCA22504-5F5A-42FA-93AB-F31236C5CE44} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-10-25] (Adobe Systems Incorporated)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2009-01-21 13:45 - 2009-01-21 13:45 - 01401856 _____ () C:\Program Files (x86)\Acer Bio Protection\x64\LIBEAY32.dll
    2016-10-25 08:57 - 2016-10-25 08:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2017-03-01 20:14 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-03-01 20:14 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-03-01 21:17 - 2017-02-01 02:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
    2017-03-01 21:17 - 2017-02-01 02:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
    2017-02-24 23:11 - 2016-12-23 11:28 - 00657184 _____ () D:\Steam\SDL2.dll
    2017-02-24 23:11 - 2016-08-31 18:02 - 04969248 _____ () D:\Steam\v8.dll
    2017-02-24 23:11 - 2016-08-31 18:02 - 01563936 _____ () D:\Steam\icui18n.dll
    2017-02-24 23:11 - 2016-08-31 18:02 - 01195296 _____ () D:\Steam\icuuc.dll
    2017-02-24 23:11 - 2017-01-18 18:30 - 02327840 _____ () D:\Steam\video.dll
    2017-02-24 23:11 - 2016-01-27 00:49 - 02549760 _____ () D:\Steam\libavcodec-56.dll
    2017-02-24 23:11 - 2016-01-27 00:49 - 00442880 _____ () D:\Steam\libavutil-54.dll
    2017-02-24 23:11 - 2016-01-27 00:49 - 00491008 _____ () D:\Steam\libavformat-56.dll
    2017-02-24 23:11 - 2016-01-27 00:49 - 00332800 _____ () D:\Steam\libavresample-2.dll
    2017-02-24 23:11 - 2016-01-27 00:49 - 00485888 _____ () D:\Steam\libswscale-3.dll
    2017-02-24 23:11 - 2017-01-18 18:30 - 00838432 _____ () D:\Steam\bin\chromehtml.DLL
    2017-02-24 23:11 - 2016-07-04 15:17 - 00266560 _____ () D:\Steam\openvr_api.dll
    2017-02-24 23:12 - 2017-01-04 20:12 - 68813088 _____ () D:\Steam\bin\cef\cef.win7\libcef.dll
    2017-02-24 23:11 - 2017-01-18 18:30 - 00383776 _____ () D:\Steam\steam.dll
    2017-02-24 23:11 - 2015-09-24 16:52 - 00119208 _____ () D:\Steam\winh264.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-13 19:34 - 2017-01-04 11:50 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\R\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254 - 75.153.171.122
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
    MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"                                                                                                                                                                                          
    MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k                                                                                                                                                                             
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
    MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
    MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
    MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"                                              
    MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: Steam => "C:\Users\R\Documents\New folder\steam.exe" -silent
    MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: VitaKeyTSR => "C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe" /run
    MSCONFIG\startupreg: World of Tanks (1) => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [{473262E6-F944-4F9F-B934-0107442E0970}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    FirewallRules: [{27DCB9A0-25FE-43FC-AD68-434068364948}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\VC.exe
    FirewallRules: [{187F5E7B-FF38-4834-80DA-441B80F0EB45}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{314D40DA-8D86-4D8E-A6CE-0BEA7A325400}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{A323BEA2-C8CE-4559-A48B-7A130E96F8A0}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
    FirewallRules: [{D3C45009-2DEE-4975-8B59-992498F5AD37}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{1BDFE467-30E4-46BE-A790-B1D1F7DCE773}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3907FE25-51F0-4472-B9DA-C227C3F86D81}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{CC4184EE-AF26-43E0-8126-ECA524F3ADCF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{009663B2-4640-4852-AAD0-CC90589B3F96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
    FirewallRules: [{DF8C5E33-2720-413B-A85C-57A378F76296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
    FirewallRules: [{5C2E51FB-F13A-46EE-BCF6-D58F1B8FD250}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe
    FirewallRules: [{48E2DD5F-736E-4D19-9D7D-09786C319A1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe
    FirewallRules: [TCP Query User{C1B3BC92-2043-49E0-A79B-A1C387432B4C}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe
    FirewallRules: [UDP Query User{4867A320-31B5-4240-BC47-94D11D67B2D9}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe
    FirewallRules: [{3A86A9C8-8250-4E66-8529-245016B6133D}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
    FirewallRules: [{8F859C3F-90E4-4470-AD0A-107D0B45E177}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
    FirewallRules: [{646DEC8E-4CD6-4EB2-AF7F-43ACB95B4832}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
    FirewallRules: [{074C53D1-0247-458F-A7D7-083070330EF9}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
    FirewallRules: [{D195E6A9-2440-4813-AB31-F29BB3C0BB07}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Knights of the Old Republic II\swkotor2.exe
    FirewallRules: [{87C5C97E-B1D4-47CD-A0EA-C4C3D90A4C7C}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Knights of the Old Republic II\swkotor2.exe
    FirewallRules: [TCP Query User{876C8CDE-22F1-4096-AC6A-4E0394F13C69}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe
    FirewallRules: [UDP Query User{67103985-FF94-4C86-B53F-60E418CF94A0}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe
    FirewallRules: [{AA3CD8E2-EB7A-4D97-BFF0-35195929BF25}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{6E62E594-EF7A-40F8-87CC-AC7A574269EA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [UDP Query User{9A29E102-55B2-49F4-8C64-F3D3EAE8B5B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
    FirewallRules: [{EB758D1B-82B9-4BC0-9D63-D70AAA7BF95B}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
    FirewallRules: [{A2EFBC2D-91DF-4277-BDEA-BEDDD892F503}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
    FirewallRules: [{01D54FC1-95DF-435D-BC73-F10C4893D731}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
    FirewallRules: [{4BFFF960-8367-4B4E-B5DC-D47C6428DBB2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
    FirewallRules: [{E6AA0A86-34AE-4AF0-939A-22B0494719D5}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
    FirewallRules: [{E2FC24AA-F1D3-411F-881B-F4166F207F04}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
    FirewallRules: [{66F1FA3B-1019-4A78-B39D-8A345FC4C0FC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{4889BE61-1E65-4A55-A56D-95E26F6E1F0E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{6D3A8AE6-B1BF-40B4-B379-726AB35FA2E8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
    FirewallRules: [{6C42EBEB-88D4-43A1-BD10-669876C6B8C0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{00A731EE-3E30-4477-82C1-D5F6D056BC98}] => (Allow) svchost.exe
    FirewallRules: [{7310DE9C-F494-4850-BC44-24516CAC70F6}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{5904D895-0BBF-43CD-9618-18C06774A57E}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{9C1D0267-ECF5-460A-8596-F97103CE18A6}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{B9C5A73F-7CA6-49A8-8F9A-E1A2014E853A}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{0EBD6171-A0E6-43FD-9C2D-8E4DE21DE5DD}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
    FirewallRules: [{7B24AC15-438A-4321-B95E-127C80246A25}] => (Allow) C:\Users\R\Documents\New folder\Steam.exe
    FirewallRules: [{36498857-4A5D-4A7B-9B75-F80D4CE5EA8E}] => (Allow) C:\Users\R\Documents\New folder\Steam.exe
    FirewallRules: [{8EFFC487-6FDF-42AF-AB2E-36F84F2969D8}] => (Allow) C:\Users\R\Documents\New folder\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{0922CB52-977F-4DAD-8E81-DF56C363175F}] => (Allow) C:\Users\R\Documents\New folder\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{07B550D6-758D-45A5-AF90-4BA76C3B521F}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
    FirewallRules: [{337D1162-D1B5-45E5-881B-3069A1B71379}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
    FirewallRules: [{7929503A-6131-406C-89E6-8B66F64137E0}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
    FirewallRules: [{62349F81-838C-4778-898E-665476966AB3}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
    FirewallRules: [{4D0AD345-AC13-4A89-8634-E587D28803BA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{7B5EDF2B-27BA-44EA-9AAE-4208E3001CB5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [TCP Query User{F4191932-1307-49C0-8B29-E4F25FC42265}C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe
    FirewallRules: [UDP Query User{1BE58C9A-3E9C-4F5E-9825-3FFF45EA130F}C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe
    FirewallRules: [TCP Query User{3E3F2381-DC07-4E0E-AB18-8ADF0BAB2768}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [UDP Query User{A33F52A3-F96A-4384-867C-EA285BD468FC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [TCP Query User{3507EB71-76CE-4DA5-8AC6-BB8424C6A7F5}C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe
    FirewallRules: [UDP Query User{B429ACA3-99EB-40B7-B2AE-CDB339813961}C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe
    FirewallRules: [TCP Query User{3C873F9F-93F7-43B4-B0EE-8820B7F22562}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [UDP Query User{11F6721E-56E9-4FF0-8752-83AE5CF81A02}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
    FirewallRules: [{98B2A9BB-9750-45C3-991C-D4EF944180ED}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{0A07EA7F-3F64-4C6D-A443-8B9C0BD6F524}] => (Allow) D:\Steam\Steam.exe
    FirewallRules: [{B67FAC51-12E8-40D8-9EE3-96BADD86FE26}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{55375A40-F346-46D0-9568-B93032638C9A}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [TCP Query User{05AE7197-A154-45B4-B9DA-DC3D53E3893D}C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe
    FirewallRules: [UDP Query User{2071F468-3D0F-44CC-BADF-EECD3EC751A4}C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe
    FirewallRules: [{38A7D7A6-AB9D-44AC-86FA-A6583427B52E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{55F09BF1-3D12-45B5-A596-7D418A98A4A6}] => (Allow) C:\Games\WoTLauncher.exe
    FirewallRules: [{80F40897-2C77-4F69-B816-F4D658D1B806}] => (Allow) C:\Games\WoTLauncher.exe
    FirewallRules: [{27265D42-BBFB-48A5-905A-B8A4B75F6058}] => (Allow) C:\Games\worldoftanks.exe
    FirewallRules: [{8C480B6E-42F2-4A33-B05D-E6644914E990}] => (Allow) C:\Games\worldoftanks.exe
     
    ==================== Restore Points =========================
     
    02-03-2017 10:27:32 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
    Name: 1.3M WebCam
    Description: USB Video Device
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Microsoft
    Service: usbvideo
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
     
    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
    Percentage of memory in use: 35%
    Total physical RAM: 6125.86 MB
    Available physical RAM: 3942.46 MB
    Total Virtual: 12249.9 MB
    Available Virtual: 10134.31 MB
     
    ==================== Drives ================================
     
    Drive c: (Acer) (Fixed) (Total:465.76 GB) (Free:389.43 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:926.27 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C352CBF0)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
     
    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D32A87A1)
    Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
     
    ==================== End of Addition.txt ============================

    • 0

    #12
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    I have forgot to mention something - after I've did what you've said to do, my chrome is working once again, although I'm not sure when it was fixed, before, when I've attempted to start it up again, that error appeared, however, after all of the instructions given, my chrome browser is working once again.


    Edited by InfinityFalse, 02 March 2017 - 03:02 PM.

    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 18,779 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   968bytes   46 downloads
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     

    • 0

    #14
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts
    Alrighty, I've did what you said - downloaded to the same location as FRST is in - here's the fix log ---> I'm going to post another FRST, including Addition log after this. 
     
    Fix result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
    Ran by R (02-03-2017 14:15:48) Run:2
    Running from C:\Users\R\Downloads
    Loaded Profiles: R (Available Profiles: R)
    Boot Mode: Normal
    ==============================================
     
    fixlist content:
    *****************
    REG: reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v IntelTBRunOnce
    REG: reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v evyzuf 
    REG: reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /s
    REG: reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s
    C:\Users\R\AppData\Local\evyzuf.dll
    CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"  
     
     
     
     
    *****************
     
     
    ========= reg delete HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v IntelTBRunOnce =========
     
    Delete the registry value IntelTBRunOnce (Yes/No)? The operation completed successfully.
     
     
     
    ========= End of Reg: =========
     
     
    ========= reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v evyzuf =========
     
    Delete the registry value evyzuf (Yes/No)? The operation completed successfully.
     
     
     
    ========= End of Reg: =========
     
     
    ========= reg query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" /s =========
     
     
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
        mwlDaemon    REG_SZ    C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
        Logitech Download Assistant    REG_SZ    C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
        Malwarebytes TrayApp    REG_SZ    C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
     
     
     
    ========= End of Reg: =========
     
     
    ========= reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /s =========
     
     
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
        World of Tanks    REG_SZ    "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
        World of Tanks (1)    REG_SZ    "C:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
        CCleaner Monitoring    REG_SZ    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
        Steam    REG_SZ    "D:\Steam\steam.exe" -silent
        World of Tanks (2)    REG_SZ    "C:\Games\WargamingGameUpdater.exe"
     
     
     
    ========= End of Reg: =========
     
    "C:\Users\R\AppData\Local\evyzuf.dll" => not found.
     
    ========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
     
     
    ========= End of CMD: =========
     
     
    ==== End of Fixlog 14:16:04 ====

    • 0

    #15
    InfinityFalse

    InfinityFalse

      Member

    • Topic Starter
    • Member
    • PipPip
    • 64 posts

    Here is the FRST LOG - 

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
    Ran by R (administrator) on R-PC (02-03-2017 14:19:41)
    Running from C:\Users\R\Downloads
    Loaded Profiles: R (Available Profiles: R)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
    (Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Wargaming.net) C:\Games\WargamingGameUpdater.exe
    (Valve Corporation) D:\Steam\Steam.exe
    (Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    (Valve Corporation) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Farbar) C:\Users\R\Downloads\FRST64 (1).exe
     
    ==================== Registry (Whitelisted) ====================
    0x0D0A28496620616E20656E74727920697320696E636C7564656420696E20746865206669786C6973742C20746865207265676973747279206974656D2077696C6C20626520726573746F72656420746F2064656661756C74206F722072656D6F7665642E205468652066696C652077696C6C206E6F74206265206D6F7665642E290D0A0D0A484B4C4D5C2E2E2E5C52756E3A205B6D776C4461656D6F6E5D203D3E20433A5C50726F6772616D2046696C65732028783836295C45676973546563204D7957696E4C6F636B65725C7838365C6D776C4461656D6F6E2E65786500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202028746865206461746120656E74727920686173203635206D6F72652063686172616374657273292E0D0A484B4C4D5C2E2E2E5C52756E3A205B4C6F67697465636820446F776E6C6F616420417373697374616E745D203D3E20433A5C57696E646F77735C73797374656D33325C72756E646C6C33322E65786520433A5C57696E646F77735C53797374656D33325C4C6F67694C44412E646C6C2C4C6F676946657463680D0A484B4C4D5C2E2E2E5C52756E3A205B4D616C77617265627974657320547261794170705D203D3E20433A5C50524F4752414D2046494C45535C4D414C5741524542595445535C414E54492D4D414C574152455C6D62616D747261792E657865205B3237383031313220323031372D30312D32305D20284D616C776172656279746573290D0A484B4C4D5C2E2E2E5C57696E6C6F676F6E3A205B55736572696E69745D20433A5C57696E646F77735C73797374656D33325C75736572696E69742E6578652C205B333037323020323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D2D7833325C2E2E2E5C57696E6C6F676F6E3A205B55736572696E69745D20433A5C57696E646F77735C737973574F5736345C75736572696E69742E657865205B323636323420323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C57696E6C6F676F6E3A205B5368656C6C5D206578706C6F7265722E657865205B3332323936393620323031362D30382D32395D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D2D7833325C2E2E2E5C57696E6C6F676F6E3A205B5368656C6C5D206578706C6F7265722E657865205B3239373236373220323031362D30382D32395D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C506F6C69636965735C4578706C6F7265723A205B4E6F4163746976654465736B746F705D20310D0A484B4C4D5C2E2E2E5C506F6C69636965735C4578706C6F7265723A205B4E6F4163746976654465736B746F704368616E6765735D20310D0A484B4C4D5C2E2E2E5C506F6C69636965735C4578706C6F7265723A205B466F7263654163746976654465736B746F704F6E5D20300D0A484B555C532D312D352D31395C2E2E2E5C52756E3A205B536964656261725D203D3E20433A5C50726F6772616D2046696C65735C57696E646F777320536964656261725C536964656261722E657865205B3134373535383420323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D31395C2E2E2E5C52756E4F6E63653A205B6D637461646D696E5D203D3E20433A5C57696E646F77735C53797374656D33325C6D637461646D696E2E657865205B393732383020323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D32305C2E2E2E5C52756E3A205B536964656261725D203D3E20433A5C50726F6772616D2046696C65735C57696E646F777320536964656261725C536964656261722E657865205B3134373535383420323031302D31312D32305D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D32305C2E2E2E5C52756E4F6E63653A205B6D637461646D696E5D203D3E20433A5C57696E646F77735C53797374656D33325C6D637461646D696E2E657865205B393732383020323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B576F726C64206F662054616E6B735D203D3E2022433A5C47616D65735C576F726C645F6F665F54616E6B735C57617267616D696E6747616D65557064617465722E657865220D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B576F726C64206F662054616E6B73202831295D203D3E2022433A5C47616D65735C576F726C645F6F665F54616E6B735F43545C57617267616D696E6747616D65557064617465722E657865220D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B43436C65616E6572204D6F6E69746F72696E675D203D3E20433A5C50726F6772616D2046696C65735C43436C65616E65725C43436C65616E657236342E657865205B3932383834303820323031362D31322D30365D202850697269666F726D204C7464290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B537465616D5D203D3E20443A5C537465616D5C737465616D2E657865205B3238383138323420323031372D30312D31385D202856616C766520436F72706F726174696F6E290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C2E2E2E5C52756E3A205B576F726C64206F662054616E6B73202832295D203D3E20433A5C47616D65735C57617267616D696E6747616D65557064617465722E657865205B3331333537353220323031362D31312D31385D202857617267616D696E672E6E6574290D0A484B555C532D312D352D32312D313335313435353638362D313038313934333139342D3137353237393132362D313030305C436F6E74726F6C2050616E656C5C4465736B746F705C5C5343524E534156452E455845202D3E20433A5C57696E646F77735C73797374656D33325C7363726E736176652E736372205B313132363420323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B555C532D312D352D31385C2E2E2E5C52756E4F6E63653A205B53505265766965775D203D3E20433A5C57696E646F77735C53797374656D33325C53505265766965775C53505265766965772E657865205B33303135363820323031362D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C50726F7669646572735C496E7465726E6574205072696E742050726F76696465723A20433A5C57696E646F77735C73797374656D33325C696E657470702E646C6C205B31363634303020323031362D30362D32355D20284D6963726F736F667420436F72706F726174696F6E290D0A484B4C4D5C2E2E2E5C50726F7669646572735C4C616E4D616E205072696E742053657276696365733A20433A5C57696E646F77735C73797374656D33325C77696E333273706C2E646C6C205B37353637333620323031362D30392D30395D20284D6963726F736F667420436F72706F726174696F6E290D0A4C73613A205B41757468656E7469636174696F6E205061636B616765735D206D7376315F300D0A4C73613A205B4E6F74696669636174696F6E205061636B616765735D20736365636C69204567697350776446696C7465722045676973445350776446696C7465720D0A536563757269747950726F7669646572733A20637265647373702E646C6C0D0A53534F444C3A20576562436865636B202D207B45364642354532302D444533352D313143462D394338372D3030414130303531323745447D202D20204E6F2046696C650D0A53534F444C2D7833323A20576562436865636B202D207B45364642354532302D444533352D313143462D394338372D3030414130303531323745447D202D20204E6F2046696C650D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B2041636345787449636F315D202D3E207B41423943463946382D384139362D344639442D424632312D4345383537313443334134377D203D3E20433A5C50726F6772616D2046696C65732028783836295C41646F62655C41646F626520437265617469766520436C6F75645C436F726553796E63457874656E73696F6E5C436F726553796E635F7836342E646C6C205B323031362D31302D32355D2028290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B2041636345787449636F325D202D3E207B38353342374530352D433437442D343938352D393039412D4430444335433644373330337D203D3E20433A5C50726F6772616D2046696C65732028783836295C41646F62655C41646F626520437265617469766520436C6F75645C436F726553796E63457874656E73696F6E5C436F726553796E635F7836342E646C6C205B323031362D31302D32355D2028290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B2041636345787449636F335D202D3E207B34324433384632452D393845392D343338322D423534362D4532344534443644303442427D203D3E20433A5C50726F6772616D2046696C65732028783836295C41646F62655C41646F626520437265617469766520436C6F75645C436F726553796E63457874656E73696F6E5C436F726553796E635F7836342E646C6C205B323031362D31302D32355D2028290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B456E68616E63656453746F726167655368656C6C5D202D3E207B44393134344443442D453939382D344543412D414236412D4443443833434342413136447D203D3E20433A5C57696E646F77735C73797374656D33325C456853746F725368656C6C2E646C6C205B323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572733A205B53686172696E67507269766174655D202D3E207B30383234344545362D393246302D343766322D394643392D3932394241413245373233357D203D3E20433A5C57696E646F77735C73797374656D33325C6E7473687275692E646C6C205B323031322D30312D30345D20284D6963726F736F667420436F72706F726174696F6E290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572732D7833323A205B456E68616E63656453746F726167655368656C6C5D202D3E207B44393134344443442D453939382D344543412D414236412D4443443833434342413136447D203D3E20433A5C57696E646F77735C537973574F5736345C456853746F725368656C6C2E646C6C205B323030392D30372D31335D20284D6963726F736F667420436F72706F726174696F6E290D0A5368656C6C49636F6E4F7665726C61794964656E746966696572732D7833323A205B53686172696E67507269766174655D202D3E207B30383234344545362D393246302D343766322D394643392D3932394241413245373233357D203D3E20433A5C57696E646F77735C537973574F5736345C6E7473687275692E646C6C205B323031322D30312D30345D20284D6963726F736F667420436F72706F726174696F6E290D0A537461727475703A20433A5C55736572735C525C417070446174615C526F616D696E675C4D6963726F736F66745C57696E646F77735C5374617274204D656E755C50726F6772616D735C537461727475705C43757273652E6C6E6B205B323031372D30322D32355D0D0A53686F72746375745461726765743A2043757273652E6C6E6B202D3E20433A5C55736572735C525C417070446174615C526F616D696E675C437572736520436C69656E745C42696E5C43757273652E657865202843757273652C20496E63290D0AGroupPolicy: Restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{394F5267-8939-41D4-BC12-0033DBBC006C}: [DhcpNameServer] 192.168.1.254 75.153.171.122
    Tcpip\..\Interfaces\{F835098A-5C5B-4E94-872E-A0914277B5D4}: [DhcpNameServer] 192.168.1.254 75.153.171.122
     
    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-1351455686-1081943194-175279126-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-1351455686-1081943194-175279126-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll [2010-11-05] (Egis Technology Inc.)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
    BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll [2010-11-05] (Egis Technology Inc.)
    BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
    Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe
     
    FireFox:
    ========
    FF DefaultProfile: ol1w0beo.default
    FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default [2017-03-02]
    FF NewTab: Mozilla\Firefox\Profiles\ol1w0beo.default -> about:newtab
    FF Keyword.URL: Mozilla\Firefox\Profiles\ol1w0beo.default -> user_pref("keyword.URL", true);
    FF Extension: (Firefox Hotfix) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
    FF Extension: (Adblock Plus) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-12]
    FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\features\{04e6bdea-11bc-4de6-903d-1ad87024f393}\disableSHA1rollout@mozilla.org.xpi [2017-03-01]
    FF Extension: (TLS 1.3 Compatibility Testing 3) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\features\{04e6bdea-11bc-4de6-903d-1ad87024f393}\tls13-compat-ff51@mozilla.org.xpi [2017-03-01]
    FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
    FF Extension: ( Password Bank Extension ) - C:\Program Files (x86)\Acer Bio Protection\FFExt [2014-07-02] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-23] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-23] ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-01] (Google Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @nsroblox.roblox.com/launcher -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\R\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-24] (Unity Technologies ApS)
     
    Chrome: 
    =======
    CHR Profile: C:\Users\R\AppData\Local\Google\Chrome\User Data\Default [2017-03-02]
    CHR Extension: (Google Slides) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-01]
    CHR Extension: (Google Docs) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-01]
    CHR Extension: (Google Drive) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-01]
    CHR Extension: (YouTube) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-01]
    CHR Extension: (Adblock Plus) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-01]
    CHR Extension: (Google Sheets) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-01]
    CHR Extension: (Google Docs Offline) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-01]
    CHR Extension: (ROBLOX+) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2017-03-01]
    CHR Extension: (Morpheon Dark) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-03-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-01]
    CHR Extension: (Gmail) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-01]
    CHR Extension: (Chrome Media Router) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-01]
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
    S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
    S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
    S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-21] ()
    R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [315248 2010-11-05] (Egis Technology Inc. )
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
    S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
    S3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2010-04-26] (Windows ® Win 7 DDK provider) [File not signed]
    R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-02] (Malwarebytes)
    R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-02] (Malwarebytes)
    R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-02] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-02] (Malwarebytes)
    R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-02] (Malwarebytes)
    S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation) [File not signed]
    S3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2010-04-26] (Nuvoton Technology Corporation) [File not signed]
    R3 nuvotonir; C:\Windows\System32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
    S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
    R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-05-19] (CyberLink Corp.)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-02 13:11 - 2017-03-02 14:16 - 00002617 _____ C:\Users\R\Downloads\Fixlog.txt
    2017-03-02 12:13 - 2017-03-02 12:13 - 04278280 _____ (Wargaming.net ) C:\Users\R\Downloads\WoT_internet_install_na.exe
    2017-03-02 12:13 - 2017-03-02 12:13 - 00000600 _____ C:\Users\R\Desktop\World of Tanks.lnk
    2017-03-02 10:37 - 2017-03-02 10:39 - 00000441 _____ C:\Users\R\Downloads\Search.txt
    2017-03-02 10:36 - 2017-03-02 13:15 - 00034933 _____ C:\Users\R\Downloads\Addition.txt
    2017-03-02 10:34 - 2017-03-02 14:19 - 00023539 _____ C:\Users\R\Downloads\FRST.txt
    2017-03-02 10:34 - 2017-03-02 14:19 - 00000000 ____D C:\FRST
    2017-03-02 10:32 - 2017-03-02 10:32 - 02423808 _____ (Farbar) C:\Users\R\Downloads\FRST64 (1).exe
    2017-03-02 10:30 - 2017-03-02 10:30 - 00013061 _____ C:\Users\R\Desktop\JRT.txt
    2017-03-02 10:26 - 2017-03-02 10:26 - 01663736 _____ (Malwarebytes) C:\Users\R\Downloads\JRT.exe
    2017-03-02 10:09 - 2017-03-02 10:13 - 00000000 ____D C:\AdwCleaner
    2017-03-02 10:08 - 2017-03-02 10:08 - 04031440 _____ C:\Users\R\Downloads\AdwCleaner.exe
    2017-03-01 23:53 - 2017-03-01 23:53 - 02423808 _____ (Farbar) C:\Users\R\Downloads\FRST64.exe
    2017-03-01 21:18 - 2017-03-01 21:18 - 02729024 _____ (DLL-Files.com Client ) C:\Users\R\Downloads\clientsetup_fde-0.exe
    2017-03-01 21:17 - 2017-03-01 21:17 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-03-01 21:17 - 2017-03-01 21:17 - 00002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-03-01 21:16 - 2017-03-01 21:16 - 01129376 _____ (Google Inc.) C:\Users\R\Downloads\ChromeSetup(1).exe
    2017-03-01 20:44 - 2017-03-01 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\R\Downloads\OTL.exe
    2017-03-01 20:39 - 2017-03-01 20:39 - 01129376 _____ (Google Inc.) C:\Users\R\Downloads\ChromeSetup.exe
    2017-03-01 20:39 - 2017-03-01 20:39 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-03-01 20:39 - 2017-03-01 20:39 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-03-01 20:15 - 2017-03-02 12:20 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
    2017-03-01 20:15 - 2017-03-02 10:15 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
    2017-03-01 20:15 - 2017-03-02 10:15 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
    2017-03-01 20:14 - 2017-03-02 10:15 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-03-01 20:14 - 2017-03-02 10:15 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2017-03-01 20:14 - 2017-03-01 20:14 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-03-01 20:14 - 2017-03-01 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-03-01 20:14 - 2017-03-01 20:14 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-03-01 20:14 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-03-01 20:12 - 2017-03-01 20:13 - 57131432 _____ (Malwarebytes ) C:\Users\R\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
    2017-03-01 20:08 - 2017-03-01 20:09 - 01050653 _____ C:\Users\R\Downloads\Ch_028_Yuusha_Isagi_no_Maou_Hanashi.rar
    2017-02-28 03:35 - 2017-02-28 03:36 - 00000000 ____D C:\Users\R\Documents\Old Places
    2017-02-27 23:51 - 2017-02-28 00:15 - 00000000 ____D C:\Users\R\Documents\RobloxPlaces
    2017-02-27 23:47 - 2017-02-27 23:47 - 00000000 ____D C:\Users\R\Documents\RobloxStuff
    2017-02-27 13:47 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2017-02-27 13:47 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2017-02-27 13:14 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2017-02-27 13:14 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2017-02-27 13:14 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2017-02-27 13:14 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2017-02-27 13:14 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2017-02-27 13:14 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2017-02-27 13:14 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2017-02-27 13:14 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2017-02-27 13:14 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2017-02-27 13:14 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2017-02-27 13:14 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2017-02-27 13:14 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2017-02-27 13:14 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2017-02-27 13:14 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2017-02-27 13:14 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2017-02-27 13:14 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2017-02-27 13:14 - 2013-10-01 13:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2017-02-27 13:14 - 2013-10-01 13:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2017-02-27 13:05 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2017-02-27 13:05 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2017-02-27 13:05 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2017-02-27 13:05 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2017-02-27 12:39 - 2016-11-14 16:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2017-02-27 12:39 - 2016-11-14 15:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2017-02-27 12:39 - 2016-11-12 12:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2017-02-27 12:39 - 2016-11-12 12:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2017-02-27 12:39 - 2016-11-12 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2017-02-27 12:39 - 2016-11-12 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2017-02-27 12:39 - 2016-11-12 12:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2017-02-27 12:39 - 2016-11-12 12:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2017-02-27 12:39 - 2016-11-12 12:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2017-02-27 12:39 - 2016-11-12 12:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2017-02-27 12:39 - 2016-11-12 12:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2017-02-27 12:39 - 2016-11-12 12:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2017-02-27 12:39 - 2016-11-12 12:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2017-02-27 12:39 - 2016-11-12 12:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2017-02-27 12:39 - 2016-11-12 12:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2017-02-27 12:39 - 2016-11-12 12:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2017-02-27 12:39 - 2016-11-12 12:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2017-02-27 12:39 - 2016-11-12 11:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2017-02-27 12:39 - 2016-11-12 11:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2017-02-27 12:39 - 2016-11-12 11:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2017-02-27 12:39 - 2016-11-12 11:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2017-02-27 12:39 - 2016-11-12 11:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2017-02-27 12:39 - 2016-11-12 11:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2017-02-27 12:39 - 2016-11-12 11:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2017-02-27 12:39 - 2016-11-12 11:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2017-02-27 12:39 - 2016-11-12 11:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2017-02-27 12:39 - 2016-11-12 11:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2017-02-27 12:39 - 2016-11-12 11:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2017-02-27 12:39 - 2016-11-12 11:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2017-02-27 12:39 - 2016-11-12 11:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2017-02-27 12:39 - 2016-11-12 11:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2017-02-27 12:39 - 2016-11-12 11:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2017-02-27 12:39 - 2016-11-12 11:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2017-02-27 12:39 - 2016-11-12 11:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2017-02-27 12:39 - 2016-11-12 11:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2017-02-27 12:39 - 2016-11-12 11:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2017-02-27 12:39 - 2016-11-12 11:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2017-02-27 12:39 - 2016-11-12 11:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2017-02-27 12:39 - 2016-11-12 11:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2017-02-27 12:39 - 2016-11-12 11:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2017-02-27 12:39 - 2016-11-12 11:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2017-02-27 12:39 - 2016-11-12 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-02-27 12:39 - 2016-11-12 10:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2017-02-27 12:39 - 2016-11-12 10:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2017-02-27 12:39 - 2016-11-12 10:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2017-02-27 12:39 - 2016-11-12 10:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2017-02-27 12:39 - 2016-11-12 10:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2017-02-27 12:39 - 2016-11-12 10:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2017-02-27 12:39 - 2016-11-12 10:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2017-02-27 12:39 - 2016-11-12 10:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2017-02-27 12:39 - 2016-11-12 10:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2017-02-27 12:39 - 2016-11-12 10:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2017-02-27 12:39 - 2016-11-12 10:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2017-02-27 12:39 - 2016-11-12 10:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2017-02-27 12:39 - 2016-11-12 10:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2017-02-27 12:39 - 2016-11-12 10:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2017-02-27 12:39 - 2016-11-12 10:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2017-02-27 12:39 - 2016-11-12 10:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2017-02-27 12:39 - 2016-11-12 10:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2017-02-27 12:39 - 2016-11-12 10:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2017-02-27 12:39 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2017-02-27 12:39 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2017-02-27 12:39 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2017-02-27 12:38 - 2017-01-05 11:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2017-02-27 12:38 - 2017-01-05 11:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2017-02-27 12:38 - 2017-01-05 11:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2017-02-27 12:38 - 2017-01-05 11:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2017-02-27 12:38 - 2017-01-05 10:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2017-02-27 12:38 - 2017-01-05 10:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2017-02-27 12:38 - 2017-01-05 10:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2017-02-27 12:38 - 2017-01-05 10:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2017-02-27 12:38 - 2017-01-05 10:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2017-02-27 12:38 - 2017-01-05 10:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2017-02-27 12:38 - 2017-01-05 10:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2017-02-27 12:38 - 2017-01-05 10:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2017-02-27 12:38 - 2017-01-05 10:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2017-02-27 12:38 - 2016-11-21 11:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2017-02-27 12:38 - 2016-11-20 09:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2017-02-27 12:38 - 2016-11-20 07:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2017-02-27 12:38 - 2016-11-17 09:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2017-02-27 12:38 - 2016-11-12 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2017-02-27 12:38 - 2016-11-12 11:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2017-02-27 12:38 - 2016-11-12 11:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2017-02-27 12:38 - 2016-11-10 09:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2017-02-27 12:38 - 2016-11-10 09:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2017-02-27 12:38 - 2016-11-09 09:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2017-02-27 12:38 - 2016-11-09 09:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2017-02-27 12:38 - 2016-11-09 09:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2017-02-27 12:38 - 2016-11-09 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2017-02-27 12:38 - 2016-11-09 09:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2017-02-27 12:38 - 2016-11-09 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2017-02-27 12:38 - 2016-11-06 09:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2017-02-27 12:38 - 2016-11-06 09:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2017-02-27 12:38 - 2016-11-06 09:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2017-02-27 12:38 - 2016-11-02 08:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2017-02-27 12:38 - 2016-11-02 08:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2017-02-27 12:38 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2017-02-27 12:38 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2017-02-27 12:38 - 2016-11-02 08:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2017-02-27 12:38 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2017-02-27 12:38 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2017-02-27 12:38 - 2016-10-27 08:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2017-02-27 12:38 - 2016-10-27 08:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2017-02-27 12:38 - 2016-10-15 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2017-02-27 12:38 - 2016-10-15 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
    2017-02-27 12:38 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2017-02-27 12:38 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
    2017-02-27 12:38 - 2016-10-11 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2017-02-27 12:38 - 2016-10-11 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2017-02-27 12:38 - 2016-10-11 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2017-02-27 12:38 - 2016-10-11 08:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2017-02-27 12:38 - 2016-10-11 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
    2017-02-27 12:38 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2017-02-27 12:38 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2017-02-27 12:38 - 2016-10-11 08:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2017-02-27 12:38 - 2016-10-11 08:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
    2017-02-27 12:38 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2017-02-27 12:38 - 2016-10-11 08:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
    2017-02-27 12:38 - 2016-10-11 08:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 08:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2017-02-27 12:38 - 2016-10-11 08:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2017-02-27 12:38 - 2016-10-11 08:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2017-02-27 12:38 - 2016-10-11 07:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2017-02-27 12:38 - 2016-10-11 07:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2017-02-27 12:38 - 2016-10-11 07:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
    2017-02-27 12:38 - 2016-10-11 07:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2017-02-27 12:38 - 2016-10-11 07:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2017-02-27 12:38 - 2016-10-11 07:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2017-02-27 12:38 - 2016-10-11 07:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2017-02-27 12:38 - 2016-10-11 07:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2017-02-27 12:38 - 2016-10-11 07:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 07:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 07:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 07:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2017-02-27 12:38 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2017-02-27 12:38 - 2016-10-11 06:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
    2017-02-27 12:38 - 2016-10-11 06:17 - 00419648 _____ C:\Windows\system32\locale.nls
    2017-02-27 12:38 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
    2017-02-27 12:38 - 2016-10-08 06:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2017-02-27 12:38 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
    2017-02-27 12:38 - 2016-10-07 08:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2017-02-27 12:38 - 2016-10-07 08:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
    2017-02-27 12:38 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
    2017-02-27 12:38 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2017-02-27 12:38 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
    2017-02-27 12:38 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
    2017-02-27 12:38 - 2016-10-04 08:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2017-02-27 12:38 - 2016-10-04 08:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2017-02-27 12:38 - 2016-10-04 08:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2017-02-27 12:38 - 2016-10-04 08:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2017-02-27 12:38 - 2016-10-04 08:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2017-02-27 12:38 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
    2017-02-27 12:38 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
    2017-02-27 12:38 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2017-02-27 12:38 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2017-02-27 12:38 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2017-02-27 12:38 - 2016-09-09 11:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2017-02-27 12:38 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2017-02-27 12:38 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2017-02-27 12:38 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2017-02-27 12:38 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
    2017-02-27 12:38 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2017-02-27 12:38 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2017-02-27 12:38 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2017-02-27 12:38 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2017-02-27 12:38 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2017-02-27 12:38 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2017-02-27 12:38 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2017-02-27 12:38 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2017-02-27 12:38 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2017-02-27 12:38 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
    2017-02-27 12:38 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2017-02-27 12:38 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
    2017-02-27 12:38 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2017-02-27 12:38 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
    2017-02-27 12:38 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2017-02-27 12:38 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
    2017-02-27 12:38 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
    2017-02-27 12:38 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2017-02-27 12:38 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2017-02-27 12:38 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2017-02-27 12:38 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2017-02-27 12:38 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2017-02-27 12:38 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2017-02-27 12:38 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2017-02-27 12:38 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2017-02-27 12:38 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2017-02-27 12:38 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2017-02-27 12:38 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2017-02-27 12:38 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2017-02-27 12:38 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2017-02-27 12:38 - 2016-05-13 15:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2017-02-27 12:38 - 2016-05-13 15:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2017-02-27 12:38 - 2016-05-13 15:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2017-02-27 12:38 - 2016-05-13 15:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2017-02-27 12:38 - 2016-05-13 14:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2017-02-27 12:38 - 2016-05-13 14:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2017-02-27 12:38 - 2016-05-13 14:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2017-02-27 12:38 - 2016-05-13 14:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2017-02-27 12:38 - 2016-05-13 14:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2017-02-27 12:38 - 2016-05-13 14:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2017-02-27 12:38 - 2016-05-13 14:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2017-02-27 12:38 - 2016-05-13 14:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2017-02-27 12:38 - 2016-05-13 14:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2017-02-27 12:38 - 2016-05-13 14:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2017-02-27 12:38 - 2016-05-13 14:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2017-02-27 12:38 - 2016-05-13 14:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2017-02-27 12:38 - 2016-05-12 08:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
    2017-02-27 12:37 - 2017-02-02 09:36 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2017-02-27 12:37 - 2017-02-02 09:32 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2017-02-27 12:37 - 2017-02-02 07:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2017-02-27 12:37 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2017-02-27 12:37 - 2015-08-05 10:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2017-02-27 12:37 - 2015-08-05 10:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2017-02-27 12:36 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2017-02-27 12:36 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2017-02-27 12:36 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2017-02-27 12:36 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2017-02-27 12:36 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2017-02-27 12:36 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2017-02-27 12:36 - 2016-08-12 09:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
    2017-02-27 12:36 - 2016-08-12 09:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
    2017-02-27 12:36 - 2016-08-12 09:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
    2017-02-27 12:36 - 2016-07-07 08:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2017-02-27 12:36 - 2016-07-07 08:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2017-02-27 12:36 - 2016-07-07 08:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2017-02-27 12:36 - 2016-07-07 08:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
    2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
    2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
    2017-02-27 12:36 - 2015-12-16 11:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
    2017-02-27 12:36 - 2015-12-16 11:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
    2017-02-27 12:36 - 2015-12-16 11:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
    2017-02-27 12:25 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2017-02-27 12:25 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2017-02-25 19:22 - 2017-02-25 19:22 - 00000000 ____D C:\Windows\jre
    2017-02-25 19:22 - 2017-02-25 19:22 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
    2017-02-25 18:11 - 2017-03-02 10:16 - 00000000 ____D C:\Users\R\AppData\Roaming\Curse Client
    2017-02-25 18:11 - 2017-02-25 18:11 - 00001020 _____ C:\Users\R\Desktop\Curse.lnk
    2017-02-25 18:11 - 2017-02-25 18:11 - 00001006 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
    2017-02-25 15:05 - 2017-02-27 13:28 - 00278760 _____ C:\Windows\system32\FNTCACHE.DAT
    2017-02-25 00:20 - 2017-02-25 00:20 - 00219714 _____ C:\Users\R\Documents\bookmarks.html
    2017-02-24 23:10 - 2017-02-24 23:10 - 00000522 _____ C:\Users\Public\Desktop\Steam.lnk
    2017-02-24 23:10 - 2017-02-24 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    2017-02-24 22:05 - 2017-02-24 22:05 - 00003204 _____ C:\Windows\System32\Tasks\Adobe Uninstaller
    2017-02-24 22:05 - 2017-02-24 22:05 - 00003154 _____ C:\Windows\System32\Tasks\{C5AC3A7E-E579-40EB-86AC-0909653DEF76}
    2017-02-24 18:09 - 2017-02-24 18:09 - 00066592 _____ C:\Users\R\AppData\Local\GDIPFONTCACHEV1.DAT
    2017-02-24 17:17 - 2017-02-24 17:17 - 00000000 ____D C:\Users\R\AppData\LocalLow\Sony Online Entertainment
    2017-02-22 00:51 - 2017-02-22 00:51 - 00000000 __SHD C:\found.002
    2017-02-14 01:50 - 2017-02-14 01:58 - 00000000 ____D C:\Users\R\AppData\Local\Facebook
    2017-02-03 11:18 - 2017-03-02 13:11 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    2017-02-03 11:18 - 2017-03-01 09:02 - 00001344 ____H C:\Users\R\Desktop\ROBLOX Player.lnk
    2017-02-03 11:18 - 2017-03-01 09:01 - 00001163 _____ C:\Users\R\Desktop\ROBLOX Studio.lnk
    2017-02-01 14:38 - 2017-02-01 14:38 - 00000000 ____D C:\Users\R\Documents\ROBLOX
    2017-01-31 13:30 - 2017-01-31 17:09 - 00000000 ____D C:\Users\R\Documents\Fanfiction
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-03-02 13:41 - 2016-05-26 16:54 - 00000000 ____D C:\Games
    2017-03-02 13:11 - 2016-12-01 19:07 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
    2017-03-02 12:15 - 2016-05-26 18:47 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2017-03-02 12:14 - 2014-07-02 12:46 - 00000000 ____D C:\Users\R
    2017-03-02 10:23 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-03-02 10:23 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-03-02 10:14 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-03-02 00:21 - 2016-12-17 00:18 - 00000000 ____D C:\Users\R\AppData\LocalLow\Mozilla
    2017-03-01 21:16 - 2016-07-01 14:18 - 00000000 ____D C:\Program Files (x86)\Google
    2017-03-01 20:14 - 2016-07-14 01:29 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-03-01 18:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
    2017-02-28 03:49 - 2016-05-26 15:30 - 00000000 ____D C:\Users\R\AppData\Local\Roblox
    2017-02-28 01:08 - 2016-07-09 14:36 - 00000000 ____D C:\Users\R\AppData\Roaming\Skype
    2017-02-27 23:50 - 2016-12-31 13:19 - 00000000 ____D C:\Users\R\Documents\Noble Special Investigation Site 29
    2017-02-27 21:59 - 2009-07-13 22:13 - 00782352 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-02-27 21:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2017-02-27 13:53 - 2017-01-04 01:09 - 00000258 __RSH C:\ProgramData\ntuser.pol
    2017-02-27 13:25 - 2016-08-06 11:20 - 00000000 ___SD C:\Windows\system32\CompatTel
    2017-02-27 13:25 - 2016-08-06 11:20 - 00000000 ____D C:\Windows\system32\appraiser
    2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
    2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
    2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2017-02-27 13:20 - 2016-07-12 23:26 - 00000000 ____D C:\Windows\system32\MRT
    2017-02-27 13:16 - 2016-07-12 23:26 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-02-27 12:56 - 2016-07-14 00:47 - 00774934 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2017-02-24 22:08 - 2016-10-03 20:33 - 00000000 ____D C:\Program Files\Adobe
    2017-02-24 18:14 - 2016-10-04 23:32 - 00000000 ____D C:\Users\R\AppData\Roaming\obs-studio
    2017-02-24 17:42 - 2016-11-06 10:38 - 00000000 ____D C:\Users\R\AppData\Local\Jagex
    2017-02-24 17:42 - 2016-11-06 10:38 - 00000000 ____D C:\ProgramData\Jagex
    2017-02-24 17:32 - 2017-01-04 15:27 - 00000000 ____D C:\ProgramData\VEGAS
    2017-02-24 17:30 - 2016-07-12 22:49 - 00000000 ____D C:\ProgramData\Package Cache
    2017-02-24 17:19 - 2016-08-05 14:57 - 00000059 _____ C:\Users\R\AppData\Local\UserProducts.xml
    2017-02-24 17:19 - 2016-08-05 14:57 - 00000000 ____D C:\Program Files (x86)\Skillbrains
    2017-02-24 17:18 - 2014-07-02 12:48 - 00000000 ____D C:\Users\R\AppData\Local\VirtualStore
    2017-02-24 17:17 - 2016-06-01 17:44 - 00000000 ____D C:\Users\R\AppData\Local\CrashDumps
    2017-02-24 17:12 - 2014-07-02 17:15 - 00000000 ____D C:\Windows\Minidump
    2017-02-24 16:53 - 2016-11-20 21:11 - 00000000 ____D C:\Users\R\AppData\Roaming\discord
    2017-02-24 15:57 - 2009-07-13 22:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2017-02-21 23:31 - 2016-06-10 18:23 - 00000000 ____D C:\Users\R\AppData\Local\Deployment
    2017-02-16 19:42 - 2016-07-31 22:48 - 00000000 ____D C:\Users\R\AppData\Roaming\SoftGrid Client
    2017-02-15 11:57 - 2016-05-26 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-02-12 00:16 - 2016-12-14 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-02-09 01:11 - 2017-01-02 18:09 - 00000000 ____D C:\tmp
    2017-02-03 13:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SchCache
    2017-02-03 11:19 - 2016-05-26 15:30 - 00000246 _____ C:\Users\R\AppData\LocalLow\rbxcsettings.rbx
    2017-02-02 20:16 - 2016-10-05 18:04 - 00000000 ____D C:\Users\R\Documents\OBJ FILE
    2017-01-31 20:18 - 2017-01-15 11:11 - 00000000 ____D C:\Users\R\Documents\Euro Truck Simulator 2
    2017-01-31 18:56 - 2016-10-03 20:42 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
     
    ==================== Files in the root of some directories =======
     
    2014-07-03 04:21 - 2016-10-08 21:16 - 0007626 _____ () C:\Users\R\AppData\Local\resmon.resmoncfg
    2016-08-05 14:57 - 2016-08-05 14:57 - 0000003 _____ () C:\Users\R\AppData\Local\updater.log
    2016-08-05 14:57 - 2017-02-24 17:19 - 0000059 _____ () C:\Users\R\AppData\Local\UserProducts.xml
    2014-07-02 10:34 - 2014-07-02 10:36 - 0017744 _____ () C:\ProgramData\ArcadeDeluxe4.log
    2017-01-04 01:15 - 2017-01-04 01:15 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
     
    Some files in TEMP:
    ====================
    2017-02-24 17:17 - 2012-02-13 13:41 - 0314784 _____ () C:\Users\R\AppData\Local\Temp\Uninstaller-1996.exe
    2017-03-01 20:09 - 2017-03-01 20:09 - 1239402 _____ (VideoBox                                                    ) C:\Users\R\AppData\Local\Temp\videobox.exe
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-02-22 19:52
     
    ==================== End of FRST.txt ============================

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP