Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Chrome_Elf Dll Is Missing Error


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

IE lives at:

 

 "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

 

If you copy the above line then Start, All Programs, Accessories, Command Prompt 

 

then right click and Paste (or Edit then Paste) and the copied line will appear.  Hit Enter.  

 

Does that bring up Internet Explorer?

 

 

Your screenshot didn't work.  Let's try Process Explorer.  That will give me about the same info:

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 

 

It occurs to me that there may be other shortcut infected so run FRST and click on Shortcut.txt (and uncheck addition.txt) then hit the Scan button.  I just need the shortcut.txt file's contents.


  • 0

Advertisements


#32
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Hello,

 

on the first part regarding Command Prompt - It said that it does not exist, here is a screenshot from Gyazo -

 

https://gyazo.com/d6...eea457bd0b96aa3

 

here is the file log from Process Explorer -

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
wuauclt.exe        2,824 K    4,424 K    4912    Windows Update    Microsoft Corporation    (Verified) Microsoft Windows
wmpnetwk.exe    0.09    15,100 K    17,084 K    3332    Windows Media Player Network Sharing Service    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        4,404 K    6,016 K    560            
wininit.exe        2,544 K    2,912 K    496            
WargamingGameUpdater.exe    < 0.01    7,884 K    8,388 K    4844    World of Tanks Game Updater    Wargaming.net    (Verified) Wargaming.net LLP
UpdaterService.exe        1,520 K    2,588 K    2580    Updater Service    Acer Group    (Verified) Acer Incorporated
System Idle Process    91.85    0 K    24 K    0            
System    0.46    168 K    2,220 K    4            
svchost.exe        6,244 K    7,848 K    732    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    6,244 K    7,028 K    808    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        31,896 K    22,448 K    940    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.32    171,356 K    168,572 K    972    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    27,036 K    29,416 K    152    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    17,976 K    20,536 K    1020    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    3,096 K    4,044 K    596    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    35,024 K    25,820 K    1364    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    18,272 K    14,132 K    1556    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        7,432 K    10,060 K    1648    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    9,660 K    10,176 K    1676    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,816 K    5,348 K    2540    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        5,248 K    5,980 K    1316    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        56,972 K    33,312 K    4684    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe        7,452 K    6,816 K    1520    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        732 K    836 K    324            
sftvsa.exe        1,696 K    2,712 K    2492    Microsoft Application Virtualization Virtual Service Agent    Microsoft Corporation    (Verified) Microsoft Corporation
sftlist.exe        6,480 K    7,876 K    2736    Microsoft Application Virtualization Client Service    Microsoft Corporation    (Verified) Microsoft Corporation
services.exe        7,084 K    9,460 K    604            
SearchIndexer.exe    0.02    49,384 K    25,016 K    3300    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
procexp64.exe    0.20    27,068 K    46,340 K    5476    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
procexp.exe        2,544 K    7,672 K    1848    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PresentationFontCache.exe        26,768 K    10,000 K    1700    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
mbamtray.exe        18,076 K    16,384 K    3036    Malwarebytes Tray Application    Malwarebytes    (Verified) Malwarebytes Corporation
MBAMService.exe    0.02    385,140 K    387,060 K    2708    Malwarebytes Service    Malwarebytes    (Verified) Malwarebytes Corporation
lsm.exe        3,076 K    3,324 K    632            
lsass.exe    < 0.01    9,124 K    12,104 K    624    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    0.24    0 K    0 K    n/a    Hardware Interrupts and DPCs        
iexplore.exe    2.95    14,920 K    15,944 K    3820    Internet Explorer    Microsoft Corporation    (Verified) Microsoft Corporation
GoogleCrashHandler64.exe        2,020 K    528 K    2024            
GoogleCrashHandler.exe        1,736 K    528 K    1836            
firefox.exe    0.03    365,440 K    385,916 K    2464    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe    0.01    673,536 K    651,584 K    2728    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
explorer.exe    0.01    78,256 K    79,136 K    1236    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
EgisTicketService.exe        2,660 K    4,096 K    1076    Egis Ticket Service    Egis Technology Inc.     (Verified) EGIS TECHNOLOGY INC.
EgisService.exe        4,532 K    4,556 K    1308    Egis Service    Egis Technology Inc.     (Verified) EGIS TECHNOLOGY INC.
dwm.exe    0.09    34,688 K    37,176 K    1180    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
dllhost.exe    < 0.01    8,080 K    8,872 K    700    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
CVHSVC.EXE        5,688 K    5,704 K    2960            
csrss.exe    < 0.01    2,740 K    3,128 K    424            
csrss.exe    0.06    3,976 K    12,888 K    520            
chrome.exe    1.21    125,292 K    167,980 K    5656    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        4,100 K    8,168 K    4188    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        4,548 K    9,780 K    4460    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.07    46,752 K    43,908 K    2564    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe        85,388 K    107,628 K    3164    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    2.30    191,612 K    195,116 K    5288    Google Chrome    Google Inc.    (Verified) Google Inc
chrome.exe    0.06    42,364 K    48,360 K    5200    Google Chrome    Google Inc.    (Verified) Google Inc
audiodg.exe        16,120 K    16,092 K    2340            
atiesrxx.exe        2,040 K    2,824 K    872    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher

 


  • 0

#33
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Here is the shortcut log - as per requested.

 

Users shortcut scan result (x64) Version: 01-03-2017
Ran by R (02-03-2017 21:46:38)
Running from C:\Users\R\Downloads
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)





Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-A91000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Call.lnk -> C:\Program Files (x86)\Windows Live\Messenger\wlcstart.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Messenger .lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaks.com Logon Changer\Tweaks.com Logon Changer.lnk -> C:\Windows\Installer\{D2223C9B-0AB9-4546-A4C0-A1ED27C42039}\StartMenuIcon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics\USB 3.0 Host Controller Driver\USB 3.0 Host Controller Utility.lnk -> C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3utl.exe (Renesas Electronics Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (32bit).lnk -> C:\Program Files (x86)\obs-studio\bin\32bit\obs32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\Uninstall.lnk -> C:\Program Files (x86)\obs-studio\uninstall.exe (obsproject.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo GIF.lnk -> C:\Program Files (x86)\Gyazo\GyazoGIF.exe (Nota Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo.lnk -> C:\Program Files (x86)\Gyazo\Gyazowin.exe (Nota Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Club Penguin.lnk -> C:\Program Files (x86)\Acer Games\Web Link - Club Penguin\502CF397-846F-459B-AB59-9826E34B7ECE.dll ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program\Bluetooth Devices.lnk -> C:\Windows\System32\bthprops.cpl (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem\AcerSystem User Guide.lnk -> C:\book\Generic_User_Guide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem\AcerSystem User Quick Guide.lnk -> C:\book\Quick Guide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam\Acer Crystal Eye webcam.lnk -> C:\Program Files (x86)\Acer\Acer Crystal Eye webcam\CrystalEye.exe (Chicony Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Backup Manager\Acer Backup Manager.lnk -> C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManager.exe (NewTech Infosystems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Arcade Deluxe\ Acer Arcade Deluxe.lnk -> C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer eRecovery Management.lnk -> C:\Program Files\Acer\Acer eRecovery Management\Recovery Management.exe (Acer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Updater.lnk -> C:\Program Files\Acer\Acer Updater\ALU.exe (Acer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Welcome Center.lnk -> C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe (Acer Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Bio Protection\Acer Bio Protection.lnk -> C:\Program Files (x86)\Acer Bio Protection\EgisMgtConsole.exe (Egis Technology Inc. )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{502CF397-846F-459B-AB59-9826E34B7ECE}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\Acer Games\Web Link - Club Penguin\502CF397-846F-459B-AB59-9826E34B7ECE.dll ()
Shortcut: C:\ProgramData\CyberLink\PowerCinema\Extension\Extension.1.0.lnk -> C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\Highlight\Extension.1.0\Extension.1.0.xml ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AVG PC TuneUp.lnk -> C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (No File)
Shortcut: C:\Users\Public\IronMan2\Dolby Home Theater Demo.lnk -> C:\Users\Public\IronMan2\Dolby Home Theater Demo-1080p.mp4 ()
Shortcut: C:\Users\Public\Desktop\Adobe Creative Cloud.lnk -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Gyazo GIF.lnk -> C:\Program Files (x86)\Gyazo\GyazoGIF.exe (Nota Inc.)
Shortcut: C:\Users\Public\Desktop\Gyazo.lnk -> C:\Program Files (x86)\Gyazo\Gyazowin.exe (Nota Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\OBS Studio.lnk -> C:\Program Files (x86)\obs-studio\bin\32bit\obs32.exe ()
Shortcut: C:\Users\Public\Desktop\paint.net.lnk -> C:\Program Files\paint.net\PaintDotNet.exe (dotPDN LLC)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> D:\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\R\Links\Creative Cloud Files.lnk -> C:\Users\R\Creative Cloud Files ()
Shortcut: C:\Users\R\Links\Desktop.lnk -> C:\Users\R\Desktop ()
Shortcut: C:\Users\R\Links\Downloads.lnk -> C:\Users\R\Downloads ()
Shortcut: C:\Users\R\Links\RecentPlaces.lnk -> System Folder
Shortcut: C:\Users\R\Favorites\Links\Acer Games.lnk -> C:\Windows\System32\url.dll (Microsoft Corporation)
Shortcut: C:\Users\R\Favorites\Links\Acer.lnk -> C:\Windows\System32\url.dll (Microsoft Corporation)
Shortcut: C:\Users\R\Favorites\Acer\Acer Games.lnk -> C:\Windows\System32\url.dll (Microsoft Corporation)
Shortcut: C:\Users\R\Favorites\Acer\Acer.lnk -> C:\Windows\System32\url.dll (Microsoft Corporation)
Shortcut: C:\Users\R\Documents\Euro Truck Simulator 2\readme.rtf.lnk -> C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\readme.rtf (No File)
Shortcut: C:\Users\R\Desktop\Adobe Photoshop CC 2015.5.lnk -> C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\Users\R\Desktop\blender.lnk -> C:\Program Files\Blender Foundation\Blender\blender.exe (Blender Foundation)
Shortcut: C:\Users\R\Desktop\Curse.lnk -> C:\Users\R\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Shortcut: C:\Users\R\Desktop\Kindle.lnk -> C:\Users\R\AppData\Local\Amazon\Kindle\application\Kindle.exe (Amazon.com)
Shortcut: C:\Users\R\Desktop\OBS Studio (64bit).lnk -> C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe ()
Shortcut: C:\Users\R\Desktop\World of Tanks.lnk -> C:\Games\WoTLauncher.exe (Wargaming.net)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk -> C:\Users\R\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Encyclopedia.lnk -> C:\Games\wiki.url ()
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Game Manual.lnk -> C:\Games\game_manual.url ()
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Latest updates.lnk -> C:\Games\readme.url ()
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Official website.lnk -> C:\Games\website.url ()
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\Uninstall World of Tanks.lnk -> C:\Games\unins000.exe ()
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks\World of Tanks.lnk -> C:\Games\WoTLauncher.exe (Wargaming.net)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online\Uninstall The Elder Scrolls Online.lnk -> D:\Steam\steamapps\common\Zenimax Online\uninstall\Uninstall The Elder Scrolls Online.exe (No File)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Kindle.lnk -> C:\Users\R\AppData\Local\Amazon\Kindle\application\Kindle.exe (Amazon.com)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Uninstall Kindle.lnk -> C:\Users\R\AppData\Local\Amazon\Kindle\application\uninstall.exe (Amazon.com)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer\System Information\Acer System Information.lnk -> C:\Users\R\AppData\Roaming\Microsoft\Installer\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}\_A8E2051B6F0E47454AC3CD.exe ()
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo GIF.lnk -> C:\Program Files (x86)\Gyazo\GyazoGIF.exe (Nota Inc.)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gyazo.lnk -> C:\Program Files (x86)\Gyazo\Gyazowin.exe (Nota Inc.)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gyazo.lnk -> C:\Program Files (x86)\Gyazo\Gyazowin.exe (Nota Inc.)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)




ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Launch Manager.LNK -> C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) -> Show_Panel
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager\Uninstall.LNK -> C:\Windows\UNINSTLMv4.EXE (Dritek System Inc.) -> LMv4.UNI
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo\Gyazo Settings.lnk -> C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.) -> /option
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Advanced.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Dashboard
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC - Wizard.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Wizard
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\CCC.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start CCC
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center\Restart Runtime.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) -> Restart
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program\Uninstall Bluetooth Suite.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {230D1595-57DA-4933-8C4E-375797EBB7E1}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Identity Card.lnk -> C:\Program Files (x86)\Acer\Identity Card\IdentityCard.exe () -> Identity Card
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\R\Desktop\Discord.lnk -> C:\Users\R\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\R\Desktop\ROBLOX Player.lnk -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\RobloxPlayerLauncher.exe (ROBLOX Corporation) -> -browser
ShortcutWithArgument: C:\Users\R\Desktop\ROBLOX Studio.lnk -> C:\Users\R\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe (ROBLOX Corporation) -> -ide
ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk -> C:\Users\R\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) -> /startup
ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Player.lnk -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\RobloxPlayerLauncher.exe (ROBLOX Corporation) -> -browser
ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox\ROBLOX Studio.lnk -> C:\Users\R\AppData\Local\Roblox\Versions\RobloxStudioLauncherBeta.exe (ROBLOX Corporation) -> -ide
ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc\Discord.lnk -> C:\Users\R\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\R\Favorites\Windows Live\Get Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\R\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\R\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\R\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\R\Favorites\MSN Websites\MSN Autos.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\R\Favorites\MSN Websites\MSN Entertainment.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\R\Favorites\MSN Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\R\Favorites\MSN Websites\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\R\Favorites\MSN Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\R\Favorites\MSN Websites\MSNBC News.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\R\Favorites\Microsoft Websites\IE Add-on site.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\R\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\R\Favorites\Microsoft Websites\Microsoft At Home.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\R\Favorites\Microsoft Websites\Microsoft At Work.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\R\Favorites\Microsoft Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\R\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\R\Favorites\Acer\eBay.url -> URL: hxxp://rover.ebay.com/rover/1/706-66994-24801-1/4

==================== End of Shortcut.txt =============================
 


  • 0

#34
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

IN Process Explorer, hit the Process column header to sort things by Process and stop it jumping around.  Then find iexplore.exe and select Suspend.

 

Does it stay suspended.

 

Have you rebooted since we did the run.reg merge?

 

Try that and then do the grantperms again on Chrome.elf.dll and see if it holds now.

 

I've got to go to bed now.  


  • 0

#35
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

On the first part regarding Process Explorer - It has been suspended, and it stayed suspended even after few minutes, here is a screenshot from gyazo -

 

https://gyazo.com/93...591186e50386125

 

And no, I have not rebooted my laptop since we've did the part regarding run.reg merge - I will go ahead and reboot my laptop.

 

I will let you know how it turns out after the reboot and the part regarding grantperm,


  • 0

#36
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Alrighty, so after I've did what you told me to do about the grant perm, it didn't work.


  • 0

#37
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Alrighty, so I was having a little experiment by observing how Google Chrome would react by disabling and enabling IE via Process Explorer -

 

When I had it enabled (Unsuspend it), the error appeared when I've attempted to open Google Chrome, however...

 

When I had it disabled (Suspended it), Google Chrome opened without any error, and it was working fine.

 

Could Internet Explorer be culprit in this?

 

--> Small Update

 

Also, I've noticed that my laptop performance has greatly improved when I've removed virus/malware with tools you've provided in the first part of your instruction (From page 1 on this thread) , but over time, it has slowed down, on a snail pace, and when I've tried to play Youtube on the working google chrome, there were no images showing, although it was working just fine on Firefox. 


Edited by InfinityFalse, 03 March 2017 - 12:30 AM.

  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Create a new FRST Scan with Addition.txt checked and post both.  I want to see if anything has changed since the reset.

 

(Start), Control Panel, (View by: Large icons), Internet Options, Advanced, Reset, Reset.  (We can try and leave your personal settings for now.)

 

This should reset IE and may get rid of whatever is causing it to run.

 

 

Let's look deeper with aswMbr:

 

 
Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change but the download will start immediately.
 
Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply
 
If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

  • 0

#39
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Here is the requested FRST Log - 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by R (administrator) on R-PC (03-03-2017 08:46:54)
Running from C:\Users\R\Downloads
Loaded Profiles: R (Available Profiles: R)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Acer Bio Protection\EgisService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\R\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Run: [World of Tanks] => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Run: [World of Tanks (1)] => "C:\Games\World_of_Tanks_CT\WargamingGameUpdater.exe"
HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Run: [Steam] => D:\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Run: [World of Tanks (2)] => C:\Games\WargamingGameUpdater.exe [3135752 2016-11-18] (Wargaming.net)
HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2017-02-25]
ShortcutTarget: Curse.lnk -> C:\Users\R\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{394F5267-8939-41D4-BC12-0033DBBC006C}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{F835098A-5C5B-4E94-872E-A0914277B5D4}: [DhcpNameServer] 192.168.1.254 75.153.171.122
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1351455686-1081943194-175279126-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1351455686-1081943194-175279126-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll [2010-11-05] (Egis Technology Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll [2010-11-05] (Egis Technology Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-09-27] (Atheros Commnucations)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: ol1w0beo.default
FF ProfilePath: C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default [2017-03-02]
FF NewTab: Mozilla\Firefox\Profiles\ol1w0beo.default -> about:newtab
FF Keyword.URL: Mozilla\Firefox\Profiles\ol1w0beo.default -> user_pref("keyword.URL", true);
FF Extension: (Firefox Hotfix) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\[email protected] [2016-08-30]
FF Extension: (Adblock Plus) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-12]
FF Extension: (Bitdefender QuickScan) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2017-03-02]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\features\{04e6bdea-11bc-4de6-903d-1ad87024f393}\[email protected] [2017-03-01]
FF Extension: (TLS 1.3 Compatibility Testing 3) - C:\Users\R\AppData\Roaming\Mozilla\Firefox\Profiles\ol1w0beo.default\features\{04e6bdea-11bc-4de6-903d-1ad87024f393}\[email protected] [2017-03-01]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\Acer Bio Protection\FFExt
FF Extension: ( Password Bank Extension ) - C:\Program Files (x86)\Acer Bio Protection\FFExt [2014-07-02] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-23] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-01] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @nsroblox.roblox.com/launcher -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-1351455686-1081943194-175279126-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\R\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-24] (Unity Technologies ApS)
 
Chrome: 
=======
CHR Profile: C:\Users\R\AppData\Local\Google\Chrome\User Data\Default [2017-03-03]
CHR Extension: (Google Slides) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-01]
CHR Extension: (Google Docs) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-01]
CHR Extension: (Google Drive) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-01]
CHR Extension: (YouTube) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-01]
CHR Extension: (Adblock Plus) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-01]
CHR Extension: (Google Sheets) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-01]
CHR Extension: (ROBLOX+) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2017-03-01]
CHR Extension: (Morpheon Dark) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2017-03-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-01]
CHR Extension: (Gmail) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-01]
CHR Extension: (Chrome Media Router) - C:\Users\R\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-01]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-09-27] (Atheros Commnucations) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1445384 2016-10-21] ()
R2 EgisTec Service; C:\Program Files (x86)\Acer Bio Protection\EgisService.exe [315248 2010-11-05] (Egis Technology Inc. )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
S4 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2017-02-24] ()
S3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2010-04-26] (Windows ® Win 7 DDK provider) [File not signed]
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-03-02] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-03-02] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-03-02] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-02] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82208 2017-03-02] (Malwarebytes)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation) [File not signed]
S3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2010-04-26] (Nuvoton Technology Corporation) [File not signed]
R3 nuvotonir; C:\Windows\System32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2016-06-15] (SplitmediaLabs Limited)
R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-05-19] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-02 23:37 - 2017-03-02 23:37 - 05861240 _____ (Adobe Systems Inc.) C:\Users\R\Downloads\Shockwave_Installer_Slim.exe
2017-03-02 21:46 - 2017-03-02 21:46 - 00040471 _____ C:\Users\R\Downloads\Shortcut.txt
2017-03-02 21:42 - 2017-03-02 21:42 - 00005753 _____ C:\Users\R\Documents\System Idle Process.txt
2017-03-02 21:35 - 2017-03-02 21:36 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\R\Downloads\procexp.exe
2017-03-02 20:19 - 2017-03-02 20:19 - 00453083 _____ C:\Users\R\Downloads\GrantPerms.zip
2017-03-02 19:34 - 2017-03-02 19:34 - 00000000 ____D C:\Users\R\Downloads\run
2017-03-02 19:32 - 2017-03-02 19:32 - 00000369 _____ C:\Users\R\Downloads\run.zip
2017-03-02 16:28 - 2017-03-02 16:28 - 00000000 ____D C:\Users\R\AppData\Roaming\QuickScan
2017-03-02 16:08 - 2017-03-02 16:09 - 55915216 _____ (Microsoft Corporation) C:\Users\R\Downloads\IE11-Windows6.1-x64-en-us.exe
2017-03-02 13:11 - 2017-03-02 14:16 - 00002617 _____ C:\Users\R\Downloads\Fixlog.txt
2017-03-02 12:13 - 2017-03-02 12:13 - 04278280 _____ (Wargaming.net ) C:\Users\R\Downloads\WoT_internet_install_na.exe
2017-03-02 12:13 - 2017-03-02 12:13 - 00000600 _____ C:\Users\R\Desktop\World of Tanks.lnk
2017-03-02 10:37 - 2017-03-02 10:39 - 00000441 _____ C:\Users\R\Downloads\Search.txt
2017-03-02 10:36 - 2017-03-02 19:39 - 00033681 _____ C:\Users\R\Downloads\Addition.txt
2017-03-02 10:34 - 2017-03-03 08:47 - 00016721 _____ C:\Users\R\Downloads\FRST.txt
2017-03-02 10:34 - 2017-03-03 08:46 - 00000000 ____D C:\FRST
2017-03-02 10:32 - 2017-03-02 10:32 - 02423808 _____ (Farbar) C:\Users\R\Downloads\FRST64 (1).exe
2017-03-02 10:30 - 2017-03-02 10:30 - 00013061 _____ C:\Users\R\Desktop\JRT.txt
2017-03-02 10:26 - 2017-03-02 10:26 - 01663736 _____ (Malwarebytes) C:\Users\R\Downloads\JRT.exe
2017-03-02 10:09 - 2017-03-02 10:13 - 00000000 ____D C:\AdwCleaner
2017-03-02 10:08 - 2017-03-02 10:08 - 04031440 _____ C:\Users\R\Downloads\AdwCleaner.exe
2017-03-01 23:53 - 2017-03-01 23:53 - 02423808 _____ (Farbar) C:\Users\R\Downloads\FRST64.exe
2017-03-01 21:18 - 2017-03-01 21:18 - 02729024 _____ (DLL-Files.com Client ) C:\Users\R\Downloads\clientsetup_fde-0.exe
2017-03-01 21:17 - 2017-03-01 21:17 - 00002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-01 21:17 - 2017-03-01 21:17 - 00002219 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-01 21:16 - 2017-03-01 21:16 - 01129376 _____ (Google Inc.) C:\Users\R\Downloads\ChromeSetup(1).exe
2017-03-01 20:44 - 2017-03-01 20:44 - 00602112 _____ (OldTimer Tools) C:\Users\R\Downloads\OTL.exe
2017-03-01 20:39 - 2017-03-01 20:39 - 01129376 _____ (Google Inc.) C:\Users\R\Downloads\ChromeSetup.exe
2017-03-01 20:39 - 2017-03-01 20:39 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-01 20:39 - 2017-03-01 20:39 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-01 20:15 - 2017-03-02 23:40 - 00082208 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-01 20:15 - 2017-03-02 22:01 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-01 20:15 - 2017-03-02 22:01 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-01 20:14 - 2017-03-02 22:01 - 00251840 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-01 20:14 - 2017-03-02 22:01 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-01 20:14 - 2017-03-01 20:14 - 00001871 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-01 20:14 - 2017-03-01 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-01 20:14 - 2017-03-01 20:14 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-01 20:14 - 2017-02-24 06:23 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-01 20:12 - 2017-03-01 20:13 - 57131432 _____ (Malwarebytes ) C:\Users\R\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-01 20:08 - 2017-03-01 20:09 - 01050653 _____ C:\Users\R\Downloads\Ch_028_Yuusha_Isagi_no_Maou_Hanashi.rar
2017-02-28 03:35 - 2017-02-28 03:36 - 00000000 ____D C:\Users\R\Documents\Old Places
2017-02-27 23:51 - 2017-02-28 00:15 - 00000000 ____D C:\Users\R\Documents\RobloxPlaces
2017-02-27 23:47 - 2017-02-27 23:47 - 00000000 ____D C:\Users\R\Documents\RobloxStuff
2017-02-27 13:47 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-02-27 13:47 - 2014-05-08 02:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-02-27 13:14 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2017-02-27 13:14 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2017-02-27 13:14 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2017-02-27 13:14 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2017-02-27 13:14 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2017-02-27 13:14 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2017-02-27 13:14 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2017-02-27 13:14 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2017-02-27 13:14 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2017-02-27 13:14 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2017-02-27 13:14 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2017-02-27 13:14 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2017-02-27 13:14 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-02-27 13:14 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2017-02-27 13:14 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2017-02-27 13:14 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-02-27 13:14 - 2013-10-01 13:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2017-02-27 13:14 - 2013-10-01 13:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-02-27 13:05 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-02-27 13:05 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2017-02-27 13:05 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2017-02-27 13:05 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2017-02-27 12:39 - 2016-11-14 16:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-27 12:39 - 2016-11-14 15:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-02-27 12:39 - 2016-11-12 12:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-02-27 12:39 - 2016-11-12 12:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-27 12:39 - 2016-11-12 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-27 12:39 - 2016-11-12 12:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-02-27 12:39 - 2016-11-12 12:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-27 12:39 - 2016-11-12 12:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-02-27 12:39 - 2016-11-12 12:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-27 12:39 - 2016-11-12 12:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-27 12:39 - 2016-11-12 12:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-27 12:39 - 2016-11-12 12:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-02-27 12:39 - 2016-11-12 12:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-27 12:39 - 2016-11-12 12:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-02-27 12:39 - 2016-11-12 12:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-02-27 12:39 - 2016-11-12 12:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-27 12:39 - 2016-11-12 12:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-27 12:39 - 2016-11-12 11:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-02-27 12:39 - 2016-11-12 11:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-27 12:39 - 2016-11-12 11:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-27 12:39 - 2016-11-12 11:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-27 12:39 - 2016-11-12 11:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-02-27 12:39 - 2016-11-12 11:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-27 12:39 - 2016-11-12 11:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-27 12:39 - 2016-11-12 11:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-27 12:39 - 2016-11-12 11:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-02-27 12:39 - 2016-11-12 11:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-27 12:39 - 2016-11-12 11:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-02-27 12:39 - 2016-11-12 11:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-02-27 12:39 - 2016-11-12 11:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-02-27 12:39 - 2016-11-12 11:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-02-27 12:39 - 2016-11-12 11:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-02-27 12:39 - 2016-11-12 11:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-02-27 12:39 - 2016-11-12 11:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-27 12:39 - 2016-11-12 11:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-02-27 12:39 - 2016-11-12 11:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-27 12:39 - 2016-11-12 11:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-02-27 12:39 - 2016-11-12 11:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-02-27 12:39 - 2016-11-12 11:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-02-27 12:39 - 2016-11-12 11:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-27 12:39 - 2016-11-12 11:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-27 12:39 - 2016-11-12 11:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-27 12:39 - 2016-11-12 11:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-02-27 12:39 - 2016-11-12 11:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-02-27 12:39 - 2016-11-12 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-02-27 12:39 - 2016-11-12 10:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-02-27 12:39 - 2016-11-12 10:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-02-27 12:39 - 2016-11-12 10:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-02-27 12:39 - 2016-11-12 10:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-02-27 12:39 - 2016-11-12 10:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-02-27 12:39 - 2016-11-12 10:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-27 12:39 - 2016-11-12 10:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-02-27 12:39 - 2016-11-12 10:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-27 12:39 - 2016-11-12 10:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-27 12:39 - 2016-11-12 10:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-02-27 12:39 - 2016-11-12 10:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-02-27 12:39 - 2016-11-12 10:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-27 12:39 - 2016-11-12 10:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-27 12:39 - 2016-11-12 10:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-27 12:39 - 2016-11-12 10:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-27 12:39 - 2016-11-12 10:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-27 12:39 - 2016-11-12 10:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-27 12:39 - 2016-11-12 10:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-27 12:39 - 2016-09-15 07:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-02-27 12:39 - 2016-08-22 09:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-02-27 12:39 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-02-27 12:38 - 2017-01-05 11:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-02-27 12:38 - 2017-01-05 11:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-02-27 12:38 - 2017-01-05 11:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-02-27 12:38 - 2017-01-05 11:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-02-27 12:38 - 2017-01-05 10:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-02-27 12:38 - 2017-01-05 10:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-02-27 12:38 - 2017-01-05 10:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-02-27 12:38 - 2017-01-05 10:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-27 12:38 - 2017-01-05 10:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-02-27 12:38 - 2017-01-05 10:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-02-27 12:38 - 2017-01-05 10:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-02-27 12:38 - 2017-01-05 10:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-02-27 12:38 - 2017-01-05 10:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-02-27 12:38 - 2016-11-21 11:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-02-27 12:38 - 2016-11-20 09:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-02-27 12:38 - 2016-11-20 07:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-27 12:38 - 2016-11-17 09:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2017-02-27 12:38 - 2016-11-12 12:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-27 12:38 - 2016-11-12 11:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-02-27 12:38 - 2016-11-12 11:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-02-27 12:38 - 2016-11-10 09:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-27 12:38 - 2016-11-10 09:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-27 12:38 - 2016-11-09 09:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2017-02-27 12:38 - 2016-11-09 09:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-27 12:38 - 2016-11-09 09:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-27 12:38 - 2016-11-09 09:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2017-02-27 12:38 - 2016-11-09 09:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2017-02-27 12:38 - 2016-11-09 09:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2017-02-27 12:38 - 2016-11-09 09:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-02-27 12:38 - 2016-11-09 09:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-27 12:38 - 2016-11-09 09:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-27 12:38 - 2016-11-09 09:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2017-02-27 12:38 - 2016-11-09 09:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2017-02-27 12:38 - 2016-11-09 09:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-02-27 12:38 - 2016-11-09 09:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2017-02-27 12:38 - 2016-11-09 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2017-02-27 12:38 - 2016-11-06 09:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-27 12:38 - 2016-11-06 09:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-27 12:38 - 2016-11-06 09:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-27 12:38 - 2016-11-02 08:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-02-27 12:38 - 2016-11-02 08:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-02-27 12:38 - 2016-11-02 08:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-02-27 12:38 - 2016-11-02 08:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-02-27 12:38 - 2016-11-02 08:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-02-27 12:38 - 2016-11-02 08:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-02-27 12:38 - 2016-11-02 08:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-02-27 12:38 - 2016-11-02 08:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-02-27 12:38 - 2016-11-02 08:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-02-27 12:38 - 2016-11-02 07:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-02-27 12:38 - 2016-10-27 08:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-02-27 12:38 - 2016-10-27 08:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-02-27 12:38 - 2016-10-15 08:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-27 12:38 - 2016-10-15 08:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-02-27 12:38 - 2016-10-15 08:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-27 12:38 - 2016-10-15 08:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-02-27 12:38 - 2016-10-11 08:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-02-27 12:38 - 2016-10-11 08:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-27 12:38 - 2016-10-11 08:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-02-27 12:38 - 2016-10-11 08:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-02-27 12:38 - 2016-10-11 08:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-02-27 12:38 - 2016-10-11 08:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-02-27 12:38 - 2016-10-11 08:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-02-27 12:38 - 2016-10-11 08:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-02-27 12:38 - 2016-10-11 08:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2017-02-27 12:38 - 2016-10-11 08:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-02-27 12:38 - 2016-10-11 08:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-02-27 12:38 - 2016-10-11 08:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-02-27 12:38 - 2016-10-11 08:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2017-02-27 12:38 - 2016-10-11 08:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2017-02-27 12:38 - 2016-10-11 08:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2017-02-27 12:38 - 2016-10-11 08:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2017-02-27 12:38 - 2016-10-11 08:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2017-02-27 12:38 - 2016-10-11 08:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2017-02-27 12:38 - 2016-10-11 08:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-02-27 12:38 - 2016-10-11 08:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-02-27 12:38 - 2016-10-11 08:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2017-02-27 12:38 - 2016-10-11 08:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-02-27 12:38 - 2016-10-11 08:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2017-02-27 12:38 - 2016-10-11 08:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2017-02-27 12:38 - 2016-10-11 08:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2017-02-27 12:38 - 2016-10-11 08:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2017-02-27 12:38 - 2016-10-11 08:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 08:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-02-27 12:38 - 2016-10-11 08:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-02-27 12:38 - 2016-10-11 08:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-02-27 12:38 - 2016-10-11 07:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-02-27 12:38 - 2016-10-11 07:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-02-27 12:38 - 2016-10-11 07:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2017-02-27 12:38 - 2016-10-11 07:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-02-27 12:38 - 2016-10-11 07:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-02-27 12:38 - 2016-10-11 07:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-02-27 12:38 - 2016-10-11 07:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-02-27 12:38 - 2016-10-11 07:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-02-27 12:38 - 2016-10-11 07:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 07:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 07:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 07:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-02-27 12:38 - 2016-10-11 06:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-02-27 12:38 - 2016-10-11 06:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2017-02-27 12:38 - 2016-10-11 06:17 - 00419648 _____ C:\Windows\system32\locale.nls
2017-02-27 12:38 - 2016-10-11 06:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-27 12:38 - 2016-10-08 06:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-02-27 12:38 - 2016-10-07 08:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-02-27 12:38 - 2016-10-07 08:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-02-27 12:38 - 2016-10-07 08:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-02-27 12:38 - 2016-10-07 08:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-02-27 12:38 - 2016-10-07 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-02-27 12:38 - 2016-10-07 08:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-02-27 12:38 - 2016-10-05 07:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-02-27 12:38 - 2016-10-04 08:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-02-27 12:38 - 2016-10-04 08:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-02-27 12:38 - 2016-10-04 08:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-02-27 12:38 - 2016-10-04 08:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-02-27 12:38 - 2016-10-04 08:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-02-27 12:38 - 2016-10-04 08:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-02-27 12:38 - 2016-10-04 08:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-02-27 12:38 - 2016-10-04 08:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-02-27 12:38 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-02-27 12:38 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-02-27 12:38 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-02-27 12:38 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-02-27 12:38 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-02-27 12:38 - 2016-09-09 11:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-27 12:38 - 2016-09-09 11:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-02-27 12:38 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2017-02-27 12:38 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2017-02-27 12:38 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-02-27 12:38 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-02-27 12:38 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-02-27 12:38 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-02-27 12:38 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-02-27 12:38 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-02-27 12:38 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-02-27 12:38 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-02-27 12:38 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-02-27 12:38 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-02-27 12:38 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-02-27 12:38 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-02-27 12:38 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-02-27 12:38 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2017-02-27 12:38 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2017-02-27 12:38 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2017-02-27 12:38 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2017-02-27 12:38 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2017-02-27 12:38 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2017-02-27 12:38 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2017-02-27 12:38 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2017-02-27 12:38 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2017-02-27 12:38 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2017-02-27 12:38 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2017-02-27 12:38 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2017-02-27 12:38 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2017-02-27 12:38 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2017-02-27 12:38 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2017-02-27 12:38 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2017-02-27 12:38 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2017-02-27 12:38 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-02-27 12:38 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2017-02-27 12:38 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-02-27 12:38 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2017-02-27 12:38 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2017-02-27 12:38 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-02-27 12:38 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-02-27 12:38 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-02-27 12:38 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-02-27 12:38 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-02-27 12:38 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-02-27 12:38 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2017-02-27 12:38 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2017-02-27 12:38 - 2016-05-13 15:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-02-27 12:38 - 2016-05-13 15:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-02-27 12:38 - 2016-05-13 15:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-02-27 12:38 - 2016-05-13 15:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-02-27 12:38 - 2016-05-13 14:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-02-27 12:38 - 2016-05-13 14:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-02-27 12:38 - 2016-05-13 14:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-02-27 12:38 - 2016-05-13 14:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-02-27 12:38 - 2016-05-13 14:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-02-27 12:38 - 2016-05-13 14:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-02-27 12:38 - 2016-05-13 14:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-02-27 12:38 - 2016-05-13 14:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-02-27 12:38 - 2016-05-13 14:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-02-27 12:38 - 2016-05-13 14:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-02-27 12:38 - 2016-05-13 14:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-02-27 12:38 - 2016-05-13 14:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-02-27 12:38 - 2016-05-12 08:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-02-27 12:37 - 2017-02-02 09:36 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-27 12:37 - 2017-02-02 09:32 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-27 12:37 - 2017-02-02 07:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-27 12:37 - 2016-12-31 08:36 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-27 12:37 - 2016-12-31 08:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-27 12:37 - 2016-12-31 08:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-27 12:37 - 2016-12-31 08:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-27 12:37 - 2016-12-31 08:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-27 12:37 - 2016-12-31 08:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-27 12:37 - 2015-08-05 10:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-02-27 12:37 - 2015-08-05 10:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-02-27 12:36 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-02-27 12:36 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-02-27 12:36 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-02-27 12:36 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-02-27 12:36 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-02-27 12:36 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-02-27 12:36 - 2016-08-12 09:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-02-27 12:36 - 2016-08-12 09:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-02-27 12:36 - 2016-08-12 09:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-02-27 12:36 - 2016-07-07 08:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-02-27 12:36 - 2016-07-07 08:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-02-27 12:36 - 2016-07-07 08:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-02-27 12:36 - 2016-07-07 08:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-02-27 12:36 - 2015-12-16 11:53 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-02-27 12:36 - 2015-12-16 11:48 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-02-27 12:36 - 2015-12-16 11:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-02-27 12:36 - 2015-12-16 11:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-02-27 12:25 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-02-27 12:25 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-02-27 12:25 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-02-27 12:25 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-02-27 12:25 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-02-27 12:25 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-02-27 12:25 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-02-25 19:22 - 2017-02-25 19:22 - 00000000 ____D C:\Windows\jre
2017-02-25 19:22 - 2017-02-25 19:22 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Elder Scrolls Online
2017-02-25 18:11 - 2017-03-02 22:04 - 00000000 ____D C:\Users\R\AppData\Roaming\Curse Client
2017-02-25 18:11 - 2017-02-25 18:11 - 00001020 _____ C:\Users\R\Desktop\Curse.lnk
2017-02-25 18:11 - 2017-02-25 18:11 - 00001006 _____ C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2017-02-25 15:05 - 2017-02-27 13:28 - 00278760 _____ C:\Windows\system32\FNTCACHE.DAT
2017-02-25 00:20 - 2017-02-25 00:20 - 00219714 _____ C:\Users\R\Documents\bookmarks.html
2017-02-24 23:10 - 2017-02-24 23:10 - 00000522 _____ C:\Users\Public\Desktop\Steam.lnk
2017-02-24 23:10 - 2017-02-24 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-02-24 22:05 - 2017-02-24 22:05 - 00003204 _____ C:\Windows\System32\Tasks\Adobe Uninstaller
2017-02-24 22:05 - 2017-02-24 22:05 - 00003154 _____ C:\Windows\System32\Tasks\{C5AC3A7E-E579-40EB-86AC-0909653DEF76}
2017-02-24 18:09 - 2017-02-24 18:09 - 00066592 _____ C:\Users\R\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-24 17:17 - 2017-02-24 17:17 - 00000000 ____D C:\Users\R\AppData\LocalLow\Sony Online Entertainment
2017-02-22 00:51 - 2017-02-22 00:51 - 00000000 __SHD C:\found.002
2017-02-14 01:50 - 2017-02-14 01:58 - 00000000 ____D C:\Users\R\AppData\Local\Facebook
2017-02-03 11:18 - 2017-03-02 13:11 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-02-03 11:18 - 2017-03-01 09:02 - 00001344 ____H C:\Users\R\Desktop\ROBLOX Player.lnk
2017-02-03 11:18 - 2017-03-01 09:01 - 00001163 _____ C:\Users\R\Desktop\ROBLOX Studio.lnk
2017-02-01 14:38 - 2017-02-01 14:38 - 00000000 ____D C:\Users\R\Documents\ROBLOX
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-02 23:47 - 2016-12-17 00:18 - 00000000 ____D C:\Users\R\AppData\LocalLow\Mozilla
2017-03-02 22:08 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-02 22:08 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-02 22:02 - 2016-05-26 16:54 - 00000000 ____D C:\Games
2017-03-02 22:00 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-02 13:11 - 2016-12-01 19:07 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Tanks
2017-03-02 12:15 - 2016-05-26 18:47 - 00000000 ____D C:\Users\R\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-03-02 12:14 - 2014-07-02 12:46 - 00000000 ____D C:\Users\R
2017-03-01 21:16 - 2016-07-01 14:18 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-01 20:14 - 2016-07-14 01:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-01 18:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-02-28 03:49 - 2016-05-26 15:30 - 00000000 ____D C:\Users\R\AppData\Local\Roblox
2017-02-28 01:08 - 2016-07-09 14:36 - 00000000 ____D C:\Users\R\AppData\Roaming\Skype
2017-02-27 23:50 - 2016-12-31 13:19 - 00000000 ____D C:\Users\R\Documents\Noble Special Investigation Site 29
2017-02-27 21:59 - 2009-07-13 22:13 - 00782352 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-27 21:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-02-27 13:53 - 2017-01-04 01:09 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-02-27 13:25 - 2016-08-06 11:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-27 13:25 - 2016-08-06 11:20 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2017-02-27 13:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-27 13:20 - 2016-07-12 23:26 - 00000000 ____D C:\Windows\system32\MRT
2017-02-27 13:16 - 2016-07-12 23:26 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-27 12:56 - 2016-07-14 00:47 - 00774934 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-02-24 22:08 - 2016-10-03 20:33 - 00000000 ____D C:\Program Files\Adobe
2017-02-24 18:14 - 2016-10-04 23:32 - 00000000 ____D C:\Users\R\AppData\Roaming\obs-studio
2017-02-24 17:42 - 2016-11-06 10:38 - 00000000 ____D C:\Users\R\AppData\Local\Jagex
2017-02-24 17:42 - 2016-11-06 10:38 - 00000000 ____D C:\ProgramData\Jagex
2017-02-24 17:32 - 2017-01-04 15:27 - 00000000 ____D C:\ProgramData\VEGAS
2017-02-24 17:30 - 2016-07-12 22:49 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-24 17:19 - 2016-08-05 14:57 - 00000059 _____ C:\Users\R\AppData\Local\UserProducts.xml
2017-02-24 17:19 - 2016-08-05 14:57 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2017-02-24 17:18 - 2014-07-02 12:48 - 00000000 ____D C:\Users\R\AppData\Local\VirtualStore
2017-02-24 17:17 - 2016-06-01 17:44 - 00000000 ____D C:\Users\R\AppData\Local\CrashDumps
2017-02-24 17:12 - 2014-07-02 17:15 - 00000000 ____D C:\Windows\Minidump
2017-02-24 16:53 - 2016-11-20 21:11 - 00000000 ____D C:\Users\R\AppData\Roaming\discord
2017-02-24 15:57 - 2009-07-13 22:08 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-21 23:31 - 2016-06-10 18:23 - 00000000 ____D C:\Users\R\AppData\Local\Deployment
2017-02-16 19:42 - 2016-07-31 22:48 - 00000000 ____D C:\Users\R\AppData\Roaming\SoftGrid Client
2017-02-15 11:57 - 2016-05-26 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-12 00:16 - 2016-12-14 23:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-09 01:11 - 2017-01-02 18:09 - 00000000 ____D C:\tmp
2017-02-03 13:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SchCache
2017-02-03 11:19 - 2016-05-26 15:30 - 00000246 _____ C:\Users\R\AppData\LocalLow\rbxcsettings.rbx
2017-02-02 20:16 - 2016-10-05 18:04 - 00000000 ____D C:\Users\R\Documents\OBJ FILE
 
==================== Files in the root of some directories =======
 
2014-07-03 04:21 - 2016-10-08 21:16 - 0007626 _____ () C:\Users\R\AppData\Local\resmon.resmoncfg
2016-08-05 14:57 - 2016-08-05 14:57 - 0000003 _____ () C:\Users\R\AppData\Local\updater.log
2016-08-05 14:57 - 2017-02-24 17:19 - 0000059 _____ () C:\Users\R\AppData\Local\UserProducts.xml
2014-07-02 10:34 - 2014-07-02 10:36 - 0017744 _____ () C:\ProgramData\ArcadeDeluxe4.log
2017-01-04 01:15 - 2017-01-04 01:15 - 0005054 _____ () C:\ProgramData\mudtcpaz.vzs
 
Some files in TEMP:
====================
2017-02-24 17:17 - 2012-02-13 13:41 - 0314784 _____ () C:\Users\R\AppData\Local\Temp\Uninstaller-1996.exe
2017-03-01 20:09 - 2017-03-01 20:09 - 1239402 _____ (VideoBox                                                    ) C:\Users\R\AppData\Local\Temp\videobox.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-22 19:52
 
==================== End of FRST.txt ============================

  • 0

#40
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

and here is Addition Log - 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by R (03-03-2017 08:47:39)
Running from C:\Users\R\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-07-02 19:46:18)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1351455686-1081943194-175279126-500 - Administrator - Disabled)
Guest (S-1-5-21-1351455686-1081943194-175279126-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1351455686-1081943194-175279126-1002 - Limited - Enabled)
R (S-1-5-21-1351455686-1081943194-175279126-1000 - Administrator - Enabled) => C:\Users\R
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.8316 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.1.8316 - CyberLink Corp.) Hidden
Acer Arcade Movie (x32 Version: 9.0.7029 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
Acer Bio Protection (HKLM-x32\...\InstallShield_{FD588AD4-9150-4A41-83E8-61596E0954E4}) (Version: 7.0.60.0 - Egis Technology Inc.)
Acer Crystal Eye webcam Ver:1.1.193.827 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.193.827 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
BioExcess (Version: 7.0.60.0 - Egis Technology Inc.) Hidden
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.34 - Atheros Communications)
ccc-core-static (x32 Version: 2010.1028.1114.18274 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Discord (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Fingerprint Solution (x32 Version: 7.0.60.0 - Egis Technology Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gyazo 3.2.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.51.6 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nuvoton CIR Device Drivers (HKLM-x32\...\{46851691-3C64-4C14-ABD8-179AE8801F55}) (Version: 8.60.2004 - Nuvoton Technology Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.4 - OBS Project)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.27.920.2010 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
ROBLOX Player for R (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for R (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.18.0 - Synaptics Incorporated)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.5.0.0 - Zenimax Online Studios)
Tweaks.com Logon Changer (HKLM-x32\...\{D2223C9B-0AB9-4546-A4C0-A1ED27C42039}) (Version: 3.1.0 - Advanced PC Media LLC)
Unity Web Player (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\UnityWebPlayer) (Version: 5.2.5f1 - Unity Technologies ApS)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-1351455686-1081943194-175279126-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{593bc936-d803-49b7-9084-251d7f6425e6}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\R\AppData\Local\Roblox\Versions\version-ca61db0aa1b8462c\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-1351455686-1081943194-175279126-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0968AACF-E55C-4B22-A007-7C2354D2E36A} - System32\Tasks\{C5AC3A7E-E579-40EB-86AC-0909653DEF76} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
Task: {253E1326-F65A-45BC-82F1-D987625F7481} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-23] (Adobe Systems Incorporated)
Task: {275E4617-1E30-46F1-9D17-34A2DEC87778} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {88C5C7FC-B9B8-4ECF-899F-FC6E02F363E3} - System32\Tasks\{7FF02BFD-E1DF-4AA3-9FB5-4A5E32646FF1} => pcalua.exe -a C:\Users\R\AppData\Local\Roblox\Versions\version-a5eaf158bd544c4d\RobloxPlayerLauncher.exe -c -uninstall
Task: {89BBA2DA-75CC-4E87-9AC2-A5E16A990791} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
Task: {965304F7-3472-4DB8-B83D-F1E7C20A447C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-01] (Google Inc.)
Task: {B2DBC4E6-3AE8-414A-93CF-0E5AF370941F} - System32\Tasks\Acer Registration - Data Sending task => C:\Program Files (x86)\Acer\Registration\GREG.exe [2010-04-27] (Acer Incorporated)
Task: {CCA22504-5F5A-42FA-93AB-F31236C5CE44} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-10-25] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\R\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-01-21 13:45 - 2009-01-21 13:45 - 01401856 _____ () C:\Program Files (x86)\Acer Bio Protection\x64\LIBEAY32.dll
2017-03-01 20:14 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-01 20:14 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-10-25 08:57 - 2016-10-25 08:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-01 21:17 - 2017-02-01 02:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-03-01 21:17 - 2017-02-01 02:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2017-01-04 11:50 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1351455686-1081943194-175279126-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\R\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk => C:\Windows\pss\Acer VCM.lnk.CommonStartup
MSCONFIG\startupreg: Acer ePower Management => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"                                                                                                                                                                                          
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k                                                                                                                                                                             
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: Lightshot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"                                              
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Users\R\Documents\New folder\steam.exe" -silent
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: VitaKeyTSR => "C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe" /run
MSCONFIG\startupreg: World of Tanks (1) => "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{473262E6-F944-4F9F-B934-0107442E0970}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
FirewallRules: [{27DCB9A0-25FE-43FC-AD68-434068364948}] => (Allow) C:\Program Files (x86)\Acer\Acer VCM\VC.exe
FirewallRules: [{187F5E7B-FF38-4834-80DA-441B80F0EB45}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{314D40DA-8D86-4D8E-A6CE-0BEA7A325400}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{A323BEA2-C8CE-4559-A48B-7A130E96F8A0}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{D3C45009-2DEE-4975-8B59-992498F5AD37}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BDFE467-30E4-46BE-A790-B1D1F7DCE773}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3907FE25-51F0-4472-B9DA-C227C3F86D81}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC4184EE-AF26-43E0-8126-ECA524F3ADCF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{009663B2-4640-4852-AAD0-CC90589B3F96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{DF8C5E33-2720-413B-A85C-57A378F76296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{5C2E51FB-F13A-46EE-BCF6-D58F1B8FD250}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe
FirewallRules: [{48E2DD5F-736E-4D19-9D7D-09786C319A1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe
FirewallRules: [TCP Query User{C1B3BC92-2043-49E0-A79B-A1C387432B4C}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [UDP Query User{4867A320-31B5-4240-BC47-94D11D67B2D9}C:\eve\sharedcache\tq\bin\exefile.exe] => (Allow) C:\eve\sharedcache\tq\bin\exefile.exe
FirewallRules: [{3A86A9C8-8250-4E66-8529-245016B6133D}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
FirewallRules: [{8F859C3F-90E4-4470-AD0A-107D0B45E177}] => (Allow) C:\Games\World_of_Tanks_CT\WoTLauncher.exe
FirewallRules: [{646DEC8E-4CD6-4EB2-AF7F-43ACB95B4832}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
FirewallRules: [{074C53D1-0247-458F-A7D7-083070330EF9}] => (Allow) C:\Games\World_of_Tanks_CT\worldoftanks.exe
FirewallRules: [{D195E6A9-2440-4813-AB31-F29BB3C0BB07}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{87C5C97E-B1D4-47CD-A0EA-C4C3D90A4C7C}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [TCP Query User{876C8CDE-22F1-4096-AC6A-4E0394F13C69}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe
FirewallRules: [UDP Query User{67103985-FF94-4C86-B53F-60E418CF94A0}C:\program files (x86)\bsgo\launcher\launcher.exe] => (Allow) C:\program files (x86)\bsgo\launcher\launcher.exe
FirewallRules: [{AA3CD8E2-EB7A-4D97-BFF0-35195929BF25}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6E62E594-EF7A-40F8-87CC-AC7A574269EA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9A29E102-55B2-49F4-8C64-F3D3EAE8B5B1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{EB758D1B-82B9-4BC0-9D63-D70AAA7BF95B}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{A2EFBC2D-91DF-4277-BDEA-BEDDD892F503}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Space\spacegame\Binaries\Win64\Fractured Space.exe
FirewallRules: [{01D54FC1-95DF-435D-BC73-F10C4893D731}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{4BFFF960-8367-4B4E-B5DC-D47C6428DBB2}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{E6AA0A86-34AE-4AF0-939A-22B0494719D5}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{E2FC24AA-F1D3-411F-881B-F4166F207F04}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{66F1FA3B-1019-4A78-B39D-8A345FC4C0FC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{4889BE61-1E65-4A55-A56D-95E26F6E1F0E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{6D3A8AE6-B1BF-40B4-B379-726AB35FA2E8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{6C42EBEB-88D4-43A1-BD10-669876C6B8C0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{00A731EE-3E30-4477-82C1-D5F6D056BC98}] => (Allow) svchost.exe
FirewallRules: [{7310DE9C-F494-4850-BC44-24516CAC70F6}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{5904D895-0BBF-43CD-9618-18C06774A57E}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{9C1D0267-ECF5-460A-8596-F97103CE18A6}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{B9C5A73F-7CA6-49A8-8F9A-E1A2014E853A}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{0EBD6171-A0E6-43FD-9C2D-8E4DE21DE5DD}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{7B24AC15-438A-4321-B95E-127C80246A25}] => (Allow) C:\Users\R\Documents\New folder\Steam.exe
FirewallRules: [{36498857-4A5D-4A7B-9B75-F80D4CE5EA8E}] => (Allow) C:\Users\R\Documents\New folder\Steam.exe
FirewallRules: [{8EFFC487-6FDF-42AF-AB2E-36F84F2969D8}] => (Allow) C:\Users\R\Documents\New folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0922CB52-977F-4DAD-8E81-DF56C363175F}] => (Allow) C:\Users\R\Documents\New folder\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{07B550D6-758D-45A5-AF90-4BA76C3B521F}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{337D1162-D1B5-45E5-881B-3069A1B71379}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{7929503A-6131-406C-89E6-8B66F64137E0}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{62349F81-838C-4778-898E-665476966AB3}] => (Allow) C:\Users\R\Documents\New folder\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{4D0AD345-AC13-4A89-8634-E587D28803BA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7B5EDF2B-27BA-44EA-9AAE-4208E3001CB5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{F4191932-1307-49C0-8B29-E4F25FC42265}C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe
FirewallRules: [UDP Query User{1BE58C9A-3E9C-4F5E-9825-3FFF45EA130F}C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\drop alive\drop alive.exe
FirewallRules: [TCP Query User{3E3F2381-DC07-4E0E-AB18-8ADF0BAB2768}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{A33F52A3-F96A-4384-867C-EA285BD468FC}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{3507EB71-76CE-4DA5-8AC6-BB8424C6A7F5}C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe
FirewallRules: [UDP Query User{B429ACA3-99EB-40B7-B2AE-CDB339813961}C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\artofwar\game\u1game.exe
FirewallRules: [TCP Query User{3C873F9F-93F7-43B4-B0EE-8820B7F22562}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{11F6721E-56E9-4FF0-8752-83AE5CF81A02}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Block) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{98B2A9BB-9750-45C3-991C-D4EF944180ED}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{0A07EA7F-3F64-4C6D-A443-8B9C0BD6F524}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{B67FAC51-12E8-40D8-9EE3-96BADD86FE26}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{55375A40-F346-46D0-9568-B93032638C9A}] => (Allow) D:\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{05AE7197-A154-45B4-B9DA-DC3D53E3893D}C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe
FirewallRules: [UDP Query User{2071F468-3D0F-44CC-BADF-EECD3EC751A4}C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe] => (Allow) C:\users\r\appdata\local\temp\i1488075462\windows\resource\jre\bin\javaw.exe
FirewallRules: [{38A7D7A6-AB9D-44AC-86FA-A6583427B52E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{55F09BF1-3D12-45B5-A596-7D418A98A4A6}] => (Allow) C:\Games\WoTLauncher.exe
FirewallRules: [{80F40897-2C77-4F69-B816-F4D658D1B806}] => (Allow) C:\Games\WoTLauncher.exe
FirewallRules: [{27265D42-BBFB-48A5-905A-B8A4B75F6058}] => (Allow) C:\Games\worldoftanks.exe
FirewallRules: [{8C480B6E-42F2-4A33-B05D-E6644914E990}] => (Allow) C:\Games\worldoftanks.exe
 
==================== Restore Points =========================
 
02-03-2017 10:27:32 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
Name: 1.3M WebCam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/03/2017 08:47:56 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
 
Error: (03/03/2017 08:46:46 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/02/2017 10:10:38 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed:
 
 
System errors:
=============
Error: (03/02/2017 02:52:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 40%
Total physical RAM: 6125.86 MB
Available physical RAM: 3672.95 MB
Total Virtual: 12249.9 MB
Available Virtual: 9646.34 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:465.76 GB) (Free:374.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:926.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C352CBF0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D32A87A1)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

Advertisements


#41
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 
Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.
 
Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply
 
If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

  • 0

#42
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

I am currently doing that part at the moment - I will post the log as soon as possible when it is completed. 


  • 0

#43
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

We have a request from FRST's developer for a copy of the file:  c:\FRST\Hives\Software.

 

This is a rather large file so we will need to zip it up.  FRST has a command to do that so we will just run a fixlist.  Once the fixlist completes the file will be on your desktop.  

 

[attachment=84283:fixlist.txt]

 

The fixlog will tell you the name of the file which will look something like: 03.03.2017_11.53.32.zip

 

Then open a browser to:

 

http://wikisend.com/

 

Click on Choose file and point it to the .zip file on your desktop.  Then click on Upload File.  Once it uploads the file, it will say:  Download Link:  Copy the text to the right (usually if you right click on it and Copy that will get the full path.)  Then open a Reply and paste the text  (ctrl + v)  .

 

 


  • 0

#44
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Hi, 

 

I'm not sure if it has worked successfully, anyway here's the link to the download link - look at the newer reply

 

The aswmbr scan is still scanning /C: so this may take a while. 


Edited by InfinityFalse, 03 March 2017 - 11:48 AM.

  • 0

#45
InfinityFalse

InfinityFalse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts

Sorry about that, it seems I got the wrong file - will post another new link. 

 

 

Update - Here's the correct link.

 

http://wikisend.com/...17_10.42.04.zip


Edited by InfinityFalse, 03 March 2017 - 11:48 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP