Solved Can't get rid of a russian adware

[nope guy]

A few days ago I downloaded a russian trainer for a game am playing (am a gamer) and then I noticed a few icons in russian were added to my desktop and changed my browser homepage and added extensions I realized its a virus and immedietly deleted the trainer,the icons,resetted browser settings,deleted extensions and ran malwarebytes,adware cleaner,spyhunter 4
now I get a notfication every 15 minutes saying 'granena.ru cant start because its missing a program' and same thing for 'linkmyc' its annoying to get interrupted by these notifications how do iget rid of them?I dont want to format my pc because I have alot of games on it and a slow connection

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[nope guy]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Alladin (administrator) on PEACEOFSHIT (19-12-2016 00:37:55)
Running from C:\Users\Alladin\Downloads
Loaded Profiles: Alladin (Available Profiles: Alladin & Administrator)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\syswow64\svchost.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Razer Inc.) D:\Razer Cortex\RzKLService.exe
Failed to access process -> Memory Compression
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
() D:\Icons\IconsDownload.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\UninstMon\PubMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [50416 2016-11-05] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1712656 2016-11-05] (Tempo Semiconductor Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\EpmNews.exe [2090176 2016-09-20] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe [1243328 2016-09-20] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.ps1 [16548 2015-06-16] ()
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [lbwpxvihxx] => explorer "http://granena.ru/?utm_source=uoua0...FCA27EF83CFE04AC447F5A2F8F96D5&utm_d=20161211" <===== ATTENTION
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [chAtom] => C:\Users\Alladin\AppData\Local\Temp\fhfshffsf99udau.exe 38 77509318_47202 3 7 <===== ATTENTION
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\RunOnce: [Uninstall C:\Users\Alladin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alladin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
Startup: C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-12-17]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Alladin\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1827436531-876901701-60735713-1001] => http://nonblocker.com/wpad.dat?92849f953ea6cac86dfcaad02eb50c4322197119
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{38a9346d-cd12-4d53-b413-32d5227737a8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e6f2e138-50f2-4dcf-8ad7-4f673469e982}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://public-box.ru/start
HKU\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=30FCA27EF83CFE04AC447F5A2F8F96D5&utm_d=20161211
SearchScopes: HKU\S-1-5-21-1827436531-876901701-60735713-1001 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1827436531-876901701-60735713-1001 -> {4187F0FC-AF41-4E4B-AE67-84C8FD35A0AE} URL = hxxp://terra.im/search?sid=101&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1827436531-876901701-60735713-1001 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1827436531-876901701-60735713-1001 -> hxxp://www.google.com/

FireFox:
========
FF ProfilePath: C:\Users\Alladin\AppData\Roaming\Mozilla\Firefox\Profiles\hn2ikl1p.default
FF Homepage: hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=30FCA27EF83CFE04AC447F5A2F8F96D5&utm_d=20161211
FF Keyword.URL: hxxp://go.mail.ru/distib/ep/?product_id=%7B2E22C22E-DB5F-42BD-BC9F-15B8CDC19931%7D&gp=811014
FF NetworkProxy: "autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ca1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS geydilrsge4s4njufyzdgnrdge2donzqga4dambq.mycdns.com:443';}"
FF NetworkProxy: "type", 0
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1827436531-876901701-60735713-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alladin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Extension: Hoxx VPN Proxy - C:\Users\Alladin\AppData\Roaming\Mozilla\Firefox\Profiles\hn2ikl1p.default\Extensions\@hoxx-vpn.xpi [2016-10-08]
FF Extension: Adblock Plus - C:\Users\Alladin\AppData\Roaming\Mozilla\Firefox\Profiles\hn2ikl1p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-18]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-08]
FF HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-10-01]
FF HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Alladin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Alladin\AppData\Roaming\IDM\idmmzcc5 [2016-12-18]
FF HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\729906.js [2016-12-17] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\729906.cfg [2016-12-17] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-08]
CHR Extension: (Google Docs) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-08]
CHR Extension: (Google Drive) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08]
CHR Extension: (YouTube) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]
CHR Extension: (Google Sheets) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-08]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-08]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-10-08]
CHR Extension: (IDM Integration Module) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-08]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2016-10-08]
CHR Extension: (Fast search) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-12-16]
CHR Extension: (Gmail) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-08]
CHR Profile: C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-05]
CHR Extension: (Google Drive) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05]
CHR Extension: (YouTube) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-12-12]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2016-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-12]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-12-12]
CHR Extension: (Ashish Mishra) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2016-12-12]
CHR Extension: (IDM Integration Module) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-12]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2016-12-12]
CHR Extension: (Gmail) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-01]

 

[nope guy]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-11-30] () [File not signed]
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-10-15] (Microsoft Corporation)
R2 CDPUserSvc_34c39; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_34c39; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 Chanerward; C:\Program Files (x86)\Anocitvikoph\srtPrv.dll [276992 2016-10-15] () [File not signed]
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
R2 IconsDownload; D:\Icons\IconsDownload.exe [228352 2016-12-13] () [File not signed]
S3 MBAMService; D:\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_34c39; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_34c39; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_34c39; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_34c39; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_34c39; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_34c39; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-09-24] ()
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-16] (Microsoft Corporation)
R2 RzKLService; D:\Razer Cortex\RzKLService.exe [129168 2015-11-13] (Razer Inc.)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [859816 2016-12-17] (Enigma Software Group USA, LLC.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [350216 2016-11-05] (Tempo Semiconductor Inc.)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-07] (Microsoft Corporation)
R3 UnistoreSvc_34c39; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_34c39; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_34c39; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_34c39; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-16] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_34c39; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_34c39; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 ZapyaService; C:\Program Files (x86)\Zapya-en\ZapyaService.exe [134368 2016-06-13] ()
S2 AMDATITechnologies; "C:\Program Files (x86)\AMD\AMDATITechnologies.exe" ae2ce54ab1294744903dca4a5f8539bf [X]
S2 GoogleGoogle; "C:\Program Files (x86)\Google\GoogleGoogle.exe" c54102ea829e4d458c86147e71427a8f [X]
S2 GTAIVScanData; "D:\GTA IV\GTAIVScanData.exe" 388837891c4f496ea6203a5f71b2a421 [X]
S2 InternetDownloadManagerATITechnologies; "C:\Program Files (x86)\Internet Download Manager\InternetDownloadManagerATITechnologies.exe" e47b5abf08794d6b8b774f94eeb062f4 [X]
S2 RealLivesMegaDownloader; "D:\Real Lives 2010\RealLivesMegaDownloader.exe" affe6dc7e5264e7e8e5695737342bee0 [X]
S2 ReferenceAssembliesInternetExplorer; "C:\Program Files (x86)\Reference Assemblies\ReferenceAssembliesInternetExplorer.exe" 420f678469254505a655a4b567f7c9a0 [X]
S2 UniverseSandboxMegaDownloader; "D:\Universe Sandbox 2\UniverseSandboxMegaDownloader.exe" b48f42ba07304dd38f2ef02dfd46c678 [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0308653.inf_amd64_3dbf29f4a4290d9d\atikmdag.sys [26568336 2016-11-17] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0308653.inf_amd64_3dbf29f4a4290d9d\atikmpag.sys [529432 2016-11-17] (Advanced Micro Devices, Inc.)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4317112 2016-12-09] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-11-05] (Advanced Micro Devices)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 esgiguard; D:\spyhunter\esgiguard.sys [15920 2016-05-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-12-17] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-08-06] (Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-05] (REALiX(tm))
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-16] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-16] (Malwarebytes)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [418784 2016-11-05] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2016-11-05] (SteelSeries Corporation)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [51400 2016-11-05] (SteelSeries ApS)
S3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [561672 2016-11-05] (Tempo Semiconductor Inc.)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-16] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-19 00:37 - 2016-12-19 00:38 - 00027887 _____ C:\Users\Alladin\Downloads\FRST.txt
2016-12-19 00:37 - 2016-12-19 00:37 - 00000000 ____D C:\FRST
2016-12-19 00:35 - 2016-12-19 00:37 - 02193920 _____ (Farbar) C:\Users\Alladin\Downloads\FRST64.exe
2016-12-19 00:20 - 2016-12-19 00:20 - 00003038 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Alladin)
2016-12-18 19:01 - 2016-12-18 19:14 - 21404876 _____ C:\Users\Alladin\Downloads\windows10.0-kb3209498-x64_3b7904aaf59958affa7f48f0ff53ebeee262afb1.msu
2016-12-18 18:38 - 2016-12-18 18:39 - 00000329 _____ C:\Users\Alladin\Desktop\updates.txt
2016-12-17 07:50 - 2016-12-18 02:03 - 358088704 ____H C:\Users\Alladin\Downloads\.getxfer.3068.0.mega
2016-12-17 07:50 - 2016-12-17 07:50 - 00000000 ___RD C:\Users\Alladin\Documents\MEGAsync
2016-12-17 07:49 - 2016-12-17 07:49 - 00001134 _____ C:\Users\Alladin\Desktop\MEGAsync.lnk
2016-12-17 07:49 - 2016-12-17 07:49 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-12-17 07:49 - 2016-12-17 07:49 - 00000000 ____D C:\Users\Alladin\AppData\Local\MEGAsync
2016-12-17 07:49 - 2016-12-17 07:49 - 00000000 ____D C:\Users\Alladin\AppData\Local\Mega Limited
2016-12-17 02:17 - 2016-12-17 02:17 - 00000000 ___HD C:\i07Ya2WrMbn4hnVq
2016-12-17 01:20 - 2016-12-17 02:17 - 00309658 _____ C:\spyhunter.fix
2016-12-17 01:20 - 2016-05-17 20:55 - 00025768 _____ C:\WINDOWS\SysWOW64\sh4native.exe
2016-12-17 01:17 - 2016-12-17 01:17 - 00000997 _____ C:\Users\Alladin\Desktop\SpyHunter4 - Shortcut.lnk
2016-12-17 00:51 - 2016-12-17 00:51 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter v4.22.8.4668
2016-12-17 00:51 - 2016-12-17 00:51 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2016-12-17 00:26 - 2016-12-17 00:26 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Enigma Software Group
2016-12-17 00:23 - 2016-12-17 00:25 - 00000000 ____D C:\sh4ldr
2016-12-17 00:06 - 2016-12-17 00:06 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-12-17 00:03 - 2016-12-17 00:03 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-12-16 18:57 - 2016-12-16 18:57 - 00000000 _____ C:\autoexec.bat
2016-12-16 18:43 - 2016-12-16 18:43 - 00000894 _____ C:\Users\Alladin\Desktop\Mad Max V1.00 Trainer +7.lnk
2016-12-16 18:35 - 2016-12-16 18:36 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Alladin\Downloads\SpyHunter-Installer.exe
2016-12-14 14:46 - 2016-12-18 19:49 - 00000911 _____ C:\Users\Alladin\Desktop\MadMax - Shortcut.lnk
2016-12-13 21:48 - 2016-12-13 21:48 - 00000000 ____D C:\Users\Alladin\Documents\Razer
2016-12-13 21:48 - 2016-12-13 21:48 - 00000000 ____D C:\Users\Alladin\AppData\Local\Razer_Inc
2016-12-13 21:47 - 2016-12-13 21:47 - 00000000 ____D C:\Users\Alladin\AppData\Local\Razer
2016-12-13 21:28 - 2016-12-13 21:28 - 00000000 ____D C:\Program Files (x86)\Razer
2016-12-13 21:28 - 2015-09-23 06:36 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2016-12-13 02:50 - 2016-12-16 18:44 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-13 02:45 - 2016-12-16 22:54 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-13 02:45 - 2016-12-16 22:54 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-13 02:45 - 2016-12-16 22:54 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-13 02:45 - 2016-12-16 22:54 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-13 02:45 - 2016-12-13 02:45 - 00000649 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-13 02:45 - 2016-11-29 06:27 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-12 02:20 - 2016-12-13 02:55 - 00000000 ____D C:\Users\Alladin\AppData\Local\Unity
2016-12-12 02:20 - 2016-12-13 02:28 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\Unity
2016-12-12 02:02 - 2016-12-12 01:47 - 00369152 _____ C:\Users\Alladin\Documents\GameSave01.sav
2016-12-12 01:57 - 2016-12-19 00:18 - 00000000 ____D C:\Users\Alladin\AppData\Local\PowerMonitor
2016-12-12 01:57 - 2016-12-12 01:57 - 00003674 _____ C:\WINDOWS\System32\Tasks\PowerMonitor
2016-12-12 01:08 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-12-12 01:08 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2016-12-12 01:08 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-12-12 01:08 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-12-12 01:08 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-12-12 01:08 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-12-12 01:08 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-12-12 01:08 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-12-12 00:59 - 2016-12-12 01:08 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-12-12 00:59 - 2016-12-12 01:07 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-11 01:10 - 2016-12-11 01:12 - 01942157 _____ C:\Users\Alladin\Downloads\MAD.MAX.2K15.V1.01.PLUS15TRN.LINGON.ZIP
2016-12-10 03:05 - 2016-12-10 03:05 - 514394730 _____ C:\WINDOWS\MEMORY.DMP
2016-12-10 03:05 - 2016-12-10 03:05 - 00411884 _____ C:\WINDOWS\Minidump\121016-28609-01.dmp
2016-12-10 03:05 - 2016-12-10 03:05 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-09 22:22 - 2016-12-09 22:22 - 00000000 ____D C:\Users\Alladin\Documents\WB Games
2016-12-09 21:23 - 2016-12-10 04:32 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\log
2016-12-09 21:23 - 2016-12-09 21:23 - 00000319 _____ C:\Users\Alladin\AppData\Roaming\FotoSketcher.ini
2016-12-09 21:23 - 2016-12-09 21:23 - 00000034 _____ C:\Users\Alladin\AppData\Roaming\pcouffin.log
2016-12-09 21:22 - 2016-12-09 21:23 - 00000000 ____D C:\Users\Alladin\Documents\PcSetup
2016-12-09 21:22 - 2016-12-09 21:23 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Vso
2016-12-09 21:22 - 2016-12-09 21:22 - 00099384 _____ C:\Users\Alladin\AppData\Roaming\inst.exe
2016-12-09 21:22 - 2016-12-09 21:22 - 00082816 _____ (VSO Software) C:\WINDOWS\system32\Drivers\pcouffin.sys
2016-12-09 21:22 - 2016-12-09 21:22 - 00082816 _____ (VSO Software) C:\Users\Alladin\AppData\Roaming\pcouffin.sys
2016-12-09 21:22 - 2016-12-09 21:22 - 00007859 _____ C:\Users\Alladin\AppData\Roaming\pcouffin.cat
2016-12-09 21:22 - 2016-12-09 21:22 - 00001153 _____ C:\Users\Alladin\Desktop\VSO Inspector.lnk
2016-12-09 21:22 - 2016-12-09 21:22 - 00000000 ____D C:\Program Files (x86)\vso
2016-12-09 21:10 - 2016-12-09 22:42 - 00000000 ____D C:\Program Files (x86)\CorePack
2016-12-09 21:07 - 2016-12-09 21:07 - 00001127 _____ C:\Users\Public\Desktop\FotoSketcher.lnk
2016-12-09 21:07 - 2016-12-09 21:07 - 00000000 ____D C:\Program Files (x86)\FotoSketcher
2016-12-09 15:46 - 2016-12-09 15:46 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\epm
2016-12-09 15:41 - 2016-12-09 15:41 - 00001464 _____ C:\Users\Public\Desktop\EaseUS Partition Master 11.9.lnk
2016-12-09 15:41 - 2016-12-09 15:41 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-12-09 15:41 - 2016-10-08 19:46 - 03851456 _____ C:\WINDOWS\system32\BootMan.exe
2016-12-09 15:41 - 2016-10-08 19:45 - 02936512 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2016-12-09 15:41 - 2016-07-11 16:01 - 00101984 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2016-12-09 15:41 - 2016-07-11 16:01 - 00088160 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe
2016-12-09 15:41 - 2016-07-11 16:01 - 00010848 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2016-12-09 15:41 - 2016-07-11 16:01 - 00010208 _____ C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2016-12-09 15:41 - 2016-07-08 21:28 - 00248832 _____ C:\WINDOWS\SysWOW64\epmntdrv.pdb
2016-12-09 15:41 - 2016-01-14 16:05 - 00024056 _____ C:\WINDOWS\system32\epmntdrv.sys
2016-12-09 15:41 - 2016-01-14 16:05 - 00021496 _____ C:\WINDOWS\SysWOW64\epmntdrv.sys
2016-12-09 15:41 - 2014-11-18 20:46 - 00021088 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2016-12-09 15:41 - 2014-11-18 20:46 - 00017504 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2016-12-06 00:13 - 2016-12-12 00:53 - 00000000 ____D C:\Users\Alladin\AppData\Local\SUPERHOT_Sp_z_o.o
2016-12-06 00:10 - 2016-12-06 00:10 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\SUPERHOT_Team
2016-12-03 18:09 - 2016-12-03 18:09 - 00001177 _____ C:\Users\Alladin\Desktop\TotallyAccurateBattleSimulator.lnk
2016-12-03 01:59 - 2016-12-03 01:59 - 00001535 _____ C:\Users\Alladin\Desktop\ohsir - Shortcut.lnk
2016-12-03 01:55 - 2016-12-03 01:55 - 00000000 ____D C:\Users\Alladin\Documents\OhSir
2016-12-02 20:42 - 2016-12-02 20:44 - 04880325 _____ C:\Users\Alladin\Downloads\Power & Revolution GeoPolitical Simulator 4 V6.20 Trainer +7 MrAntiFun.zip
2016-12-02 19:59 - 2016-06-05 02:28 - 05031424 _____ C:\Users\Alladin\Downloads\Power & Revolution GeoPolitical Simulator 4 V6.17 Trainer +7 MrAntiFun.EXE
2016-12-02 19:56 - 2016-12-02 19:58 - 04877094 _____ C:\Users\Alladin\Downloads\Power & Revolution GeoPolitical Simulator 4 V6.17 Trainer +7 MrAntiFun.zip
2016-12-01 22:26 - 2016-12-01 22:26 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\Landfall
2016-12-01 22:24 - 2016-12-01 22:24 - 37430418 _____ C:\Users\Alladin\Downloads\TotallyAccurateBattleSimulator_Data.zip
2016-11-30 19:43 - 2016-11-30 19:43 - 00116993 _____ C:\Users\Alladin\Documents\Steam Community __ Guide __ [WIP] Case closed - All your detective's cases solved.html
2016-11-30 19:43 - 2016-11-30 19:43 - 00000000 ____D C:\Users\Alladin\Documents\Steam Community __ Guide __ [WIP] Case closed - All your detective's cases solved_files
2016-11-26 16:41 - 2016-11-26 16:41 - 01512927 _____ (Audacity Team ) C:\Users\Alladin\Downloads\LADSPA_plugins-win-0.4.15.exe
2016-11-26 16:26 - 2016-12-09 01:59 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Audacity
2016-11-26 16:26 - 2016-11-26 16:26 - 00001079 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-26 16:26 - 2016-11-26 16:26 - 00000000 ____D C:\Users\Alladin\AppData\Local\Audacity
2016-11-26 16:26 - 2016-11-26 16:26 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-11-26 16:11 - 2016-11-26 16:26 - 26496761 _____ (Audacity Team ) C:\Users\Alladin\Downloads\audacity-win-2.1.2.exe
2016-11-23 01:27 - 2016-11-23 01:27 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\IDT
2016-11-23 01:01 - 2016-11-23 01:02 - 03938879 _____ (foobar2000.org) C:\Users\Alladin\Downloads\foobar2000_v1.3.13.exe
2016-11-22 18:30 - 2016-11-22 18:30 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\AMD
2016-11-20 00:19 - 2016-11-20 00:24 - 00000000 ____D C:\Program Files\ViPER4Windows

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-19 00:20 - 2016-10-08 07:15 - 05013620 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-19 00:15 - 2016-10-08 06:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-19 00:15 - 2016-10-08 06:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-18 22:17 - 2016-10-08 17:34 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\IDM
2016-12-18 19:44 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\sru
2016-12-18 19:34 - 2016-10-08 17:34 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\DMCache
2016-12-18 19:33 - 2016-10-13 04:23 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-18 19:03 - 2016-10-08 07:04 - 00000000 ____D C:\Users\Alladin
2016-12-18 18:59 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-18 18:43 - 2016-10-08 15:58 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-12-18 18:43 - 2016-10-08 09:39 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-18 18:39 - 2016-10-08 07:13 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-18 18:38 - 2016-10-14 20:37 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{54E45A3F-113F-4D17-8620-896C9E141F86}
2016-12-18 18:05 - 2016-10-09 00:11 - 12511978 _____ C:\WINDOWS\PFRO.log
2016-12-18 01:17 - 2016-11-05 12:50 - 00000000 ____D C:\AdwCleaner
2016-12-18 00:39 - 2016-10-08 17:33 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-12-18 00:39 - 2016-10-08 09:55 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-12-18 00:38 - 2016-10-08 18:17 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-18 00:37 - 2016-10-08 13:08 - 00000000 ____D C:\Program Files (x86)\AMD
2016-12-17 06:57 - 2016-10-08 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-17 06:46 - 2016-10-10 20:33 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 06:46 - 2016-10-10 20:33 - 00003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d221516877dfbe
2016-12-17 00:48 - 2016-08-14 05:23 - 00000000 ____D C:\Users\Alladin\Downloads\Compressed
2016-12-17 00:28 - 2016-10-16 21:42 - 00000000 ___HD C:\_
2016-12-17 00:01 - 2016-11-05 05:12 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\uTorrent
2016-12-13 21:29 - 2016-08-24 14:57 - 00000676 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2016-12-13 02:28 - 2016-11-05 05:50 - 00002354 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2016-12-12 20:32 - 2016-11-05 05:24 - 00000258 __RSH C:\Users\Alladin\ntuser.pol
2016-12-09 15:34 - 2016-08-22 20:35 - 00000000 ____D C:\SACCTDL
2016-12-09 15:29 - 2016-10-08 13:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-09 14:37 - 2016-11-05 04:59 - 04317112 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2016-12-07 19:32 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-06 19:01 - 2016-09-02 14:41 - 00000000 ____D C:\Users\Alladin\Documents\BeamNG.drive
2016-12-05 23:16 - 2016-09-01 19:04 - 00000845 _____ C:\Users\Alladin\Desktop\Turmoil.lnk
2016-12-03 19:45 - 2016-10-14 17:30 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Obsidium
2016-12-03 19:45 - 2016-09-09 21:26 - 00000000 ____D C:\Users\Alladin\Documents\Power & Revolution
2016-12-02 16:31 - 2016-11-18 17:04 - 00000000 ____D C:\WINDOWS\LastGood
2016-11-25 21:46 - 2016-11-05 05:34 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\IObit
2016-11-24 23:41 - 2016-11-05 05:50 - 00003390 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-11-23 01:33 - 2016-10-08 06:59 - 00011514 _____ C:\WINDOWS\setupact.log

==================== Files in the root of some directories =======

2016-12-09 21:23 - 2016-12-09 21:23 - 0000319 _____ () C:\Users\Alladin\AppData\Roaming\FotoSketcher.ini
2016-12-09 21:22 - 2016-12-09 21:22 - 0099384 _____ () C:\Users\Alladin\AppData\Roaming\inst.exe
2016-12-09 21:22 - 2016-12-09 21:22 - 0007859 _____ () C:\Users\Alladin\AppData\Roaming\pcouffin.cat
2016-12-09 21:22 - 2016-12-09 21:22 - 0001167 _____ () C:\Users\Alladin\AppData\Roaming\pcouffin.inf
2016-12-09 21:23 - 2016-12-09 21:23 - 0000034 _____ () C:\Users\Alladin\AppData\Roaming\pcouffin.log
2016-12-09 21:22 - 2016-12-09 21:22 - 0082816 _____ (VSO Software) C:\Users\Alladin\AppData\Roaming\pcouffin.sys
2016-10-28 14:01 - 2016-10-28 14:01 - 0001167 _____ () C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.1.txt
2016-10-28 14:01 - 2016-10-28 14:30 - 0000905 _____ () C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.txt
2016-10-28 14:01 - 2016-10-28 14:30 - 0000000 _____ () C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt

Some files in TEMP:
====================
C:\Users\Alladin\AppData\Local\Temp\1051.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\12A8.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1AD0.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1E99.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1EA2.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\297C.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\2EF5.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\3D16.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\595A.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\820E.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\829E.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\8DB4.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\90E.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\937D.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\94B9.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\9807.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\A56.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Alladin\AppData\Local\Temp\AE1C.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\AutoTime51495.exe
C:\Users\Alladin\AppData\Local\Temp\Bass.dll
C:\Users\Alladin\AppData\Local\Temp\Bass.Net.dll
C:\Users\Alladin\AppData\Local\Temp\C2D.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\c4s3ju76F4rK.exe
C:\Users\Alladin\AppData\Local\Temp\driver_booster_setup.exe
C:\Users\Alladin\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Alladin\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Alladin\AppData\Local\Temp\E9C1.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\ELm74JUHe6nH.exe
C:\Users\Alladin\AppData\Local\Temp\hyrU2zdfYJ5G.exe
C:\Users\Alladin\AppData\Local\Temp\libeay32.dll
C:\Users\Alladin\AppData\Local\Temp\mdi064.dll
C:\Users\Alladin\AppData\Local\Temp\mdi164.dll
C:\Users\Alladin\AppData\Local\Temp\mdi264.dll
C:\Users\Alladin\AppData\Local\Temp\mdi364.dll
C:\Users\Alladin\AppData\Local\Temp\msvcr120.dll
C:\Users\Alladin\AppData\Local\Temp\Rrcnim0GqRoY.exe
C:\Users\Alladin\AppData\Local\Temp\sqlite3.dll
C:\Users\Alladin\AppData\Local\Temp\TMP2497078.exe
C:\Users\Alladin\AppData\Local\Temp\ucbrabs (1).exe
C:\Users\Alladin\AppData\Local\Temp\ucbrabs.exe
C:\Users\Alladin\AppData\Local\Temp\{5518A8F1-8763-465E-B130-CD5D3CC80274}-55.0.2883.87_54.0.2840.99_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-12-17 02:17

==================== End of FRST.txt ============================

 

[nope guy]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Alladin (2016-12-19 00:38:51)
Running from C:\Users\Alladin\Downloads
Windows 10 Home (X64) (2016-10-07 23:13:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1827436531-876901701-60735713-500 - Administrator - Enabled) => C:\Users\Administrator
Alladin (S-1-5-21-1827436531-876901701-60735713-1001 - Administrator - Enabled) => C:\Users\Alladin
DefaultAccount (S-1-5-21-1827436531-876901701-60735713-503 - Limited - Disabled)
Guest (S-1-5-21-1827436531-876901701-60735713-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1827436531-876901701-60735713-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.)
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Driver Booster 4.1 (HKLM-x32\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
EaseUS Partition Master 11.9 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
FotoSketcher 3.20 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version: - David THOIRON)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version: 1.0.1.1 - Warner Bros Interactive)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.4.6.10930 - Razer Inc.)
Real Lives 2010 (HKLM-x32\...\Real Lives 2010) (Version: 10.0.0.13 - Educational Simulations)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.24.3.4750 - Enigma Software Group, LLC)
SpyHunter v4.22.8.4668 (HKLM-x32\...\SpyHunter v4.22.8.46684.22.8.4668) (Version: 4.22.8.4668 - Friends in War)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superhot (HKLM-x32\...\Superhot_is1) (Version: - )
UE4 Prerequisites (x86) (x32 Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unity Web Player (HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version: - VSO-Software SARL)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team)
Zapya-en1.8.0.2(English) (HKLM-x32\...\{5BEB75BB-D08F-4258-B2C8-7F7ED3CBF5CE}) (Version: 1.8.0.2(English) - DewMobile,Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1827436531-876901701-60735713-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Alladin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

02-12-2016 16:27:24 Driver Booster : AMD Radeon HD 8470D
09-12-2016 01:15:55 Driver Booster : Qualcomm Atheros AR9485 802.11b|g|n WiFi Adapter
09-12-2016 14:36:27 Driver Booster : Qualcomm Atheros AR9485 802.11b|g|n WiFi Adapter
13-12-2016 02:27:00 Driver Booster : Unity Web Player
16-12-2016 18:06:04 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-13 02:43 - 2016-12-16 22:39 - 00000184 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 example.net
127.0.0.1 keystone.mwbsys.com
127.0.0.1 clients2.google.com
127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00568BE2-AFC7-4808-A792-342FE09B210C} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-08-05] (Microsoft Corporation)
Task: {0D7245FB-A593-4EE2-892A-C93DC7BB1AAC} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {0EA6F016-8558-4673-9F5A-C25FCBC6528A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2016-11-02] (Microsoft Corporation)
Task: {0F164E86-6873-4365-BFE3-90353A43EDF5} - System32\Tasks\PowerMonitor => C:\Users\Alladin\AppData\Local\PowerMonitor\PowerMonitor.exe [2016-12-18] () <==== ATTENTION
Task: {17EC6263-0A3C-4583-9B9F-E67FC6701D9A} - System32\Tasks\Meophhapusy Adapter => C:\Program Files (x86)\Anocitvikoph\rezagh.exe [2016-10-15] (Glarysoft Ltd)
Task: {19E3F66A-125C-4011-A5B3-F02E22FDF3C4} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {204E92F4-492E-49C8-B7ED-6A6F7BD56221} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-08-20] (Microsoft Corporation)
Task: {2377DF14-C380-4339-BC1C-4B3132871004} - System32\Tasks\Driver Booster SkipUAC (Alladin) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe [2016-11-14] (IObit)
Task: {24B9980F-3A39-4A81-8D30-3A82F57D745A} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {2B161440-728E-406C-9A93-BE62D95EB67D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
Task: {30C75A57-714D-42F8-BC22-885AFBEA51F4} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {33412C8D-60A6-4799-9BCE-A6A5A9BDEFB5} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {37AB5EA7-511A-4D90-B8CB-180362ED9800} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {3CF6D4B9-4DB7-411C-8F55-53FE9599C7D4} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {3DFBA1AF-0790-4800-ADB5-F55B32C64C1B} - System32\Tasks\Driver Booster Beta SkipUAC (Alladin) => C:\Program Files (x86)\IObit\Driver Booster Beta\4.0.1\DriverBooster.exe
Task: {4829F9AE-4E92-4023-85F9-2B695F9BCCC0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {4A769C4D-4CB6-469A-9335-1FE12A6712E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-08] (Google Inc.)
Task: {4C38A633-64C1-4017-AFB3-7D4FE7A4ADF0} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {510F7B6F-336D-4B54-BDCD-C765ADC486A1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {53B8A72B-AF28-4938-99A6-C65291BE1211} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {564CE726-89A1-4B7C-A572-2F009024FAA7} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {5688BD01-1747-4C6A-AA50-1E9ADCB905C0} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {5A8785E0-CF0B-4C93-803B-93E20990A4BC} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {6FB5A295-E6E2-4F97-9D31-5EB5A0BDC848} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {7394DFD8-9481-44C4-B262-AD0C1385C977} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {7AF5ED65-54E3-4945-B74B-5FAB0F306A19} - System32\Tasks\9dd380cf4802e2308349e760d3d921f7 => Rundll32.exe "C:\Program Files (x86)\Repair File\2bnljg.dll",e62dc6c6547f46bda862da2d05af6862
Task: {7DADC371-64A9-419D-B70E-F38B081374F3} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation)
Task: {7DFF2994-548F-4E80-9A58-D4A6BB173F6E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation)
Task: {7E55CD96-87F3-4A63-8487-E0DE463B6318} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-15] (Microsoft Corporation)
Task: {8644F123-61F1-4352-93B3-560294692EFE} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {8E837BA0-AF8E-452B-A9B6-331B0DD5259F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {97EEA149-630D-465B-87C6-F2F8E552F69B} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {9A646F33-0062-4B13-8592-E5E8B954C462} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {A5DA90FC-F4BC-4712-AAA6-D500C4E1CA1F} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {A756DDA1-5CC1-4C5F-93DC-5BE45DBBFC96} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {A8D72309-F78D-4708-A735-B59035FCA294} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {ACB088BE-E09F-4764-A545-D68CF83E258D} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-16] (Microsoft Corporation)
Task: {B1FFA3A2-1F57-4C22-9C9A-4AE461873DC2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\Windows\System32\MRT.exe [2016-12-18] (Microsoft Corporation)
Task: {B34B559A-764C-495E-A52A-A2AE8FCCF76A} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {BCB6F29E-DE57-465A-A7AA-D4B6941DA800} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {BF81F147-6714-4C1C-B6CA-46934F017DEF} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D329B543-4CFF-4CDD-B60C-B573DF461EE0} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {DA51C685-494F-4F2A-85D2-C8FB8607F021} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe [2016-11-09] (IObit)
Task: {DF6911CC-67B3-4051-8767-63775C769FFB} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {F80A566D-B79F-44CD-AF59-B65A9B818D29} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {F8CC27B3-DEE1-4FE4-A477-FCCDB200DDF1} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation)
Task: {F969246F-0798-4A99-98D7-0164F2DC1EA2} - System32\Tasks\GoogleUpdateTaskMachineCore1d221516877dfbe => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-08] (Google Inc.)
Task: {FA54779E-2338-45E7-B44A-FE8B6E5C5FDF} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {FABFFA68-44D3-4D22-ACA9-10C77A5E203A} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-15 13:11 - 2016-09-16 01:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-24 04:41 - 2015-09-24 04:41 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-10-15 13:11 - 2016-09-16 01:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-01 03:45 - 2016-11-01 03:45 - 00592384 _____ () C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll
2016-10-08 13:07 - 2016-10-08 13:07 - 00959168 _____ () C:\Users\Alladin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-09-16 04:38 - 2016-09-07 12:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-15 22:14 - 2016-11-02 18:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-15 22:12 - 2016-11-02 18:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-15 22:13 - 2016-11-02 18:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-15 22:13 - 2016-11-02 18:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-15 22:12 - 2016-11-02 18:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-15 22:12 - 2016-11-02 18:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-15 21:26 - 2016-12-08 16:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 21:26 - 2016-12-08 16:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2015-11-30 04:07 - 2015-11-30 04:07 - 00138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-12-13 03:08 - 2016-12-13 03:08 - 00228352 _____ () D:\Icons\IconsDownload.exe
2016-12-13 15:06 - 2016-12-13 15:06 - 31164504 _____ () C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll
2016-10-15 13:41 - 2016-10-15 13:41 - 00276992 _____ () c:\program files (x86)\anocitvikoph\srtprv.dll
2016-11-24 23:40 - 2016-08-01 16:48 - 00355616 _____ () C:\Program Files (x86)\IObit\Driver Booster\4.1.0\madExcept_.bpl
2016-11-24 23:40 - 2016-08-01 16:48 - 00190240 _____ () C:\Program Files (x86)\IObit\Driver Booster\4.1.0\madBasic_.bpl
2016-11-24 23:40 - 2016-08-01 16:48 - 00057632 _____ () C:\Program Files (x86)\IObit\Driver Booster\4.1.0\madDisAsm_.bpl
2016-11-24 23:40 - 2016-08-01 16:48 - 00899872 _____ () C:\Program Files (x86)\IObit\Driver Booster\4.1.0\webres.dll
2016-11-24 23:40 - 2016-08-01 16:48 - 00524064 _____ () C:\Program Files (x86)\IObit\Driver Booster\4.1.0\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\SACCTDL:Win32App_1
AlternateDataStreams: C:\Program Files\AMD:Win32App_1
AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\FotoSketcher:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Qualcomm Atheros:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\UltraISO:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Xvid:Win32App_1
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cnhgyyae.sys:changelist
AlternateDataStreams: C:\Users\Alladin\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1827436531-876901701-60735713-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alladin\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{dbc9dd87-ab36-42c3-a300-e33c95a2555a}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Wecsvc => 3
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\Run: => "Xvid"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\Run: => "chAtom"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [{CDC0E719-22CB-4EFB-AA3E-548C71671809}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{835E6A20-9186-4FC4-AF83-05FC2001DBAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7070963D-CCCC-482C-AEBF-EE349993F64A}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{829F2BA6-F746-4A5A-9BF2-D3583452B325}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{FA16B0BA-B399-45AB-BBDF-AB7D238E5093}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{78C59CD7-C12E-45CE-A9B0-A6DCD3B095BF}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{06BCD022-7F41-468B-936B-4F1B14C20DB8}] => (Allow) D:\GTA IV\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{88980206-0A36-4712-9B36-D03783DF533C}] => (Allow) D:\GTA IV\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [TCP Query User{6308F77A-95D1-457C-9E4B-325BAC4773EF}D:\power & revolution\_start.exe] => (Allow) D:\power & revolution\_start.exe
FirewallRules: [UDP Query User{71463538-DDC1-42CF-B08D-139782EDC442}D:\power & revolution\_start.exe] => (Allow) D:\power & revolution\_start.exe
FirewallRules: [TCP Query User{1584C865-E5A1-4A6D-A888-6338B6BDDB86}D:\power & revolution\_start.exe] => (Allow) D:\power & revolution\_start.exe
FirewallRules: [UDP Query User{88E476D1-2F14-4D44-9529-0F0EFE97769B}D:\power & revolution\_start.exe] => (Allow) D:\power & revolution\_start.exe
FirewallRules: [{5CE9A116-1A57-454F-95CB-DF170227115F}] => (Allow) D:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{ECEEA16B-5231-4229-8CB3-09C9EEB47F77}] => (Allow) D:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{035DF3C9-3C33-4B6E-B720-F29B3BB5E41D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D8269225-FBAD-4252-91C4-0C990E692E36}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{9A76F2AD-74AC-4183-977B-33D3973AB22F}C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe] => (Allow) C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe
FirewallRules: [UDP Query User{252FE814-04A6-4AC3-BD63-B463AC643A4E}C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe] => (Allow) C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe
FirewallRules: [{AA1AC139-D213-409E-9F04-7612F89BFB06}] => (Allow) C:\Program Files (x86)\Tooleat\Application\chrome.exe
FirewallRules: [{BB2C647A-C34B-45B0-8105-43E37B0E5B80}] => (Allow) D:\MalwarebytesPortable_2.2.1.1043-Premium\App\Malwarebytes\mbam.exe
FirewallRules: [{154A2FF0-8148-4B1B-A158-F475AA9DED6B}] => (Allow) D:\MalwarebytesPortable_2.2.1.1043-Premium\App\Malwarebytes\mbam.exe
FirewallRules: [{FEB287D6-DEA9-44C0-A274-C918BB42CC29}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{818C4603-3342-4DBB-832F-354360BDD91B}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{28B39E42-ED07-4F14-AE1F-CAA2B13CA100}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6014BA1D-FBCE-41AD-A277-6F1BAD5763B6}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F559748A-329D-498F-891A-53EB4CBE661D}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1E217228-6A4B-41CA-AB18-65C6B062A7F7}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{11154CC2-EBAD-4D8C-AEE4-1132217C3A48}] => (Allow) C:\Users\Alladin\AppData\Local\Temp\is-RQQJ2.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{BD275F0E-3DE5-436A-850C-83E0D00D73A0}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{E9344456-2D47-439F-A800-94A9F1419F84}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{1CBBFF06-AF81-4228-9185-851C2DE87757}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{7B216A43-35AD-4093-9B3E-4E619A15FEDA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{C1DE45C5-07D6-42C3-900D-807ADC7487E8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{A10350E0-1BBE-4E7C-A07E-B797B5F10E8B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{95DF4D70-6460-470D-82A9-6D52C267535C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{2C6662D2-C593-4D6A-B8A6-674652285475}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{126FC3E6-F665-49E8-8CF0-C00E3AAC79E8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [TCP Query User{E191FE7C-55DD-4F24-A452-4CC4AFC6F8B4}D:\megadownloader\megadownloader.exe] => (Allow) D:\megadownloader\megadownloader.exe
FirewallRules: [UDP Query User{182AD56A-6D4C-48BD-88C9-8C4CD65A2570}D:\megadownloader\megadownloader.exe] => (Allow) D:\megadownloader\megadownloader.exe
FirewallRules: [TCP Query User{395C94AF-5390-4772-B22F-DB8D9745B98E}C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe] => (Allow) C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe
FirewallRules: [UDP Query User{57C99ABA-B3A4-4EA1-8E67-B1977A46D8A6}C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe] => (Allow) C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe
FirewallRules: [{24F8183D-C243-4009-A90B-6573634838F6}] => (Allow) C:\Users\Alladin\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{74758FDD-3D2C-4B5E-8C5B-A2D2C9E1240A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Hosted Network Virtual Adapter
Description: Microsoft Hosted Network Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/19/2016 12:30:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Faulting module name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Exception code: 0xc0000005
Fault offset: 0x0000000002088bf6
Faulting process ID: 0x7b0
Faulting application start time: 0xMadMax.exe0
Faulting application path: MadMax.exe1
Faulting module path: MadMax.exe2
Report ID: MadMax.exe3
Faulting package full name: MadMax.exe4
Faulting package-relative application ID: MadMax.exe5

Error: (12/18/2016 07:48:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Faulting module name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Exception code: 0xc0000005
Fault offset: 0x0000000002088bf6
Faulting process ID: 0x1890
Faulting application start time: 0xMadMax.exe0
Faulting application path: MadMax.exe1
Faulting module path: MadMax.exe2
Report ID: MadMax.exe3
Faulting package full name: MadMax.exe4
Faulting package-relative application ID: MadMax.exe5

Error: (12/18/2016 06:56:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (12/17/2016 07:28:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Faulting module name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Exception code: 0xc0000005
Fault offset: 0x0000000002088bf6
Faulting process ID: 0x1afc
Faulting application start time: 0xMadMax.exe0
Faulting application path: MadMax.exe1
Faulting module path: MadMax.exe2
Report ID: MadMax.exe3
Faulting package full name: MadMax.exe4
Faulting package-relative application ID: MadMax.exe5

Error: (12/17/2016 05:58:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Faulting module name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Exception code: 0xc0000005
Fault offset: 0x0000000002088bf6
Faulting process ID: 0x19c8
Faulting application start time: 0xMadMax.exe0
Faulting application path: MadMax.exe1
Faulting module path: MadMax.exe2
Report ID: MadMax.exe3
Faulting package full name: MadMax.exe4
Faulting package-relative application ID: MadMax.exe5

Error: (12/17/2016 07:46:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll8

Error: (12/17/2016 07:46:16 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: C:\Windows\System32\winspool.drvSpooler8

Error: (12/17/2016 07:46:16 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (12/17/2016 07:46:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\WINDOWS\system32\msdtcuiu.DLL8

Error: (12/17/2016 07:46:16 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8


System errors:
=============
Error: (12/19/2016 12:21:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UniverseSandboxMegaDownloader service failed to start due to the following error:
%%2

Error: (12/19/2016 12:21:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReferenceAssembliesInternetExplorer service failed to start due to the following error:
%%2

Error: (12/19/2016 12:21:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RealLivesMegaDownloader service failed to start due to the following error:
%%2

Error: (12/19/2016 12:21:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InternetDownloadManagerATITechnologies service failed to start due to the following error:
%%2

Error: (12/19/2016 12:17:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GTAIVScanData service failed to start due to the following error:
%%2

Error: (12/19/2016 12:17:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GoogleGoogle service failed to start due to the following error:
%%2

Error: (12/19/2016 12:17:28 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
%%2147500037

Error: (12/19/2016 12:17:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMDATITechnologies service failed to start due to the following error:
%%2

Error: (12/19/2016 12:15:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/19/2016 12:15:22 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 22:17:58 on ‎18/‎12/‎2016 was unexpected.


==================== Memory info ===========================

Processor: AMD A6-6400K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 24%
Total physical RAM: 7365.13 MB
Available physical RAM: 5566.97 MB
Total Virtual: 8517.13 MB
Available Virtual: 6541.99 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:459.88 GB) (Free:338.22 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (New Volume) (Fixed) (Total:262.74 GB) (Free:138.35 GB) NTFS
Drive e: (Recovery Image) (Fixed) (Total:11.2 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0C091A5B)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes Anti-Malware to your desktop.

• Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
  
• Launch Malwarebytes Anti-Malware
• A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

Already installed:
2.0 Threat Scan

• On the Dashboard, click the 'Update Now >>' link
• After the update completes, click the 'Scan Now >>' button.
  
• Or, on the Dashboard, click the Scan Now >> button.
• If an update is available, click the Update Now button.
  
• A Threat Scan will begin.
• When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
• In most cases, a restart will be required.
• Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Export'.
• Click 'Text file (*.txt)'
• In the Save File dialog box which appears, click on Desktop.
• In the File name: box type a name for your scan log.
• A message box named 'File Saved' should appear stating "Your file has been successfully exported".
• Click Ok
• Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select [URL='https://www.techspot.com/guides/1718-run-as-administrator-explained/]Run As Administrator[/URL]
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[nope guy]

RogueKiller V12.8.6.0 (x64) [Dec 19 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Alladin [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/22/2016 00:06:54 (Duration : 00:48:26)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 19 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\jhdbca -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\jhdbca -> Found
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\jhdbca -> Found
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\jhdbca -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-1827436531-876901701-60735713-1001\Software\IM -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-1827436531-876901701-60735713-1001\Software\IM -> Found
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\jhdbca -> Found
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\jhdbca -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Windows\CurrentVersion\Run | chAtom : C:\Users\Alladin\AppData\Local\Temp\fhfshffsf99udau.exe 38 77509318_47202 3 7 [x] -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Windows\CurrentVersion\Run | chAtom : C:\Users\Alladin\AppData\Local\Temp\fhfshffsf99udau.exe 38 77509318_47202 3 7 [x] -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://nonblocker.com/wpad.dat?92849f953ea6cac86dfcaad02eb50c4322197119 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://nonblocker.com/wpad.dat?92849f953ea6cac86dfcaad02eb50c4322197119 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://nonblocker.com/wpad.dat?92849f953ea6cac86dfcaad02eb50c4322197119 -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://granena.ru/?utm_content=31b5...FCA27EF83CFE04AC447F5A2F8F96D5&utm_d=20161211 -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://granena.ru/?utm_content=31b5...FCA27EF83CFE04AC447F5A2F8F96D5&utm_d=20161211 -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://public-box.ru/start -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://public-box.ru/start -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {11154CC2-EBAD-4D8C-AEE4-1132217C3A48} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\Alladin\AppData\Local\Temp\is-RQQJ2.tmp\download\MiniThunderPlatform.exe|Name=MiniThunderPlatform| [7] -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {24F8183D-C243-4009-A90B-6573634838F6} : v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\Alladin\AppData\Local\Amigo\Application\amigo.exe|Name=Amigo (mDNS-In)|Desc=Inbound rule for Amigo to allow mDNS traffic.|EmbedCtxt=Amigo| [x] -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \PowerMonitor -- C:\Users\Alladin\AppData\Local\PowerMonitor\PowerMonitor.exe (--stid="14128") -> Found

¤¤¤ Files : 5 ¤¤¤
[Suspicious.Path][File] C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [LNK@] C:\Users\Alladin\AppData\Local\MEGAsync\MEGAsync.exe -> Found
[Tr.Generic][File] C:\Users\Alladin\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Found
[Tr.Generic][File] C:\Users\Alladin\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Found
[Tr.Generic][File] C:\Users\Alladin\AppData\Local\Temp\mdi064.dll -> Found
[Hj.Name][File] C:\Users\Alladin\AppData\Local\Temp\msupdate71\dwm.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Firefox:Config] hn2ikl1p.default : user_pref("browser.startup.homepage", "http://granena.ru/?utm_content=31b5...FCA27EF83CFE04AC447F5A2F8F96D5&utm_d=20161211"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] 196dc1a2d22a06c9317774f59e1192f5
[BSP] 5ebf42eec56a87b75b00406d81496832 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 470921 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 967544832 | Size: 450 MB
5 - Basic data partition | Offset (sectors): 968468480 | Size: 269050 MB
6 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1929084928 | Size: 457 MB
7 - [SYSTEM] Basic data partition | Offset (sectors): 1930020864 | Size: 11469 MB
User = LL1 ... OK
User = LL2 ... OK

 

[nope guy]

# AdwCleaner v6.041 - Logfile created 22/12/2016 at 01:25:33
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-21.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Alladin - PEACEOFSHIT
# Running from : C:\Users\Alladin\Downloads\Programs\adwcleaner_6.041_2.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[!] Service not deleted: SpyHunter 4 Service
[!] Service not deleted: esgiguard
[!] Service not deleted: EsgScanner


***** [ Folders ] *****

[!] Folder not deleted: C:\Users\Alladin\AppData\Roaming\Enigma Software Group
[!] Folder not deleted: C:\Program Files\Enigma Software Group
[!] Folder not deleted: C:\sh4ldr


***** [ Files ] *****

[!] File not deleted: C:\WINDOWS\SysNative\drivers\EsgScanner.sys
[!] File not deleted: C:\spyhunter.fix
[!] File not deleted: C:\WINDOWS\SysWoW64\sh4native.exe


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[!] Key not deleted: HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: HKU\.DEFAULT\Software\jhdbca
[#] Key deleted on reboot: HKU\S-1-5-18\Software\jhdbca
[-] Key deleted: HKLM\SOFTWARE\jhdbca
[-] Key deleted: [x64] HKLM\SOFTWARE\jhdbca
[-] Data restored: HKU\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C}
[-] Data restored: HKU\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.startup.homepage" - "hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=30FCA27EF83CFE04AC447F5A2F8F96D5&utm_d=20161211"
[-] [C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: GoSearch
[-] [C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1] [favicon_url] Deleted: hxxp://www.amisites.com/searchfavicon.ico
[-] [C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\ChromeDefaultData] [favicon_url] Deleted: hxxp://www.mylucky123.com/searchfavicon.ico


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: " Image File Execution Options" keys deleted
:: "Prefetch" files deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [10597 Bytes] - [05/11/2016 13:14:57]
C:\AdwCleaner\AdwCleaner[C10].txt - [4912 Bytes] - [19/12/2016 00:57:35]
C:\AdwCleaner\AdwCleaner[C11].txt - [3423 Bytes] - [22/12/2016 01:25:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [8087 Bytes] - [17/11/2016 02:25:14]
C:\AdwCleaner\AdwCleaner[C3].txt - [7360 Bytes] - [18/11/2016 17:41:52]
C:\AdwCleaner\AdwCleaner[C4].txt - [11238 Bytes] - [12/12/2016 21:22:35]
C:\AdwCleaner\AdwCleaner[C5].txt - [2406 Bytes] - [12/12/2016 21:53:46]
C:\AdwCleaner\AdwCleaner[C6].txt - [3800 Bytes] - [13/12/2016 03:19:51]
C:\AdwCleaner\AdwCleaner[C7].txt - [4567 Bytes] - [13/12/2016 20:52:51]
C:\AdwCleaner\AdwCleaner[C8].txt - [4674 Bytes] - [15/12/2016 02:23:41]
C:\AdwCleaner\AdwCleaner[C9].txt - [5515 Bytes] - [18/12/2016 01:17:36]
C:\AdwCleaner\AdwCleaner[S0].txt - [14081 Bytes] - [05/11/2016 13:00:35]
C:\AdwCleaner\AdwCleaner[S10].txt - [4891 Bytes] - [19/12/2016 00:56:32]
C:\AdwCleaner\AdwCleaner[S11].txt - [5039 Bytes] - [22/12/2016 01:24:12]
C:\AdwCleaner\AdwCleaner[S1].txt - [13843 Bytes] - [05/11/2016 13:12:38]
C:\AdwCleaner\AdwCleaner[S2].txt - [11324 Bytes] - [17/11/2016 02:16:41]
C:\AdwCleaner\AdwCleaner[S3].txt - [9157 Bytes] - [18/11/2016 17:35:38]
C:\AdwCleaner\AdwCleaner[S4].txt - [10996 Bytes] - [12/12/2016 21:20:25]
C:\AdwCleaner\AdwCleaner[S5].txt - [2441 Bytes] - [12/12/2016 21:30:33]
C:\AdwCleaner\AdwCleaner[S6].txt - [4008 Bytes] - [13/12/2016 03:17:46]
C:\AdwCleaner\AdwCleaner[S7].txt - [4735 Bytes] - [13/12/2016 20:52:14]
C:\AdwCleaner\AdwCleaner[S8].txt - [4856 Bytes] - [15/12/2016 02:16:06]
C:\AdwCleaner\AdwCleaner[S9].txt - [5469 Bytes] - [18/12/2016 01:14:10]

########## EOF - C:\AdwCleaner\AdwCleaner[C11].txt - [4964 Bytes] ##########

 

[nope guy]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Alladin (Administrator) on Thu 12/22/2016 at 1:29:54.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/22/2016 at 1:32:45.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[nope guy]

I cant use malwarebytes because 1.it only detects normal apps and programs ive had for ages and are safe 2.it says no updates available 3.I live in a country with power rationing so it takes more than 2 hours and I dont have that much time

 

[Broni]

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[nope guy]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Alladin (administrator) on PEACEOFSHIT (22-12-2016 18:36:49)
Running from C:\Users\Alladin\Downloads
Loaded Profiles: Alladin (Available Profiles: Alladin & Administrator)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\syswow64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
Failed to access process -> Memory Compression
(Razer Inc.) D:\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [50416 2016-11-05] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1712656 2016-11-05] (Tempo Semiconductor Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\EpmNews.exe [2090176 2016-09-20] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe [1243328 2016-09-20] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.ps1 [16548 2015-06-16] ()
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [lbwpxvihxx] => explorer "http://granena.ru/?utm_source=uoua0...FCA27EF83CFE04AC447F5A2F8F96D5&utm_d=20161211" <===== ATTENTION
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [chAtom] => C:\Users\Alladin\AppData\Local\Temp\fhfshffsf99udau.exe 38 77509318_47202 3 7 <===== ATTENTION
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\RunOnce: [Uninstall C:\Users\Alladin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alladin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
Startup: C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-12-22]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Alladin\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

AutoConfigURL: [S-1-5-21-1827436531-876901701-60735713-1001] => http://nonblocker.com/wpad.dat?92849f953ea6cac86dfcaad02eb50c4322197119
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{38a9346d-cd12-4d53-b413-32d5227737a8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e6f2e138-50f2-4dcf-8ad7-4f673469e982}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://public-box.ru/start
HKU\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1827436531-876901701-60735713-1001 -> hxxp://www.google.com/

FireFox:
========
FF ProfilePath: C:\Users\Alladin\AppData\Roaming\Mozilla\Firefox\Profiles\hn2ikl1p.default
FF NetworkProxy: "autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ca1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS geydilrsge4s4njufyzdgnrdge2donzqga4dambq.mycdns.com:443';}"
FF NetworkProxy: "type", 0
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1827436531-876901701-60735713-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alladin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Extension: Hoxx VPN Proxy - C:\Users\Alladin\AppData\Roaming\Mozilla\Firefox\Profiles\hn2ikl1p.default\Extensions\@hoxx-vpn.xpi [2016-10-08]
FF Extension: Adblock Plus - C:\Users\Alladin\AppData\Roaming\Mozilla\Firefox\Profiles\hn2ikl1p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-18]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-08]
FF HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-10-01]
FF HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Alladin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Alladin\AppData\Roaming\IDM\idmmzcc5 [2016-12-22]
FF HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\729906.js [2016-12-17] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\729906.cfg [2016-12-17] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-08]
CHR Extension: (Google Docs) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-08]
CHR Extension: (Google Drive) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08]
CHR Extension: (YouTube) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]
CHR Extension: (Google Sheets) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-08]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-08]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-10-08]
CHR Extension: (IDM Integration Module) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-08]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2016-10-08]
CHR Extension: (No Name) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-12-16]
CHR Extension: (Gmail) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-08]
CHR Profile: C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-05]
CHR Extension: (Google Drive) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05]
CHR Extension: (YouTube) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-12-12]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2016-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-12]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-12-12]
CHR Extension: (Ashish Mishra) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2016-12-12]
CHR Extension: (IDM Integration Module) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-12]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2016-12-12]
CHR Extension: (Gmail) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-11-30] () [File not signed]
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-10-15] (Microsoft Corporation)
R2 CDPUserSvc_3763e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_3763e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 Chanerward; C:\Program Files (x86)\Anocitvikoph\srtPrv.dll [276992 2016-10-15] () [File not signed]
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
S3 MBAMService; D:\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_3763e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_3763e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_3763e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_3763e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_3763e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_3763e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-09-24] ()
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-16] (Microsoft Corporation)
R2 RzKLService; D:\Razer Cortex\RzKLService.exe [129168 2015-11-13] (Razer Inc.)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [859816 2016-12-17] (Enigma Software Group USA, LLC.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [350216 2016-11-05] (Tempo Semiconductor Inc.)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-07] (Microsoft Corporation)
R3 UnistoreSvc_3763e; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_3763e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_3763e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_3763e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-16] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_3763e; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_3763e; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 ZapyaService; C:\Program Files (x86)\Zapya-en\ZapyaService.exe [134368 2016-06-13] ()
S2 AMDATITechnologies; "C:\Program Files (x86)\AMD\AMDATITechnologies.exe" ae2ce54ab1294744903dca4a5f8539bf [X]
S2 GoogleGoogle; "C:\Program Files (x86)\Google\GoogleGoogle.exe" c54102ea829e4d458c86147e71427a8f [X]
S2 GTAIVScanData; "D:\GTA IV\GTAIVScanData.exe" 388837891c4f496ea6203a5f71b2a421 [X]
S2 IconsDownload; "D:\Icons\IconsDownload.exe" 3e19779b2974487e881c2174c0562504 [X]
S2 InternetDownloadManagerATITechnologies; "C:\Program Files (x86)\Internet Download Manager\InternetDownloadManagerATITechnologies.exe" e47b5abf08794d6b8b774f94eeb062f4 [X]
S2 RealLivesMegaDownloader; "D:\Real Lives 2010\RealLivesMegaDownloader.exe" affe6dc7e5264e7e8e5695737342bee0 [X]
S2 ReferenceAssembliesInternetExplorer; "C:\Program Files (x86)\Reference Assemblies\ReferenceAssembliesInternetExplorer.exe" 420f678469254505a655a4b567f7c9a0 [X]
S2 UniverseSandboxMegaDownloader; "D:\Universe Sandbox 2\UniverseSandboxMegaDownloader.exe" b48f42ba07304dd38f2ef02dfd46c678 [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0308653.inf_amd64_3dbf29f4a4290d9d\atikmdag.sys [26568336 2016-11-17] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0308653.inf_amd64_3dbf29f4a4290d9d\atikmpag.sys [529432 2016-11-17] (Advanced Micro Devices, Inc.)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4317112 2016-12-09] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-11-05] (Advanced Micro Devices)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 esgiguard; D:\spyhunter\esgiguard.sys [15920 2016-05-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-12-17] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-08-06] (Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-05] (REALiX(tm))
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-19] (Malwarebytes)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
R1 MpKslb0a21946; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8DEA811A-D864-439B-B7F8-0552AC1A1E15}\MpKslb0a21946.sys [44928 2016-12-22] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [418784 2016-11-05] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2016-11-05] (SteelSeries Corporation)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52952 2016-08-30] (SteelSeries ApS)
S3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [561672 2016-11-05] (Tempo Semiconductor Inc.)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-16] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

 

[nope guy]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 18:32 - 2016-12-22 18:32 - 00003390 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-12-22 18:32 - 2016-12-22 18:32 - 00003038 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Alladin)
2016-12-22 01:41 - 2016-12-22 01:41 - 32752254 _____ (Sophos Limited) C:\Users\Alladin\Downloads\Unconfirmed 539248.crdownload
2016-12-22 01:32 - 2016-12-22 01:32 - 00000557 _____ C:\Users\Alladin\Desktop\JRT.txt
2016-12-22 00:07 - 2016-12-22 00:07 - 00000937 _____ C:\Users\Alladin\Desktop\MadMax - Shortcut.lnk
2016-12-22 00:06 - 2016-12-22 00:06 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-12-21 19:09 - 2016-12-21 19:09 - 00000912 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-21 19:09 - 2016-12-21 19:09 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-19 18:46 - 2016-12-19 18:46 - 00000000 ____D C:\Users\Alladin\AppData\Local\ESET
2016-12-19 00:50 - 2016-12-19 01:01 - 01663040 _____ (Malwarebytes) C:\Users\Alladin\Desktop\JRT.exe
2016-12-19 00:38 - 2016-12-19 00:39 - 00039579 _____ C:\Users\Alladin\Downloads\Addition.txt
2016-12-19 00:37 - 2016-12-22 18:36 - 00027330 _____ C:\Users\Alladin\Downloads\FRST.txt
2016-12-19 00:37 - 2016-12-22 18:36 - 00000000 ____D C:\FRST
2016-12-19 00:35 - 2016-12-19 00:37 - 02193920 _____ (Farbar) C:\Users\Alladin\Downloads\FRST64.exe
2016-12-18 19:01 - 2016-12-18 19:14 - 21404876 _____ C:\Users\Alladin\Downloads\windows10.0-kb3209498-x64_3b7904aaf59958affa7f48f0ff53ebeee262afb1.msu
2016-12-18 18:38 - 2016-12-18 18:39 - 00000329 _____ C:\Users\Alladin\Desktop\updates.txt
2016-12-17 07:50 - 2016-12-18 02:03 - 358088704 ____H C:\Users\Alladin\Downloads\.getxfer.3068.0.mega
2016-12-17 07:50 - 2016-12-17 07:50 - 00000000 ___RD C:\Users\Alladin\Documents\MEGAsync
2016-12-17 07:49 - 2016-12-17 07:49 - 00001134 _____ C:\Users\Alladin\Desktop\MEGAsync.lnk
2016-12-17 07:49 - 2016-12-17 07:49 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-12-17 07:49 - 2016-12-17 07:49 - 00000000 ____D C:\Users\Alladin\AppData\Local\MEGAsync
2016-12-17 07:49 - 2016-12-17 07:49 - 00000000 ____D C:\Users\Alladin\AppData\Local\Mega Limited
2016-12-17 02:17 - 2016-12-17 02:17 - 00000000 ___HD C:\i07Ya2WrMbn4hnVq
2016-12-17 01:20 - 2016-12-17 02:17 - 00309658 _____ C:\spyhunter.fix
2016-12-17 01:20 - 2016-05-17 20:55 - 00025768 _____ C:\WINDOWS\SysWOW64\sh4native.exe
2016-12-17 01:17 - 2016-12-17 01:17 - 00000997 _____ C:\Users\Alladin\Desktop\SpyHunter4 - Shortcut.lnk
2016-12-17 00:51 - 2016-12-17 00:51 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter v4.22.8.4668
2016-12-17 00:51 - 2016-12-17 00:51 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2016-12-17 00:26 - 2016-12-17 00:26 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Enigma Software Group
2016-12-17 00:23 - 2016-12-17 00:25 - 00000000 ____D C:\sh4ldr
2016-12-17 00:06 - 2016-12-17 00:06 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-12-17 00:03 - 2016-12-17 00:03 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-12-16 18:57 - 2016-12-16 18:57 - 00000000 _____ C:\autoexec.bat
2016-12-16 18:43 - 2016-12-16 18:43 - 00000894 _____ C:\Users\Alladin\Desktop\Mad Max V1.00 Trainer +7.lnk
2016-12-16 18:35 - 2016-12-16 18:36 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Alladin\Downloads\SpyHunter-Installer.exe
2016-12-13 21:48 - 2016-12-13 21:48 - 00000000 ____D C:\Users\Alladin\Documents\Razer
2016-12-13 21:48 - 2016-12-13 21:48 - 00000000 ____D C:\Users\Alladin\AppData\Local\Razer_Inc
2016-12-13 21:47 - 2016-12-13 21:47 - 00000000 ____D C:\Users\Alladin\AppData\Local\Razer
2016-12-13 21:28 - 2016-12-13 21:28 - 00000000 ____D C:\Program Files (x86)\Razer
2016-12-13 21:28 - 2015-09-23 06:36 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2016-12-13 02:50 - 2016-12-16 18:44 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-13 02:45 - 2016-12-19 18:58 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-13 02:45 - 2016-12-19 18:58 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-13 02:45 - 2016-12-16 22:54 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-13 02:45 - 2016-12-16 22:54 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-13 02:45 - 2016-12-13 02:45 - 00000649 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-13 02:45 - 2016-11-29 06:27 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-12 02:20 - 2016-12-13 02:55 - 00000000 ____D C:\Users\Alladin\AppData\Local\Unity
2016-12-12 02:20 - 2016-12-13 02:28 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\Unity
2016-12-12 02:02 - 2016-12-12 01:47 - 00369152 _____ C:\Users\Alladin\Documents\GameSave01.sav
2016-12-12 01:57 - 2016-12-12 01:57 - 00003674 _____ C:\WINDOWS\System32\Tasks\PowerMonitor
2016-12-12 01:08 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-12-12 01:08 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2016-12-12 01:08 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-12-12 01:08 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-12-12 01:08 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-12-12 01:08 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-12-12 01:08 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-12-12 01:08 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-12-12 00:59 - 2016-12-12 01:08 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-12-12 00:59 - 2016-12-12 01:07 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-11 01:10 - 2016-12-11 01:12 - 01942157 _____ C:\Users\Alladin\Downloads\MAD.MAX.2K15.V1.01.PLUS15TRN.LINGON.ZIP
2016-12-10 03:05 - 2016-12-10 03:05 - 514394730 _____ C:\WINDOWS\MEMORY.DMP
2016-12-10 03:05 - 2016-12-10 03:05 - 00411884 _____ C:\WINDOWS\Minidump\121016-28609-01.dmp
2016-12-10 03:05 - 2016-12-10 03:05 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-09 22:22 - 2016-12-09 22:22 - 00000000 ____D C:\Users\Alladin\Documents\WB Games
2016-12-09 21:23 - 2016-12-10 04:32 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\log
2016-12-09 21:23 - 2016-12-09 21:23 - 00000319 _____ C:\Users\Alladin\AppData\Roaming\FotoSketcher.ini
2016-12-09 21:23 - 2016-12-09 21:23 - 00000034 _____ C:\Users\Alladin\AppData\Roaming\pcouffin.log
2016-12-09 21:22 - 2016-12-09 21:23 - 00000000 ____D C:\Users\Alladin\Documents\PcSetup
2016-12-09 21:22 - 2016-12-09 21:23 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Vso
2016-12-09 21:22 - 2016-12-09 21:22 - 00099384 _____ C:\Users\Alladin\AppData\Roaming\inst.exe
2016-12-09 21:22 - 2016-12-09 21:22 - 00082816 _____ (VSO Software) C:\WINDOWS\system32\Drivers\pcouffin.sys
2016-12-09 21:22 - 2016-12-09 21:22 - 00082816 _____ (VSO Software) C:\Users\Alladin\AppData\Roaming\pcouffin.sys
2016-12-09 21:22 - 2016-12-09 21:22 - 00007859 _____ C:\Users\Alladin\AppData\Roaming\pcouffin.cat
2016-12-09 21:22 - 2016-12-09 21:22 - 00001153 _____ C:\Users\Alladin\Desktop\VSO Inspector.lnk
2016-12-09 21:22 - 2016-12-09 21:22 - 00000000 ____D C:\Program Files (x86)\vso
2016-12-09 21:10 - 2016-12-09 22:42 - 00000000 ____D C:\Program Files (x86)\CorePack
2016-12-09 21:07 - 2016-12-09 21:07 - 00001127 _____ C:\Users\Public\Desktop\FotoSketcher.lnk
2016-12-09 21:07 - 2016-12-09 21:07 - 00000000 ____D C:\Program Files (x86)\FotoSketcher
2016-12-09 15:46 - 2016-12-09 15:46 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\epm
2016-12-09 15:41 - 2016-12-09 15:41 - 00001464 _____ C:\Users\Public\Desktop\EaseUS Partition Master 11.9.lnk
2016-12-09 15:41 - 2016-12-09 15:41 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-12-09 15:41 - 2016-10-08 19:46 - 03851456 _____ C:\WINDOWS\system32\BootMan.exe
2016-12-09 15:41 - 2016-10-08 19:45 - 02936512 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2016-12-09 15:41 - 2016-07-11 16:01 - 00101984 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2016-12-09 15:41 - 2016-07-11 16:01 - 00088160 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe
2016-12-09 15:41 - 2016-07-11 16:01 - 00010848 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2016-12-09 15:41 - 2016-07-11 16:01 - 00010208 _____ C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2016-12-09 15:41 - 2016-07-08 21:28 - 00248832 _____ C:\WINDOWS\SysWOW64\epmntdrv.pdb
2016-12-09 15:41 - 2016-01-14 16:05 - 00024056 _____ C:\WINDOWS\system32\epmntdrv.sys
2016-12-09 15:41 - 2016-01-14 16:05 - 00021496 _____ C:\WINDOWS\SysWOW64\epmntdrv.sys
2016-12-09 15:41 - 2014-11-18 20:46 - 00021088 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2016-12-09 15:41 - 2014-11-18 20:46 - 00017504 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2016-12-06 00:13 - 2016-12-12 00:53 - 00000000 ____D C:\Users\Alladin\AppData\Local\SUPERHOT_Sp_z_o.o
2016-12-06 00:10 - 2016-12-06 00:10 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\SUPERHOT_Team
2016-12-03 18:09 - 2016-12-03 18:09 - 00001177 _____ C:\Users\Alladin\Desktop\TotallyAccurateBattleSimulator.lnk
2016-12-03 01:59 - 2016-12-03 01:59 - 00001535 _____ C:\Users\Alladin\Desktop\ohsir - Shortcut.lnk
2016-12-03 01:55 - 2016-12-03 01:55 - 00000000 ____D C:\Users\Alladin\Documents\OhSir
2016-12-02 20:42 - 2016-12-02 20:44 - 04880325 _____ C:\Users\Alladin\Downloads\Power & Revolution GeoPolitical Simulator 4 V6.20 Trainer +7 MrAntiFun.zip
2016-12-02 19:59 - 2016-06-05 02:28 - 05031424 _____ C:\Users\Alladin\Downloads\Power & Revolution GeoPolitical Simulator 4 V6.17 Trainer +7 MrAntiFun.EXE
2016-12-02 19:56 - 2016-12-02 19:58 - 04877094 _____ C:\Users\Alladin\Downloads\Power & Revolution GeoPolitical Simulator 4 V6.17 Trainer +7 MrAntiFun.zip
2016-12-01 22:26 - 2016-12-01 22:26 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\Landfall
2016-12-01 22:24 - 2016-12-01 22:24 - 37430418 _____ C:\Users\Alladin\Downloads\TotallyAccurateBattleSimulator_Data.zip
2016-11-30 19:43 - 2016-11-30 19:43 - 00116993 _____ C:\Users\Alladin\Documents\Steam Community __ Guide __ [WIP] Case closed - All your detective's cases solved.html
2016-11-30 19:43 - 2016-11-30 19:43 - 00000000 ____D C:\Users\Alladin\Documents\Steam Community __ Guide __ [WIP] Case closed - All your detective's cases solved_files
2016-11-26 16:41 - 2016-11-26 16:41 - 01512927 _____ (Audacity Team ) C:\Users\Alladin\Downloads\LADSPA_plugins-win-0.4.15.exe
2016-11-26 16:26 - 2016-12-09 01:59 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Audacity
2016-11-26 16:26 - 2016-11-26 16:26 - 00001079 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-26 16:26 - 2016-11-26 16:26 - 00000000 ____D C:\Users\Alladin\AppData\Local\Audacity
2016-11-26 16:26 - 2016-11-26 16:26 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-11-26 16:11 - 2016-11-26 16:26 - 26496761 _____ (Audacity Team ) C:\Users\Alladin\Downloads\audacity-win-2.1.2.exe
2016-11-23 01:27 - 2016-11-23 01:27 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\IDT
2016-11-23 01:01 - 2016-11-23 01:02 - 03938879 _____ (foobar2000.org) C:\Users\Alladin\Downloads\foobar2000_v1.3.13.exe
2016-11-22 18:30 - 2016-11-22 18:30 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\AMD

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 18:32 - 2016-11-05 05:50 - 00002354 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2016-12-22 18:31 - 2016-10-14 20:37 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{54E45A3F-113F-4D17-8620-896C9E141F86}
2016-12-22 18:30 - 2016-10-08 07:15 - 05212170 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-22 18:26 - 2016-10-09 00:11 - 12763342 _____ C:\WINDOWS\PFRO.log
2016-12-22 18:26 - 2016-10-08 07:04 - 00000000 ____D C:\Users\Alladin
2016-12-22 18:26 - 2016-10-08 06:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-22 18:26 - 2016-10-08 06:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-22 01:25 - 2016-11-05 12:50 - 00000000 ____D C:\AdwCleaner
2016-12-22 01:25 - 2016-10-08 15:58 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-12-22 01:25 - 2016-10-08 09:39 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-22 01:08 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\sru
2016-12-21 00:56 - 2016-10-08 17:34 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\DMCache
2016-12-21 00:48 - 2016-10-08 17:34 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\IDM
2016-12-18 19:33 - 2016-10-13 04:23 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-18 18:59 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-18 18:39 - 2016-10-08 07:13 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-18 00:39 - 2016-10-08 17:33 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-12-18 00:39 - 2016-10-08 09:55 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-12-18 00:38 - 2016-10-08 18:17 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-18 00:37 - 2016-10-08 13:08 - 00000000 ____D C:\Program Files (x86)\AMD
2016-12-17 06:57 - 2016-10-08 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-17 06:46 - 2016-10-10 20:33 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 06:46 - 2016-10-10 20:33 - 00003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d221516877dfbe
2016-12-17 00:48 - 2016-08-14 05:23 - 00000000 ____D C:\Users\Alladin\Downloads\Compressed
2016-12-17 00:28 - 2016-10-16 21:42 - 00000000 ___HD C:\_
2016-12-17 00:01 - 2016-11-05 05:12 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\uTorrent
2016-12-13 21:29 - 2016-08-24 14:57 - 00000676 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2016-12-12 20:32 - 2016-11-05 05:24 - 00000258 __RSH C:\Users\Alladin\ntuser.pol
2016-12-09 15:34 - 2016-08-22 20:35 - 00000000 ____D C:\SACCTDL
2016-12-09 15:29 - 2016-10-08 13:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-09 14:37 - 2016-11-05 04:59 - 04317112 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2016-12-07 19:32 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-06 19:01 - 2016-09-02 14:41 - 00000000 ____D C:\Users\Alladin\Documents\BeamNG.drive
2016-12-05 23:16 - 2016-09-01 19:04 - 00000845 _____ C:\Users\Alladin\Desktop\Turmoil.lnk
2016-12-03 19:45 - 2016-10-14 17:30 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Obsidium
2016-12-03 19:45 - 2016-09-09 21:26 - 00000000 ____D C:\Users\Alladin\Documents\Power & Revolution
2016-12-02 16:31 - 2016-11-18 17:04 - 00000000 ____D C:\WINDOWS\LastGood
2016-11-25 21:46 - 2016-11-05 05:34 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\IObit
2016-11-23 01:33 - 2016-10-08 06:59 - 00011514 _____ C:\WINDOWS\setupact.log

==================== Files in the root of some directories =======

2016-12-09 21:23 - 2016-12-09 21:23 - 0000319 _____ () C:\Users\Alladin\AppData\Roaming\FotoSketcher.ini
2016-12-09 21:22 - 2016-12-09 21:22 - 0099384 _____ () C:\Users\Alladin\AppData\Roaming\inst.exe
2016-12-09 21:22 - 2016-12-09 21:22 - 0007859 _____ () C:\Users\Alladin\AppData\Roaming\pcouffin.cat
2016-12-09 21:22 - 2016-12-09 21:22 - 0001167 _____ () C:\Users\Alladin\AppData\Roaming\pcouffin.inf
2016-12-09 21:23 - 2016-12-09 21:23 - 0000034 _____ () C:\Users\Alladin\AppData\Roaming\pcouffin.log
2016-12-09 21:22 - 2016-12-09 21:22 - 0082816 _____ (VSO Software) C:\Users\Alladin\AppData\Roaming\pcouffin.sys
2016-10-28 14:01 - 2016-10-28 14:01 - 0001167 _____ () C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.1.txt
2016-10-28 14:01 - 2016-10-28 14:30 - 0000905 _____ () C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.txt
2016-10-28 14:01 - 2016-10-28 14:30 - 0000000 _____ () C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt

Some files in TEMP:
====================
C:\Users\Alladin\AppData\Local\Temp\1051.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\12A8.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1AD0.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1E99.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1EA2.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1FA9.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\297C.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\2A9A.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\2EF5.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\3D16.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\542.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\595A.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\5A43.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\5EE9.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\6E1B.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\820E.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\829E.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\866B.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\8DB4.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\90E.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\937D.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\94B9.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\9807.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\A56.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Alladin\AppData\Local\Temp\AE1C.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\AutoTime51495.exe
C:\Users\Alladin\AppData\Local\Temp\B476.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\Bass.dll
C:\Users\Alladin\AppData\Local\Temp\Bass.Net.dll
C:\Users\Alladin\AppData\Local\Temp\C2D.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\c4s3ju76F4rK.exe
C:\Users\Alladin\AppData\Local\Temp\C65D.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\DCC3.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Alladin\AppData\Local\Temp\driver_booster_setup.exe
C:\Users\Alladin\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Alladin\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Alladin\AppData\Local\Temp\E9C1.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\ELm74JUHe6nH.exe
C:\Users\Alladin\AppData\Local\Temp\hyrU2zdfYJ5G.exe
C:\Users\Alladin\AppData\Local\Temp\mdi164.dll
C:\Users\Alladin\AppData\Local\Temp\mdi264.dll
C:\Users\Alladin\AppData\Local\Temp\mdi364.dll
C:\Users\Alladin\AppData\Local\Temp\Rrcnim0GqRoY.exe
C:\Users\Alladin\AppData\Local\Temp\TMP2497078.exe
C:\Users\Alladin\AppData\Local\Temp\ucbrabs (1).exe
C:\Users\Alladin\AppData\Local\Temp\ucbrabs.exe
C:\Users\Alladin\AppData\Local\Temp\{5518A8F1-8763-465E-B130-CD5D3CC80274}-55.0.2883.87_54.0.2840.99_chrome_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-12-17 02:17

==================== End of FRST.txt ============================

 

[nope guy]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Alladin (2016-12-22 18:37:19)
Running from C:\Users\Alladin\Downloads
Windows 10 Home (X64) (2016-10-07 23:13:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1827436531-876901701-60735713-500 - Administrator - Enabled) => C:\Users\Administrator
Alladin (S-1-5-21-1827436531-876901701-60735713-1001 - Administrator - Enabled) => C:\Users\Alladin
DefaultAccount (S-1-5-21-1827436531-876901701-60735713-503 - Limited - Disabled)
Guest (S-1-5-21-1827436531-876901701-60735713-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1827436531-876901701-60735713-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.)
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Driver Booster 4.1 (HKLM-x32\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
EaseUS Partition Master 11.9 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
FotoSketcher 3.20 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version: - David THOIRON)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version: - Audacity Team)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version: 1.0.1.1 - Warner Bros Interactive)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.4.6.10930 - Razer Inc.)
Real Lives 2010 (HKLM-x32\...\Real Lives 2010) (Version: 10.0.0.13 - Educational Simulations)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
RogueKiller version 12.8.6.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.6.0 - Adlice Software)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.24.3.4750 - Enigma Software Group, LLC)
SpyHunter v4.22.8.4668 (HKLM-x32\...\SpyHunter v4.22.8.46684.22.8.4668) (Version: 4.22.8.4668 - Friends in War)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superhot (HKLM-x32\...\Superhot_is1) (Version: - )
UE4 Prerequisites (x86) (x32 Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x86) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version: - )
Unity Web Player (HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\UnityWebPlayer) (Version: 5.3.7f1 - Unity Technologies ApS)
VSO Inspector 2.0.2 (HKLM-x32\...\VSO Inspector_is1) (Version: - VSO-Software SARL)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team)
Zapya-en1.8.0.2(English) (HKLM-x32\...\{5BEB75BB-D08F-4258-B2C8-7F7ED3CBF5CE}) (Version: 1.8.0.2(English) - DewMobile,Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1827436531-876901701-60735713-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Alladin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

02-12-2016 16:27:24 Driver Booster : AMD Radeon HD 8470D
09-12-2016 01:15:55 Driver Booster : Qualcomm Atheros AR9485 802.11b|g|n WiFi Adapter
09-12-2016 14:36:27 Driver Booster : Qualcomm Atheros AR9485 802.11b|g|n WiFi Adapter
13-12-2016 02:27:00 Driver Booster : Unity Web Player
16-12-2016 18:06:04 Checkpoint by HitmanPro
19-12-2016 01:01:16 JRT Pre-Junkware Removal
22-12-2016 01:30:02 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-13 02:43 - 2016-12-16 22:39 - 00000184 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 example.net
127.0.0.1 keystone.mwbsys.com
127.0.0.1 clients2.google.com
127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00568BE2-AFC7-4808-A792-342FE09B210C} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-08-05] (Microsoft Corporation)
Task: {0D7245FB-A593-4EE2-892A-C93DC7BB1AAC} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {0EA6F016-8558-4673-9F5A-C25FCBC6528A} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [2016-11-02] (Microsoft Corporation)
Task: {0F164E86-6873-4365-BFE3-90353A43EDF5} - System32\Tasks\PowerMonitor => C:\Users\Alladin\AppData\Local\PowerMonitor\PowerMonitor.exe <==== ATTENTION
Task: {17EC6263-0A3C-4583-9B9F-E67FC6701D9A} - System32\Tasks\Meophhapusy Adapter => C:\Program Files (x86)\Anocitvikoph\rezagh.exe [2016-10-15] (Glarysoft Ltd)
Task: {19E3F66A-125C-4011-A5B3-F02E22FDF3C4} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {204E92F4-492E-49C8-B7ED-6A6F7BD56221} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-08-20] (Microsoft Corporation)
Task: {24B9980F-3A39-4A81-8D30-3A82F57D745A} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {2B161440-728E-406C-9A93-BE62D95EB67D} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
Task: {30C75A57-714D-42F8-BC22-885AFBEA51F4} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {33412C8D-60A6-4799-9BCE-A6A5A9BDEFB5} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {37AB5EA7-511A-4D90-B8CB-180362ED9800} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {3CF6D4B9-4DB7-411C-8F55-53FE9599C7D4} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {4829F9AE-4E92-4023-85F9-2B695F9BCCC0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {4A769C4D-4CB6-469A-9335-1FE12A6712E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-08] (Google Inc.)
Task: {4C38A633-64C1-4017-AFB3-7D4FE7A4ADF0} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {510F7B6F-336D-4B54-BDCD-C765ADC486A1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {53B8A72B-AF28-4938-99A6-C65291BE1211} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {564CE726-89A1-4B7C-A572-2F009024FAA7} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {5688BD01-1747-4C6A-AA50-1E9ADCB905C0} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {5A8785E0-CF0B-4C93-803B-93E20990A4BC} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {6FB5A295-E6E2-4F97-9D31-5EB5A0BDC848} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {7041CC29-A950-4EA7-8783-4AD3D0AA921A} - System32\Tasks\Driver Booster SkipUAC (Alladin) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe [2016-11-14] (IObit)
Task: {7394DFD8-9481-44C4-B262-AD0C1385C977} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {7DADC371-64A9-419D-B70E-F38B081374F3} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation)
Task: {7DFF2994-548F-4E80-9A58-D4A6BB173F6E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-15] (Microsoft Corporation)
Task: {7E55CD96-87F3-4A63-8487-E0DE463B6318} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-15] (Microsoft Corporation)
Task: {8644F123-61F1-4352-93B3-560294692EFE} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {8E837BA0-AF8E-452B-A9B6-331B0DD5259F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {97EEA149-630D-465B-87C6-F2F8E552F69B} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {9A646F33-0062-4B13-8592-E5E8B954C462} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {A5DA90FC-F4BC-4712-AAA6-D500C4E1CA1F} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {A756DDA1-5CC1-4C5F-93DC-5BE45DBBFC96} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {A8D72309-F78D-4708-A735-B59035FCA294} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {ACB088BE-E09F-4764-A545-D68CF83E258D} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-16] (Microsoft Corporation)
Task: {B34B559A-764C-495E-A52A-A2AE8FCCF76A} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {BCB6F29E-DE57-465A-A7AA-D4B6941DA800} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {BF81F147-6714-4C1C-B6CA-46934F017DEF} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D329B543-4CFF-4CDD-B60C-B573DF461EE0} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {DF6911CC-67B3-4051-8767-63775C769FFB} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {F80A566D-B79F-44CD-AF59-B65A9B818D29} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {F8CC27B3-DEE1-4FE4-A477-FCCDB200DDF1} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation)
Task: {F969246F-0798-4A99-98D7-0164F2DC1EA2} - System32\Tasks\GoogleUpdateTaskMachineCore1d221516877dfbe => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-08] (Google Inc.)
Task: {FA54779E-2338-45E7-B44A-FE8B6E5C5FDF} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {FABFFA68-44D3-4D22-ACA9-10C77A5E203A} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {FEF6B09E-9759-4C48-88B9-63C044D1A08D} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe [2016-11-09] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 19:42 - 2016-07-16 19:42 - 00231424 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-15 13:11 - 2016-09-16 01:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-24 04:41 - 2015-09-24 04:41 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-10-15 13:11 - 2016-09-16 01:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-01 03:45 - 2016-11-01 03:45 - 00592384 _____ () C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll
2016-10-08 13:07 - 2016-10-08 13:07 - 00959168 _____ () C:\Users\Alladin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-09-16 04:38 - 2016-09-07 12:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-15 22:14 - 2016-11-02 18:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-15 22:12 - 2016-11-02 18:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-15 22:13 - 2016-11-02 18:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-15 22:13 - 2016-11-02 18:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-15 22:12 - 2016-11-02 18:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-15 22:12 - 2016-11-02 18:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-15 21:26 - 2016-12-08 16:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 21:26 - 2016-12-08 16:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2015-11-30 04:07 - 2015-11-30 04:07 - 00138752 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-12-13 15:06 - 2016-12-13 15:06 - 31164504 _____ () C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll
2016-10-15 13:41 - 2016-10-15 13:41 - 00276992 _____ () c:\program files (x86)\anocitvikoph\srtprv.dll
2016-11-24 23:40 - 2016-08-01 16:48 - 00355616 _____ () C:\Program Files (x86)\IObit\Driver Booster\4.1.0\madExcept_.bpl
2016-11-24 23:40 - 2016-08-01 16:48 - 00190240 _____ () C:\Program Files (x86)\IObit\Driver Booster\4.1.0\madBasic_.bpl
2016-11-24 23:40 - 2016-08-01 16:48 - 00057632 _____ () C:\Program Files (x86)\IObit\Driver Booster\4.1.0\madDisAsm_.bpl
2016-11-24 23:40 - 2016-08-01 16:48 - 00899872 _____ () C:\Program Files (x86)\IObit\Driver Booster\4.1.0\webres.dll
2016-11-24 23:40 - 2016-08-01 16:48 - 00524064 _____ () C:\Program Files (x86)\IObit\Driver Booster\4.1.0\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\SACCTDL:Win32App_1
AlternateDataStreams: C:\Program Files\AMD:Win32App_1
AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\FotoSketcher:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Qualcomm Atheros:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\UltraISO:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Xvid:Win32App_1
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cnhgyyae.sys:changelist
AlternateDataStreams: C:\Users\Alladin\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1827436531-876901701-60735713-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alladin\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{dbc9dd87-ab36-42c3-a300-e33c95a2555a}.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: EventLog => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Wecsvc => 3
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "StartCN"
HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\Run: => "Xvid"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\StartupApproved\Run: => "chAtom"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [{CDC0E719-22CB-4EFB-AA3E-548C71671809}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{835E6A20-9186-4FC4-AF83-05FC2001DBAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7070963D-CCCC-482C-AEBF-EE349993F64A}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{829F2BA6-F746-4A5A-9BF2-D3583452B325}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{FA16B0BA-B399-45AB-BBDF-AB7D238E5093}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{78C59CD7-C12E-45CE-A9B0-A6DCD3B095BF}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{06BCD022-7F41-468B-936B-4F1B14C20DB8}] => (Allow) D:\GTA IV\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{88980206-0A36-4712-9B36-D03783DF533C}] => (Allow) D:\GTA IV\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [TCP Query User{6308F77A-95D1-457C-9E4B-325BAC4773EF}D:\power & revolution\_start.exe] => (Allow) D:\power & revolution\_start.exe
FirewallRules: [UDP Query User{71463538-DDC1-42CF-B08D-139782EDC442}D:\power & revolution\_start.exe] => (Allow) D:\power & revolution\_start.exe
FirewallRules: [TCP Query User{1584C865-E5A1-4A6D-A888-6338B6BDDB86}D:\power & revolution\_start.exe] => (Allow) D:\power & revolution\_start.exe
FirewallRules: [UDP Query User{88E476D1-2F14-4D44-9529-0F0EFE97769B}D:\power & revolution\_start.exe] => (Allow) D:\power & revolution\_start.exe
FirewallRules: [{5CE9A116-1A57-454F-95CB-DF170227115F}] => (Allow) D:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{ECEEA16B-5231-4229-8CB3-09C9EEB47F77}] => (Allow) D:\GTA 4\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{035DF3C9-3C33-4B6E-B720-F29B3BB5E41D}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{D8269225-FBAD-4252-91C4-0C990E692E36}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{9A76F2AD-74AC-4183-977B-33D3973AB22F}C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe] => (Allow) C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe
FirewallRules: [UDP Query User{252FE814-04A6-4AC3-BD63-B463AC643A4E}C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe] => (Allow) C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe
FirewallRules: [{AA1AC139-D213-409E-9F04-7612F89BFB06}] => (Allow) C:\Program Files (x86)\Tooleat\Application\chrome.exe
FirewallRules: [{BB2C647A-C34B-45B0-8105-43E37B0E5B80}] => (Allow) D:\MalwarebytesPortable_2.2.1.1043-Premium\App\Malwarebytes\mbam.exe
FirewallRules: [{154A2FF0-8148-4B1B-A158-F475AA9DED6B}] => (Allow) D:\MalwarebytesPortable_2.2.1.1043-Premium\App\Malwarebytes\mbam.exe
FirewallRules: [{FEB287D6-DEA9-44C0-A274-C918BB42CC29}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{818C4603-3342-4DBB-832F-354360BDD91B}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{28B39E42-ED07-4F14-AE1F-CAA2B13CA100}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6014BA1D-FBCE-41AD-A277-6F1BAD5763B6}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F559748A-329D-498F-891A-53EB4CBE661D}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1E217228-6A4B-41CA-AB18-65C6B062A7F7}] => (Allow) C:\Users\Alladin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{11154CC2-EBAD-4D8C-AEE4-1132217C3A48}] => (Allow) C:\Users\Alladin\AppData\Local\Temp\is-RQQJ2.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{BD275F0E-3DE5-436A-850C-83E0D00D73A0}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{E9344456-2D47-439F-A800-94A9F1419F84}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{1CBBFF06-AF81-4228-9185-851C2DE87757}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{7B216A43-35AD-4093-9B3E-4E619A15FEDA}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{C1DE45C5-07D6-42C3-900D-807ADC7487E8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{A10350E0-1BBE-4E7C-A07E-B797B5F10E8B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{95DF4D70-6460-470D-82A9-6D52C267535C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{2C6662D2-C593-4D6A-B8A6-674652285475}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{126FC3E6-F665-49E8-8CF0-C00E3AAC79E8}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [TCP Query User{E191FE7C-55DD-4F24-A452-4CC4AFC6F8B4}D:\megadownloader\megadownloader.exe] => (Allow) D:\megadownloader\megadownloader.exe
FirewallRules: [UDP Query User{182AD56A-6D4C-48BD-88C9-8C4CD65A2570}D:\megadownloader\megadownloader.exe] => (Allow) D:\megadownloader\megadownloader.exe
FirewallRules: [TCP Query User{395C94AF-5390-4772-B22F-DB8D9745B98E}C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe] => (Allow) C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe
FirewallRules: [UDP Query User{57C99ABA-B3A4-4EA1-8E67-B1977A46D8A6}C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe] => (Allow) C:\users\alladin\downloads\activeragdoll\activeragdoll\windowsnoeditor\engine\binaries\win32\ue4game-win32-shipping.exe
FirewallRules: [{24F8183D-C243-4009-A90B-6573634838F6}] => (Allow) C:\Users\Alladin\AppData\Local\Amigo\Application\amigo.exe
FirewallRules: [{74758FDD-3D2C-4B5E-8C5B-A2D2C9E1240A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft Hosted Network Virtual Adapter
Description: Microsoft Hosted Network Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2016 01:40:23 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (12/22/2016 01:34:59 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (12/22/2016 01:30:48 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (12/22/2016 01:30:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/22/2016 01:21:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MadMax.exe version 1.0.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 47c

Start Time: 01d25ba45c363359

Termination Time: 4294967295

Application Path: D:\Mad Max\MadMax.exe

Report Id: edc2874e-c7a1-11e6-af3a-40f02fe58ab1

Faulting package full name:

Faulting package-relative application ID:

Error: (12/21/2016 03:07:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Faulting module name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Exception code: 0xc0000005
Fault offset: 0x0000000002088bf6
Faulting process ID: 0x14c0
Faulting application start time: 0xMadMax.exe0
Faulting application path: MadMax.exe1
Faulting module path: MadMax.exe2
Report ID: MadMax.exe3
Faulting package full name: MadMax.exe4
Faulting package-relative application ID: MadMax.exe5

Error: (12/21/2016 01:26:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Faulting module name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Exception code: 0xc0000005
Fault offset: 0x0000000002088bf6
Faulting process ID: 0x17dc
Faulting application start time: 0xMadMax.exe0
Faulting application path: MadMax.exe1
Faulting module path: MadMax.exe2
Report ID: MadMax.exe3
Faulting package full name: MadMax.exe4
Faulting package-relative application ID: MadMax.exe5

Error: (12/20/2016 06:38:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Faulting module name: MadMax.exe, version: 1.0.1.1, time stamp: 0x55e1f23c
Exception code: 0xc0000005
Fault offset: 0x0000000002088bf6
Faulting process ID: 0x1ac4
Faulting application start time: 0xMadMax.exe0
Faulting application path: MadMax.exe1
Faulting module path: MadMax.exe2
Report ID: MadMax.exe3
Faulting package full name: MadMax.exe4
Faulting package-relative application ID: MadMax.exe5

Error: (12/20/2016 12:57:28 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (12/19/2016 07:29:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program esetonlinescanner_enu.exe version 2.0.13.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 404

Start Time: 01d259ea161eed47

Termination Time: 4294967295

Application Path: C:\Users\Alladin\Downloads\Programs\esetonlinescanner_enu.exe

Report Id: 6c50662a-c5de-11e6-af31-40f02fe58ab1

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (12/22/2016 06:28:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UniverseSandboxMegaDownloader service failed to start due to the following error:
%%2

Error: (12/22/2016 06:28:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ReferenceAssembliesInternetExplorer service failed to start due to the following error:
%%2

Error: (12/22/2016 06:28:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RealLivesMegaDownloader service failed to start due to the following error:
%%2

Error: (12/22/2016 06:28:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InternetDownloadManagerATITechnologies service failed to start due to the following error:
%%2

Error: (12/22/2016 06:28:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IconsDownload service failed to start due to the following error:
%%2

Error: (12/22/2016 06:28:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GTAIVScanData service failed to start due to the following error:
%%2

Error: (12/22/2016 06:28:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GoogleGoogle service failed to start due to the following error:
%%2

Error: (12/22/2016 06:28:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
%%2147500037

Error: (12/22/2016 06:28:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AMDATITechnologies service failed to start due to the following error:
%%2

Error: (12/22/2016 06:26:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


==================== Memory info ===========================

Processor: AMD A6-6400K APU with Radeon(tm) HD Graphics
Percentage of memory in use: 30%
Total physical RAM: 7365.13 MB
Available physical RAM: 5124.78 MB
Total Virtual: 8517.13 MB
Available Virtual: 6174.88 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:459.88 GB) (Free:337.14 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (New Volume) (Fixed) (Total:262.74 GB) (Free:138.14 GB) NTFS
Drive e: (Recovery Image) (Fixed) (Total:11.2 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0C091A5B)

Partition: GPT.

==================== End of Addition.txt ============================

 

[nope guy]

I think I might got rid of it since I dont get any of the trojans annoying notifications someone suggested I use farbar recovery scan tool and it worked (I think) ill update if I get any signs of it again..

 

[Broni]

You're still infected.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[nope guy]

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Alladin (2016-12-24 02:16:35) Run:2
Running from C:\Users\Alladin\Downloads
Loaded Profiles: Alladin (Available Profiles: Alladin & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [lbwpxvihxx] => explorer "http://granena.ru/?utm_source=uoua0...FCA27EF83CFE04AC447F5A2F8F96D5&utm_d=20161211" <===== ATTENTION
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [chAtom] => C:\Users\Alladin\AppData\Local\Temp\fhfshffsf99udau.exe 38 77509318_47202 3 7 <===== ATTENTION
C:\Users\Alladin\AppData\Local\Temp\fhfshffsf99udau.exe 38 77509318_47202 3 7
C:\Users\Alladin\AppData\Local\Temp\fhfshffsf99udau.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\729906.js [2016-12-17] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\729906.cfg [2016-12-17] <==== ATTENTION
C:\Program Files (x86)\mozilla firefox\defaults\pref\729906.js
C:\Program Files (x86)\mozilla firefox\729906.cfg
S2 AMDATITechnologies; "C:\Program Files (x86)\AMD\AMDATITechnologies.exe" ae2ce54ab1294744903dca4a5f8539bf [X]
S2 GoogleGoogle; "C:\Program Files (x86)\Google\GoogleGoogle.exe" c54102ea829e4d458c86147e71427a8f [X]
S2 GTAIVScanData; "D:\GTA IV\GTAIVScanData.exe" 388837891c4f496ea6203a5f71b2a421 [X]
S2 IconsDownload; "D:\Icons\IconsDownload.exe" 3e19779b2974487e881c2174c0562504 [X]
S2 InternetDownloadManagerATITechnologies; "C:\Program Files (x86)\Internet Download Manager\InternetDownloadManagerATITechnologies.exe" e47b5abf08794d6b8b774f94eeb062f4 [X]
S2 RealLivesMegaDownloader; "D:\Real Lives 2010\RealLivesMegaDownloader.exe" affe6dc7e5264e7e8e5695737342bee0 [X]
S2 ReferenceAssembliesInternetExplorer; "C:\Program Files (x86)\Reference Assemblies\ReferenceAssembliesInternetExplorer.exe" 420f678469254505a655a4b567f7c9a0 [X]
S2 UniverseSandboxMegaDownloader; "D:\Universe Sandbox 2\UniverseSandboxMegaDownloader.exe" b48f42ba07304dd38f2ef02dfd46c678 [X]
2016-12-09 21:23 - 2016-12-09 21:23 - 0000319 _____ () C:\Users\Alladin\AppData\Roaming\FotoSketcher.ini
2016-12-09 21:22 - 2016-12-09 21:22 - 0099384 _____ () C:\Users\Alladin\AppData\Roaming\inst.exe
2016-12-09 21:22 - 2016-12-09 21:22 - 0007859 _____ () C:\Users\Alladin\AppData\Roaming\pcouffin.cat
2016-12-09 21:22 - 2016-12-09 21:22 - 0001167 _____ () C:\Users\Alladin\AppData\Roaming\pcouffin.inf
2016-12-09 21:23 - 2016-12-09 21:23 - 0000034 _____ () C:\Users\Alladin\AppData\Roaming\pcouffin.log
2016-12-09 21:22 - 2016-12-09 21:22 - 0082816 _____ (VSO Software) C:\Users\Alladin\AppData\Roaming\pcouffin.sys
2016-10-28 14:01 - 2016-10-28 14:01 - 0001167 _____ () C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.1.txt
2016-10-28 14:01 - 2016-10-28 14:30 - 0000905 _____ () C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.txt
2016-10-28 14:01 - 2016-10-28 14:30 - 0000000 _____ () C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
C:\Users\Alladin\AppData\Local\Temp\1051.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\12A8.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1AD0.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1E99.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1EA2.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\1FA9.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\297C.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\2A9A.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\2EF5.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\3D16.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\542.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\595A.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\5A43.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\5EE9.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\6E1B.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\820E.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\829E.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\866B.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\8DB4.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\90E.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\937D.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\94B9.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\9807.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\A56.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\ACLMInstaller.exe
C:\Users\Alladin\AppData\Local\Temp\AE1C.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\AutoTime51495.exe
C:\Users\Alladin\AppData\Local\Temp\B476.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\Bass.dll
C:\Users\Alladin\AppData\Local\Temp\Bass.Net.dll
C:\Users\Alladin\AppData\Local\Temp\C2D.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\c4s3ju76F4rK.exe
C:\Users\Alladin\AppData\Local\Temp\C65D.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\DCC3.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Alladin\AppData\Local\Temp\driver_booster_setup.exe
C:\Users\Alladin\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Alladin\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Alladin\AppData\Local\Temp\E9C1.tmp.exe
C:\Users\Alladin\AppData\Local\Temp\ELm74JUHe6nH.exe
C:\Users\Alladin\AppData\Local\Temp\hyrU2zdfYJ5G.exe
C:\Users\Alladin\AppData\Local\Temp\mdi164.dll
C:\Users\Alladin\AppData\Local\Temp\mdi264.dll
C:\Users\Alladin\AppData\Local\Temp\mdi364.dll
C:\Users\Alladin\AppData\Local\Temp\Rrcnim0GqRoY.exe
C:\Users\Alladin\AppData\Local\Temp\TMP2497078.exe
C:\Users\Alladin\AppData\Local\Temp\ucbrabs (1).exe
C:\Users\Alladin\AppData\Local\Temp\ucbrabs.exe
C:\Users\Alladin\AppData\Local\Temp\{5518A8F1-8763-465E-B130-CD5D3CC80274}-55.0.2883.87_54.0.2840.99_chrome_updater.exe
Task: {0F164E86-6873-4365-BFE3-90353A43EDF5} - System32\Tasks\PowerMonitor => C:\Users\Alladin\AppData\Local\PowerMonitor\PowerMonitor.exe <==== ATTENTION
C:\Users\Alladin\AppData\Local\PowerMonitor
AlternateDataStreams: C:\SACCTDL:Win32App_1
AlternateDataStreams: C:\Program Files\AMD:Win32App_1
AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\AMD:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\FotoSketcher:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Qualcomm Atheros:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\UltraISO:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Xvid:Win32App_1
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cnhgyyae.sys:changelist
AlternateDataStreams: C:\Users\Alladin\SkyDrive:ms-properties

*****************

HKU\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\lbwpxvihxx => value not found.
HKU\S-1-5-21-1827436531-876901701-60735713-1001\Software\Microsoft\Windows\CurrentVersion\Run\\chAtom => value not found.
"C:\Users\Alladin\AppData\Local\Temp\fhfshffsf99udau.exe 38 77509318_47202 3 7" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\fhfshffsf99udau.exe" => File/Folder not found.
"C:\WINDOWS\system32\GroupPolicy\Machine" => File/Folder not found.
"C:\Program Files (x86)\mozilla firefox\defaults\pref\729906.js" => not found.
"C:\Program Files (x86)\mozilla firefox\729906.cfg" => not found.
"C:\Program Files (x86)\mozilla firefox\defaults\pref\729906.js" => File/Folder not found.
"C:\Program Files (x86)\mozilla firefox\729906.cfg" => File/Folder not found.
AMDATITechnologies => service not found.
GoogleGoogle => service not found.
GTAIVScanData => service not found.
IconsDownload => service removed successfully
InternetDownloadManagerATITechnologies => service not found.
RealLivesMegaDownloader => service not found.
ReferenceAssembliesInternetExplorer => service not found.
UniverseSandboxMegaDownloader => service not found.
C:\Users\Alladin\AppData\Roaming\FotoSketcher.ini => moved successfully
C:\Users\Alladin\AppData\Roaming\inst.exe => moved successfully
C:\Users\Alladin\AppData\Roaming\pcouffin.cat => moved successfully
C:\Users\Alladin\AppData\Roaming\pcouffin.inf => moved successfully
C:\Users\Alladin\AppData\Roaming\pcouffin.log => moved successfully
C:\Users\Alladin\AppData\Roaming\pcouffin.sys => moved successfully
C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.1.txt => moved successfully
C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.txt => moved successfully
C:\Users\Alladin\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt => moved successfully
"C:\Users\Alladin\AppData\Local\Temp\1051.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\12A8.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\1AD0.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\1E99.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\1EA2.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\1FA9.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\297C.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\2A9A.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\2EF5.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\3D16.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\542.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\595A.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\5A43.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\5EE9.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\6E1B.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\820E.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\829E.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\866B.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\8DB4.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\90E.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\937D.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\94B9.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\9807.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\A56.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\ACLMInstaller.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\AE1C.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\AutoTime51495.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\B476.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\Bass.dll" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\Bass.Net.dll" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\C2D.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\c4s3ju76F4rK.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\C65D.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\DCC3.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\dllnt_dump.dll" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\driver_booster_setup.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\drm_dyndata_7370014.dll" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\drm_dyndata_7380014.dll" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\E9C1.tmp.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\ELm74JUHe6nH.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\hyrU2zdfYJ5G.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\mdi164.dll" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\mdi264.dll" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\mdi364.dll" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\Rrcnim0GqRoY.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\TMP2497078.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\ucbrabs (1).exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\ucbrabs.exe" => File/Folder not found.
"C:\Users\Alladin\AppData\Local\Temp\{5518A8F1-8763-465E-B130-CD5D3CC80274}-55.0.2883.87_54.0.2840.99_chrome_updater.exe" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F164E86-6873-4365-BFE3-90353A43EDF5} => key not found.
C:\WINDOWS\System32\Tasks\PowerMonitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PowerMonitor => key not found.
"C:\Users\Alladin\AppData\Local\PowerMonitor" => File/Folder not found.
"C:\SACCTDL" => ":Win32App_1" ADS not found.
"C:\Program Files\AMD" => ":Win32App_1" ADS not found.
"C:\Program Files\ATI Technologies" => ":Win32App_1" ADS not found.
C:\Program Files\RogueKiller => ":Win32App_1" ADS removed successfully.
"C:\Program Files (x86)\AMD" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\ATI Technologies" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\Audacity" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\FotoSketcher" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\Mozilla Firefox" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\Qualcomm Atheros" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\UltraISO" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\Xvid" => ":Win32App_1" ADS not found.
"C:\WINDOWS\system32\Drivers\cnhgyyae.sys" => ":changelist" ADS not found.
"C:\Users\Alladin\SkyDrive" => ":ms-properties" ADS not found.

==== End of Fixlog 02:16:36 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[nope guy]

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter 4
SpyHunter v4.22.8.4668
Mozilla Firefox (49.0.2)
Google Chrome (55.0.2883.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MpCmdRun.exe
Windows Defender MSASCuiL.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[nope guy]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Alladin (administrator) on PEACEOFSHIT (24-12-2016 20:10:22)
Running from C:\Users\Alladin\Downloads
Loaded Profiles: Alladin (Available Profiles: Alladin & Administrator)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Razer Inc.) D:\Razer Cortex\RzKLService.exe
Failed to access process -> Memory Compression
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe
(IObit) C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [50416 2016-11-05] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1712656 2016-11-05] (Tempo Semiconductor Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\EpmNews.exe [2090176 2016-09-20] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe [1243328 2016-09-20] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.9\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.ps1 [16548 2015-06-16] ()
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Run: [Steam] => D:\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\RunOnce: [Uninstall C:\Users\Alladin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alladin\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-01] ()
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Alladin\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-01] ()
Startup: C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-12-22]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Alladin\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{38a9346d-cd12-4d53-b413-32d5227737a8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e6f2e138-50f2-4dcf-8ad7-4f673469e982}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1827436531-876901701-60735713-1001 -> hxxp://www.google.com/

FireFox:
========
FF ProfilePath: C:\Users\Alladin\AppData\Roaming\Mozilla\Firefox\Profiles\hn2ikl1p.default
FF NetworkProxy: "autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ca1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS gy3s4mrqguxdcnzvfyzdamjdge2dqmruguytembq.mycdns.com:443';}"
FF NetworkProxy: "type", 2
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1827436531-876901701-60735713-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alladin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-10-26] (Unity Technologies ApS)
FF Extension: Hoxx VPN Proxy - C:\Users\Alladin\AppData\Roaming\Mozilla\Firefox\Profiles\hn2ikl1p.default\Extensions\@hoxx-vpn.xpi [2016-10-08]
FF Extension: Adblock Plus - C:\Users\Alladin\AppData\Roaming\Mozilla\Firefox\Profiles\hn2ikl1p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-18]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-08]
FF HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-10-01]
FF HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Alladin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Alladin\AppData\Roaming\IDM\idmmzcc5 [2016-12-24]
FF HKU\S-1-5-21-1827436531-876901701-60735713-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi

Chrome:
=======
CHR Profile: C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-08]
CHR Extension: (Google Docs) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-08]
CHR Extension: (Google Drive) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-08]
CHR Extension: (YouTube) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-08]
CHR Extension: (Google Sheets) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-08]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-10-08]
CHR Extension: (Google Docs Offline) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-08]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-10-08]
CHR Extension: (IDM Integration Module) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-10-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-08]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2016-10-08]
CHR Extension: (No Name) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-12-16]
CHR Extension: (Gmail) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-08]
CHR Extension: (Chrome Media Router) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-08]
CHR Profile: C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-05]
CHR Extension: (Google Drive) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05]
CHR Extension: (YouTube) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05]
CHR Extension: (Fair Ads (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gagfkmknmijppikpcikmbbkdkhggcmge [2016-12-12]
CHR Extension: (Wolf and the Ice Planet) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gffkhmkbijdmbncaoclaclldnbndflck [2016-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-12]
CHR Extension: (Fair AdBlocker (by STANDS)) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2016-12-12]
CHR Extension: (Ashish Mishra) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2016-12-12]
CHR Extension: (IDM Integration Module) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-12]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2016-12-12]
CHR Extension: (Gmail) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\Alladin\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-12]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-11-30] () [File not signed]
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation)
R2 CDPUserSvc_37c21; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_37c21; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
S3 MBAMService; D:\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_37c21; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_37c21; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_37c21; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_37c21; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_37c21; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_37c21; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-09-24] ()
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-16] (Microsoft Corporation)
R2 RzKLService; D:\Razer Cortex\RzKLService.exe [129168 2015-11-13] (Razer Inc.)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [859816 2016-12-17] (Enigma Software Group USA, LLC.)
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [350216 2016-11-05] (Tempo Semiconductor Inc.)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-09-07] (Microsoft Corporation)
R3 UnistoreSvc_37c21; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_37c21; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_37c21; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_37c21; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-16] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_37c21; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_37c21; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S2 Chanerward; C:\Program Files (x86)\Anocitvikoph\srtPrv.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0308653.inf_amd64_3dbf29f4a4290d9d\atikmdag.sys [26568336 2016-11-17] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0308653.inf_amd64_3dbf29f4a4290d9d\atikmpag.sys [529432 2016-11-17] (Advanced Micro Devices, Inc.)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4317112 2016-12-09] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-11-05] (Advanced Micro Devices)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
S3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows (R) Win 7 DDK provider)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 esgiguard; D:\spyhunter\esgiguard.sys [15920 2016-05-17] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-12-17] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-08-06] (Microsoft Corporation)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-11-05] (REALiX(tm))
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-19] (Malwarebytes)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
R1 MpKsl805ff4d5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{925C4EC1-D938-4282-AF41-04475EDE87C6}\MpKsl805ff4d5.sys [44928 2016-12-24] (Microsoft Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [418784 2016-11-05] (Realsil Semiconductor Corporation)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R3 SAlphamHid; C:\Windows\System32\drivers\SAlpham64.sys [39168 2016-11-05] (SteelSeries Corporation)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
R3 sshid; C:\Windows\System32\drivers\sshid.sys [52952 2016-08-30] (SteelSeries ApS)
S3 STHDA; C:\Windows\system32\DRIVERS\stwrt64.sys [561672 2016-11-05] (Tempo Semiconductor Inc.)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-16] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)

 

[nope guy]

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 20:07 - 2016-12-24 20:08 - 00448512 _____ (OldTimer Tools) C:\Users\Alladin\Downloads\TFC.exe
2016-12-24 20:05 - 2016-12-24 20:05 - 00003038 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Alladin)
2016-12-24 06:45 - 2016-12-24 15:33 - 1298661376 ____H C:\Users\Alladin\Downloads\.getxfer.4500.1.mega
2016-12-24 05:54 - 2016-12-24 06:15 - 01861582 _____ (Sophos Limited) C:\Users\Alladin\Downloads\Sophos Virus Removal Tool (1).exe
2016-12-24 05:52 - 2016-12-24 05:52 - 00083080 _____ C:\Users\Alladin\Documents\Steam Community __ Guide __ All Locations.html
2016-12-24 05:42 - 2016-12-24 05:51 - 00000000 ____D C:\My Web Sites
2016-12-24 05:38 - 2016-12-24 05:52 - 00000000 ____D C:\Users\Alladin\Documents\Steam Community __ Guide __ All Locations_files
2016-12-24 05:26 - 2016-12-24 05:49 - 02596414 _____ (Sophos Limited) C:\Users\Alladin\Downloads\Sophos Virus Removal Tool.exe
2016-12-24 02:23 - 2016-12-24 03:32 - 56490848 _____ (AMD Inc.) C:\Users\Alladin\Downloads\radeon-crimson-relive-16.12.2-minimalsetup-161221_web.exe
2016-12-23 21:27 - 2016-12-24 06:46 - 00000911 _____ C:\Users\Alladin\Desktop\MadMax - Shortcut.lnk
2016-12-23 14:16 - 2016-12-23 14:16 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-23 14:11 - 2016-12-09 17:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-23 14:11 - 2016-12-09 17:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-23 14:11 - 2016-11-11 18:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-23 14:11 - 2016-11-11 17:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-23 14:11 - 2016-11-11 17:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-23 14:11 - 2016-11-11 17:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-23 14:11 - 2016-11-11 17:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-23 14:11 - 2016-11-11 17:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-23 14:11 - 2016-11-11 15:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-23 14:11 - 2016-11-11 15:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-23 14:10 - 2016-12-09 18:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-23 14:10 - 2016-12-09 18:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-23 14:10 - 2016-12-09 18:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-23 14:10 - 2016-12-09 18:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-23 14:10 - 2016-12-09 18:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-23 14:10 - 2016-12-09 18:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-23 14:10 - 2016-12-09 18:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-23 14:10 - 2016-12-09 18:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-23 14:10 - 2016-12-09 18:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-23 14:10 - 2016-12-09 18:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-23 14:10 - 2016-12-09 17:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-23 14:10 - 2016-12-09 17:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-23 14:10 - 2016-12-09 17:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-23 14:10 - 2016-12-09 17:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-23 14:10 - 2016-12-09 17:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-23 14:10 - 2016-12-09 17:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-23 14:10 - 2016-12-09 17:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-23 14:10 - 2016-12-09 17:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-23 14:10 - 2016-12-09 17:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-23 14:10 - 2016-12-09 17:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-23 14:10 - 2016-12-09 17:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-23 14:10 - 2016-12-09 17:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-23 14:10 - 2016-12-09 17:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-23 14:10 - 2016-12-09 17:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-23 14:10 - 2016-12-09 17:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-23 14:10 - 2016-12-09 17:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-23 14:10 - 2016-12-09 17:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-23 14:10 - 2016-12-09 17:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-23 14:10 - 2016-12-09 17:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-23 14:10 - 2016-12-09 17:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-23 14:10 - 2016-11-11 18:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-23 14:10 - 2016-11-11 18:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-23 14:10 - 2016-11-11 18:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-23 14:10 - 2016-11-11 18:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-23 14:10 - 2016-11-11 17:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-23 14:10 - 2016-11-11 17:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-23 14:10 - 2016-11-11 17:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-23 14:10 - 2016-11-11 17:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-23 14:10 - 2016-11-11 17:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-23 14:10 - 2016-11-11 17:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-23 14:10 - 2016-11-11 17:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-23 14:10 - 2016-11-11 17:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-23 14:10 - 2016-11-11 17:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-23 14:10 - 2016-11-11 17:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-23 14:10 - 2016-11-11 17:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-23 14:10 - 2016-11-11 17:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-23 14:10 - 2016-11-11 17:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-23 14:10 - 2016-11-11 17:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-23 14:10 - 2016-11-11 17:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-23 14:10 - 2016-11-11 17:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-23 14:10 - 2016-11-11 17:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-23 14:10 - 2016-11-11 17:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-23 14:10 - 2016-11-11 17:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-23 14:10 - 2016-11-11 17:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-23 14:10 - 2016-11-11 17:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-23 14:10 - 2016-11-11 17:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-23 14:10 - 2016-11-11 17:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-23 14:10 - 2016-11-11 17:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-23 14:10 - 2016-11-11 17:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-23 14:10 - 2016-11-11 17:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-23 14:10 - 2016-11-11 17:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-23 14:10 - 2016-11-11 17:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-23 14:10 - 2016-11-11 17:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-23 14:10 - 2016-11-11 17:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-23 14:10 - 2016-11-11 17:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-23 14:10 - 2016-11-11 17:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-23 14:10 - 2016-11-11 17:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-23 14:10 - 2016-11-11 16:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-23 14:10 - 2016-11-11 15:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-23 14:10 - 2016-11-11 15:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-23 14:10 - 2016-11-11 15:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-23 14:10 - 2016-11-11 15:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-23 14:10 - 2016-11-11 15:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-23 14:10 - 2016-11-11 15:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-23 14:10 - 2016-11-11 15:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-23 14:10 - 2016-11-11 15:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-23 14:10 - 2016-11-11 15:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-23 14:10 - 2016-11-11 15:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-23 14:10 - 2016-11-11 15:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-23 14:10 - 2016-11-11 15:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-23 14:10 - 2016-11-11 15:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-23 14:10 - 2016-11-11 15:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-23 14:10 - 2016-11-11 15:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-23 14:10 - 2016-11-11 15:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-23 14:10 - 2016-11-11 15:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-23 14:10 - 2016-11-11 15:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-23 14:10 - 2016-11-11 15:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-23 14:10 - 2016-11-11 15:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-23 14:10 - 2016-11-11 15:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-23 14:10 - 2016-11-11 15:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-23 14:10 - 2016-11-11 15:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-23 14:10 - 2016-11-11 15:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-23 14:10 - 2016-11-11 15:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-23 14:10 - 2016-11-11 15:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-23 14:10 - 2016-11-11 15:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-23 14:10 - 2016-11-11 15:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-23 14:10 - 2016-11-11 15:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-23 14:10 - 2016-11-11 15:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-23 14:10 - 2016-11-11 15:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-23 14:10 - 2016-11-11 15:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-23 14:10 - 2016-11-11 15:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-23 14:10 - 2016-11-11 15:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-23 14:10 - 2016-11-11 15:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-23 14:10 - 2016-11-11 15:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-23 14:10 - 2016-11-11 15:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-23 14:10 - 2016-11-11 15:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-23 14:10 - 2016-11-11 15:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-23 14:10 - 2016-11-11 15:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-23 14:10 - 2016-11-11 15:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-23 14:10 - 2016-11-11 15:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-23 14:09 - 2016-12-09 18:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-23 14:09 - 2016-12-09 18:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-23 14:09 - 2016-12-09 18:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-23 14:09 - 2016-12-09 18:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-23 14:09 - 2016-12-09 18:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-23 14:09 - 2016-12-09 18:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-23 14:09 - 2016-12-09 18:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-23 14:09 - 2016-12-09 18:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-23 14:09 - 2016-12-09 18:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-23 14:09 - 2016-12-09 18:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-23 14:09 - 2016-12-09 18:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-23 14:09 - 2016-12-09 17:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-23 14:09 - 2016-12-09 17:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-23 14:09 - 2016-12-09 17:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-23 14:09 - 2016-12-09 17:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-23 14:09 - 2016-12-09 17:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-23 14:09 - 2016-12-09 17:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-23 14:09 - 2016-12-09 17:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-23 14:09 - 2016-12-09 17:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-23 14:09 - 2016-12-09 17:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-23 14:09 - 2016-12-09 17:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-23 14:09 - 2016-12-09 17:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-23 14:09 - 2016-12-09 17:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-23 14:09 - 2016-12-09 17:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-23 14:09 - 2016-12-09 17:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-23 14:09 - 2016-12-09 17:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-23 14:09 - 2016-12-09 17:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-23 14:09 - 2016-12-09 17:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-23 14:09 - 2016-11-11 18:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-23 14:09 - 2016-11-11 18:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-23 14:09 - 2016-11-11 18:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-23 14:09 - 2016-11-11 17:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-23 14:09 - 2016-11-11 17:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-23 14:09 - 2016-11-11 17:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-23 14:09 - 2016-11-11 17:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-23 14:09 - 2016-11-11 17:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-23 14:09 - 2016-11-11 17:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-23 14:09 - 2016-11-11 17:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-23 14:09 - 2016-11-11 17:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-23 14:09 - 2016-11-11 17:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-23 14:09 - 2016-11-11 17:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-23 14:09 - 2016-11-11 17:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-23 14:09 - 2016-11-11 17:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-23 14:09 - 2016-11-11 17:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-23 14:09 - 2016-11-11 17:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-23 14:09 - 2016-11-11 17:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-23 14:09 - 2016-11-11 17:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-23 14:09 - 2016-11-11 17:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-23 14:09 - 2016-11-11 17:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-23 14:09 - 2016-11-11 17:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-23 14:09 - 2016-11-11 17:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-23 14:09 - 2016-11-11 17:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-23 14:09 - 2016-11-11 17:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-23 14:09 - 2016-11-11 17:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-23 14:09 - 2016-11-11 17:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-23 14:09 - 2016-11-11 17:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-23 14:09 - 2016-11-11 17:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-23 14:09 - 2016-11-11 17:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-23 14:09 - 2016-11-11 17:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-23 14:09 - 2016-11-11 17:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-23 14:09 - 2016-11-11 17:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-23 14:09 - 2016-11-11 17:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-23 14:09 - 2016-11-11 17:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-23 14:09 - 2016-11-11 17:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-23 14:09 - 2016-11-11 17:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-23 14:09 - 2016-11-11 16:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-23 14:09 - 2016-11-11 16:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-23 14:09 - 2016-11-11 15:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-23 14:09 - 2016-11-11 15:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-23 14:09 - 2016-11-11 15:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-23 14:09 - 2016-11-11 15:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-23 14:09 - 2016-11-11 15:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-23 14:09 - 2016-11-11 15:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-23 14:09 - 2016-11-11 15:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-23 14:09 - 2016-11-11 15:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-23 14:09 - 2016-11-11 15:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-23 14:09 - 2016-11-11 15:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-23 14:09 - 2016-11-11 15:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-23 14:09 - 2016-11-11 15:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-23 14:09 - 2016-11-11 15:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-23 14:09 - 2016-11-11 15:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-23 14:09 - 2016-11-11 15:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll

 

[nope guy]

2016-12-23 14:09 - 2016-11-11 15:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-23 14:08 - 2016-12-09 18:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-23 14:08 - 2016-12-09 18:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-23 14:08 - 2016-12-09 18:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-23 14:08 - 2016-12-09 18:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-23 14:08 - 2016-12-09 18:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-23 14:08 - 2016-12-09 18:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-23 14:08 - 2016-12-09 18:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-23 14:08 - 2016-12-09 17:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-23 14:08 - 2016-12-09 17:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-23 14:08 - 2016-12-09 17:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-23 14:08 - 2016-12-09 17:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-23 14:08 - 2016-12-09 17:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-23 14:08 - 2016-12-09 17:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-23 14:08 - 2016-12-09 17:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-23 14:08 - 2016-12-09 17:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-23 14:08 - 2016-12-09 17:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-23 14:08 - 2016-12-09 17:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-23 14:08 - 2016-12-09 17:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-23 14:08 - 2016-12-09 17:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-23 14:08 - 2016-12-09 16:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-23 14:08 - 2016-11-11 18:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-23 14:08 - 2016-11-11 18:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-23 14:08 - 2016-11-11 18:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-23 14:08 - 2016-11-11 18:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-23 14:08 - 2016-11-11 18:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-23 14:08 - 2016-11-11 18:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-23 14:08 - 2016-11-11 18:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-23 14:08 - 2016-11-11 18:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-23 14:08 - 2016-11-11 17:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-23 14:08 - 2016-11-11 17:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-23 14:08 - 2016-11-11 17:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-23 14:08 - 2016-11-11 17:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-23 14:08 - 2016-11-11 17:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-23 14:08 - 2016-11-11 17:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-23 14:08 - 2016-11-11 17:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-23 14:08 - 2016-11-11 17:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-23 14:08 - 2016-11-11 17:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-23 14:08 - 2016-11-11 17:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-23 14:08 - 2016-11-11 17:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-23 14:08 - 2016-11-11 17:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-23 14:08 - 2016-11-11 17:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-23 14:08 - 2016-11-11 17:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-23 14:08 - 2016-11-11 17:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-23 14:08 - 2016-11-11 17:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-23 14:08 - 2016-11-11 17:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-23 14:08 - 2016-11-11 17:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-23 14:08 - 2016-11-11 17:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-23 14:08 - 2016-11-11 17:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-23 14:08 - 2016-11-11 17:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-23 14:08 - 2016-11-11 17:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-23 14:08 - 2016-11-11 17:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-23 14:08 - 2016-11-11 17:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-23 14:08 - 2016-11-11 17:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-23 14:08 - 2016-11-11 17:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-23 14:08 - 2016-11-11 17:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-23 14:08 - 2016-11-11 17:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-23 14:08 - 2016-11-11 17:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-23 14:08 - 2016-11-11 17:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-23 14:08 - 2016-11-11 17:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-23 14:08 - 2016-11-11 17:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-23 14:08 - 2016-11-11 17:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-23 14:08 - 2016-11-11 17:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-23 14:08 - 2016-11-11 17:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-23 14:08 - 2016-11-11 17:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-23 14:08 - 2016-11-11 17:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-23 14:08 - 2016-11-11 17:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-23 14:08 - 2016-11-11 17:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-23 14:08 - 2016-11-11 17:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-23 14:08 - 2016-11-11 16:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-23 14:08 - 2016-11-11 16:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-23 14:08 - 2016-11-11 15:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-23 14:08 - 2016-11-11 15:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-23 14:08 - 2016-11-11 15:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-23 14:08 - 2016-11-11 15:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-23 14:08 - 2016-11-11 15:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-23 14:08 - 2016-11-11 15:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-23 14:08 - 2016-11-11 15:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-23 14:08 - 2016-11-11 15:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-23 14:08 - 2016-11-11 15:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-23 14:08 - 2016-11-11 15:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-23 14:08 - 2016-11-11 15:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-23 14:08 - 2016-11-11 15:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-23 14:08 - 2016-11-11 15:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-23 14:08 - 2016-11-11 15:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-23 14:07 - 2016-12-09 18:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-23 14:07 - 2016-12-09 18:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-23 14:07 - 2016-12-09 18:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-23 14:07 - 2016-12-09 18:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-23 14:07 - 2016-12-09 18:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-23 14:07 - 2016-12-09 18:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-23 14:07 - 2016-12-09 18:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-23 14:07 - 2016-12-09 18:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-23 14:07 - 2016-12-09 17:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-23 14:07 - 2016-12-09 17:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-23 14:07 - 2016-12-09 17:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-23 14:07 - 2016-12-09 17:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-23 14:07 - 2016-12-09 17:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-23 14:07 - 2016-12-09 17:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-23 14:07 - 2016-12-09 17:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-23 14:07 - 2016-12-09 17:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-23 14:07 - 2016-12-09 17:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-23 14:07 - 2016-12-09 17:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-23 14:07 - 2016-12-09 17:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-23 14:07 - 2016-12-09 17:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-23 14:07 - 2016-12-09 17:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-23 14:07 - 2016-12-09 17:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-23 14:07 - 2016-11-11 18:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-23 14:07 - 2016-11-11 18:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-23 14:07 - 2016-11-11 18:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-23 14:07 - 2016-11-11 17:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-23 14:07 - 2016-11-11 17:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-23 14:07 - 2016-11-11 17:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-23 14:07 - 2016-11-11 17:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-23 14:07 - 2016-11-11 17:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-23 14:07 - 2016-11-11 17:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-23 14:07 - 2016-11-11 17:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-23 14:07 - 2016-11-11 17:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-23 14:07 - 2016-11-11 17:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-23 14:07 - 2016-11-11 17:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-23 14:07 - 2016-11-11 17:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-23 14:07 - 2016-11-11 17:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-23 14:07 - 2016-11-11 17:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-23 14:07 - 2016-11-11 17:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-23 14:07 - 2016-11-11 17:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-23 14:07 - 2016-11-11 17:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-23 14:07 - 2016-11-11 17:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-23 14:07 - 2016-11-11 17:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-23 14:07 - 2016-11-11 17:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-23 14:07 - 2016-11-11 17:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-23 14:07 - 2016-11-11 17:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-23 14:07 - 2016-11-11 17:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-23 14:07 - 2016-11-11 17:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-23 14:07 - 2016-11-11 17:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-23 14:07 - 2016-11-11 15:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-23 14:07 - 2016-11-11 15:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-23 14:07 - 2016-11-11 15:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-23 14:07 - 2016-11-11 15:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-23 14:07 - 2016-11-11 15:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-23 14:07 - 2016-11-11 15:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-23 14:07 - 2016-11-11 15:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-23 14:07 - 2016-11-11 15:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-23 14:07 - 2016-11-11 15:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-23 14:07 - 2016-11-11 15:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-23 14:07 - 2016-11-11 15:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-23 14:07 - 2016-11-11 15:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-23 14:07 - 2016-11-11 15:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-23 14:07 - 2016-11-11 15:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-23 14:06 - 2016-12-09 18:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-23 14:06 - 2016-12-09 17:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-23 14:06 - 2016-12-09 17:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-23 14:06 - 2016-12-09 17:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-23 14:06 - 2016-12-09 17:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-23 14:06 - 2016-12-09 17:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-23 14:06 - 2016-12-09 17:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-23 14:06 - 2016-12-09 17:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-23 14:06 - 2016-12-09 17:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-23 14:06 - 2016-12-09 17:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-23 14:06 - 2016-12-09 17:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-23 14:06 - 2016-11-11 18:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-23 14:06 - 2016-11-11 18:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-23 14:06 - 2016-11-11 18:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-23 14:06 - 2016-11-11 17:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-23 14:06 - 2016-11-11 17:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-23 14:06 - 2016-11-11 17:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-23 14:06 - 2016-11-11 17:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-23 14:06 - 2016-11-11 17:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-23 14:06 - 2016-11-11 17:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-23 14:06 - 2016-11-11 17:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-23 14:06 - 2016-11-11 17:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-23 14:06 - 2016-11-11 17:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-23 14:06 - 2016-11-11 17:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-23 14:06 - 2016-11-11 17:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-23 14:06 - 2016-11-11 17:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-23 14:06 - 2016-11-11 17:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-23 14:06 - 2016-11-11 15:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-23 14:06 - 2016-11-11 15:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-23 14:06 - 2016-11-11 15:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-23 14:06 - 2016-11-11 15:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-23 14:05 - 2016-12-12 07:56 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-23 14:05 - 2016-12-12 07:56 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-22 19:44 - 2016-12-24 06:33 - 00000000 ____D C:\Users\Alladin\AppData\Local\CrashDumps
2016-12-22 18:49 - 2016-12-22 18:49 - 00000008 __RSH C:\Users\Alladin\ntuser.pol
2016-12-22 18:32 - 2016-12-22 18:32 - 00003390 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-12-22 00:06 - 2016-12-22 00:06 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-12-21 19:09 - 2016-12-21 19:09 - 00000912 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-21 19:09 - 2016-12-21 19:09 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-19 18:46 - 2016-12-19 18:46 - 00000000 ____D C:\Users\Alladin\AppData\Local\ESET
2016-12-19 00:50 - 2016-12-19 01:01 - 01663040 _____ (Malwarebytes) C:\Users\Alladin\Desktop\JRT.exe
2016-12-19 00:38 - 2016-12-22 18:37 - 00039767 _____ C:\Users\Alladin\Downloads\Addition.txt
2016-12-19 00:37 - 2016-12-24 20:10 - 00024775 _____ C:\Users\Alladin\Downloads\FRST.txt
2016-12-19 00:37 - 2016-12-24 20:10 - 00000000 ____D C:\FRST
2016-12-19 00:35 - 2016-12-19 00:37 - 02193920 _____ (Farbar) C:\Users\Alladin\Downloads\FRST64.exe
2016-12-17 07:50 - 2016-12-17 07:50 - 00000000 ___RD C:\Users\Alladin\Documents\MEGAsync
2016-12-17 07:49 - 2016-12-17 07:49 - 00001134 _____ C:\Users\Alladin\Desktop\MEGAsync.lnk
2016-12-17 07:49 - 2016-12-17 07:49 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-12-17 07:49 - 2016-12-17 07:49 - 00000000 ____D C:\Users\Alladin\AppData\Local\MEGAsync
2016-12-17 07:49 - 2016-12-17 07:49 - 00000000 ____D C:\Users\Alladin\AppData\Local\Mega Limited
2016-12-17 01:20 - 2016-12-17 02:17 - 00309658 _____ C:\spyhunter.fix
2016-12-17 01:20 - 2016-05-17 20:55 - 00025768 _____ C:\WINDOWS\SysWOW64\sh4native.exe
2016-12-17 01:17 - 2016-12-17 01:17 - 00000997 _____ C:\Users\Alladin\Desktop\SpyHunter4 - Shortcut.lnk
2016-12-17 00:51 - 2016-12-17 00:51 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter v4.22.8.4668
2016-12-17 00:51 - 2016-12-17 00:51 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1-click run
2016-12-17 00:26 - 2016-12-17 00:26 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Enigma Software Group
2016-12-17 00:23 - 2016-12-17 00:25 - 00000000 ____D C:\sh4ldr
2016-12-17 00:06 - 2016-12-17 00:06 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-12-17 00:03 - 2016-12-17 00:03 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-12-16 18:57 - 2016-12-16 18:57 - 00000000 _____ C:\autoexec.bat
2016-12-16 18:43 - 2016-12-16 18:43 - 00000894 _____ C:\Users\Alladin\Desktop\Mad Max V1.00 Trainer +7.lnk
2016-12-16 18:35 - 2016-12-16 18:36 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Alladin\Downloads\SpyHunter-Installer.exe
2016-12-13 21:48 - 2016-12-13 21:48 - 00000000 ____D C:\Users\Alladin\Documents\Razer
2016-12-13 21:48 - 2016-12-13 21:48 - 00000000 ____D C:\Users\Alladin\AppData\Local\Razer_Inc
2016-12-13 21:47 - 2016-12-13 21:47 - 00000000 ____D C:\Users\Alladin\AppData\Local\Razer
2016-12-13 21:28 - 2016-12-13 21:28 - 00000000 ____D C:\Program Files (x86)\Razer
2016-12-13 21:28 - 2015-09-23 06:36 - 00037184 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2016-12-13 02:50 - 2016-12-16 18:44 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-13 02:45 - 2016-12-19 18:58 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-13 02:45 - 2016-12-19 18:58 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-13 02:45 - 2016-12-16 22:54 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-13 02:45 - 2016-12-16 22:54 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-13 02:45 - 2016-12-13 02:45 - 00000649 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-13 02:45 - 2016-11-29 06:27 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-12 02:20 - 2016-12-13 02:55 - 00000000 ____D C:\Users\Alladin\AppData\Local\Unity
2016-12-12 02:20 - 2016-12-13 02:28 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\Unity
2016-12-12 02:02 - 2016-12-12 01:47 - 00369152 _____ C:\Users\Alladin\Documents\GameSave01.sav
2016-12-12 01:08 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-12-12 01:08 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-12-12 01:08 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-12-12 01:08 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-12-12 01:08 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2016-12-12 01:08 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-12-12 01:08 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-12-12 01:08 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-12-12 01:08 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-12-12 01:08 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-12-12 01:08 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-12-12 01:08 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-12-12 01:08 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-12-12 01:08 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-12-12 01:08 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-12-12 01:08 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-12-12 00:59 - 2016-12-12 01:08 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-12-12 00:59 - 2016-12-12 01:07 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-12-11 01:10 - 2016-12-11 01:12 - 01942157 _____ C:\Users\Alladin\Downloads\MAD.MAX.2K15.V1.01.PLUS15TRN.LINGON.ZIP
2016-12-10 03:05 - 2016-12-10 03:05 - 514394730 _____ C:\WINDOWS\MEMORY.DMP
2016-12-10 03:05 - 2016-12-10 03:05 - 00411884 _____ C:\WINDOWS\Minidump\121016-28609-01.dmp
2016-12-10 03:05 - 2016-12-10 03:05 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-09 22:22 - 2016-12-09 22:22 - 00000000 ____D C:\Users\Alladin\Documents\WB Games
2016-12-09 21:23 - 2016-12-10 04:32 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\log
2016-12-09 21:22 - 2016-12-09 21:23 - 00000000 ____D C:\Users\Alladin\Documents\PcSetup
2016-12-09 21:22 - 2016-12-09 21:23 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Vso
2016-12-09 21:22 - 2016-12-09 21:22 - 00082816 _____ (VSO Software) C:\WINDOWS\system32\Drivers\pcouffin.sys
2016-12-09 21:22 - 2016-12-09 21:22 - 00001153 _____ C:\Users\Alladin\Desktop\VSO Inspector.lnk
2016-12-09 21:22 - 2016-12-09 21:22 - 00000000 ____D C:\Program Files (x86)\vso
2016-12-09 21:10 - 2016-12-09 22:42 - 00000000 ____D C:\Program Files (x86)\CorePack
2016-12-09 21:07 - 2016-12-09 21:07 - 00001127 _____ C:\Users\Public\Desktop\FotoSketcher.lnk
2016-12-09 21:07 - 2016-12-09 21:07 - 00000000 ____D C:\Program Files (x86)\FotoSketcher
2016-12-09 15:46 - 2016-12-09 15:46 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\epm
2016-12-09 15:41 - 2016-12-09 15:41 - 00001464 _____ C:\Users\Public\Desktop\EaseUS Partition Master 11.9.lnk
2016-12-09 15:41 - 2016-12-09 15:41 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-12-09 15:41 - 2016-10-08 19:46 - 03851456 _____ C:\WINDOWS\system32\BootMan.exe
2016-12-09 15:41 - 2016-10-08 19:45 - 02936512 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2016-12-09 15:41 - 2016-07-11 16:01 - 00101984 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2016-12-09 15:41 - 2016-07-11 16:01 - 00088160 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe
2016-12-09 15:41 - 2016-07-11 16:01 - 00010848 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2016-12-09 15:41 - 2016-07-11 16:01 - 00010208 _____ C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2016-12-09 15:41 - 2016-07-08 21:28 - 00248832 _____ C:\WINDOWS\SysWOW64\epmntdrv.pdb
2016-12-09 15:41 - 2016-01-14 16:05 - 00024056 _____ C:\WINDOWS\system32\epmntdrv.sys
2016-12-09 15:41 - 2016-01-14 16:05 - 00021496 _____ C:\WINDOWS\SysWOW64\epmntdrv.sys
2016-12-09 15:41 - 2014-11-18 20:46 - 00021088 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2016-12-09 15:41 - 2014-11-18 20:46 - 00017504 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2016-12-06 00:13 - 2016-12-12 00:53 - 00000000 ____D C:\Users\Alladin\AppData\Local\SUPERHOT_Sp_z_o.o
2016-12-06 00:10 - 2016-12-06 00:10 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\SUPERHOT_Team
2016-12-03 18:09 - 2016-12-03 18:09 - 00001177 _____ C:\Users\Alladin\Desktop\TotallyAccurateBattleSimulator.lnk
2016-12-03 01:59 - 2016-12-03 01:59 - 00001535 _____ C:\Users\Alladin\Desktop\ohsir - Shortcut.lnk
2016-12-03 01:55 - 2016-12-03 01:55 - 00000000 ____D C:\Users\Alladin\Documents\OhSir
2016-12-02 20:42 - 2016-12-02 20:44 - 04880325 _____ C:\Users\Alladin\Downloads\Power & Revolution GeoPolitical Simulator 4 V6.20 Trainer +7 MrAntiFun.zip
2016-12-02 19:59 - 2016-06-05 02:28 - 05031424 _____ C:\Users\Alladin\Downloads\Power & Revolution GeoPolitical Simulator 4 V6.17 Trainer +7 MrAntiFun.EXE
2016-12-02 19:56 - 2016-12-02 19:58 - 04877094 _____ C:\Users\Alladin\Downloads\Power & Revolution GeoPolitical Simulator 4 V6.17 Trainer +7 MrAntiFun.zip
2016-12-01 22:26 - 2016-12-01 22:26 - 00000000 ____D C:\Users\Alladin\AppData\LocalLow\Landfall
2016-12-01 22:24 - 2016-12-01 22:24 - 37430418 _____ C:\Users\Alladin\Downloads\TotallyAccurateBattleSimulator_Data.zip
2016-11-30 19:43 - 2016-11-30 19:43 - 00116993 _____ C:\Users\Alladin\Documents\Steam Community __ Guide __ [WIP] Case closed - All your detective's cases solved.html
2016-11-30 19:43 - 2016-11-30 19:43 - 00000000 ____D C:\Users\Alladin\Documents\Steam Community __ Guide __ [WIP] Case closed - All your detective's cases solved_files
2016-11-26 16:41 - 2016-11-26 16:41 - 01512927 _____ (Audacity Team ) C:\Users\Alladin\Downloads\LADSPA_plugins-win-0.4.15.exe
2016-11-26 16:26 - 2016-12-23 14:53 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Audacity
2016-11-26 16:26 - 2016-11-26 16:26 - 00001079 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-11-26 16:26 - 2016-11-26 16:26 - 00000000 ____D C:\Users\Alladin\AppData\Local\Audacity
2016-11-26 16:26 - 2016-11-26 16:26 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-11-26 16:11 - 2016-11-26 16:26 - 26496761 _____ (Audacity Team ) C:\Users\Alladin\Downloads\audacity-win-2.1.2.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 20:08 - 2016-10-08 07:15 - 05392670 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-24 20:05 - 2016-11-05 05:50 - 00002354 _____ C:\Users\Public\Desktop\Driver Booster 4.lnk
2016-12-24 20:03 - 2016-10-09 00:11 - 13005178 _____ C:\WINDOWS\PFRO.log
2016-12-24 20:03 - 2016-10-08 06:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-24 20:03 - 2016-10-08 06:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-24 15:24 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\sru
2016-12-24 13:16 - 2016-10-14 20:37 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{54E45A3F-113F-4D17-8620-896C9E141F86}
2016-12-24 08:56 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\rescache
2016-12-24 06:35 - 2016-10-08 17:34 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\DMCache
2016-12-24 06:15 - 2016-10-08 17:34 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\IDM
2016-12-24 03:33 - 2016-10-08 10:11 - 00000000 ____D C:\Program Files\AMD
2016-12-24 03:33 - 2016-08-28 09:45 - 00000000 ____D C:\AMD
2016-12-23 20:48 - 2016-08-14 05:23 - 00000000 ____D C:\Users\Alladin\Downloads\Compressed
2016-12-23 14:59 - 2016-10-08 07:04 - 00000000 ____D C:\Users\Alladin
2016-12-23 14:58 - 2016-10-08 15:58 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-12-23 14:58 - 2016-10-08 09:39 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-23 14:34 - 2016-10-08 07:13 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-23 14:33 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-23 14:31 - 2016-10-08 06:58 - 00215888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-23 14:30 - 2016-10-08 09:50 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-23 14:30 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-23 14:30 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-23 14:30 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-23 14:30 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-23 14:30 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-23 14:30 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-23 14:30 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-23 14:30 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-23 14:30 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-23 14:30 - 2016-10-08 09:39 - 00000000 ____D C:\WINDOWS\servicing
2016-12-23 14:20 - 2016-10-08 09:41 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-22 18:47 - 2016-10-08 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-22 18:47 - 2016-10-08 09:50 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-22 01:25 - 2016-11-05 12:50 - 00000000 ____D C:\AdwCleaner
2016-12-18 19:33 - 2016-10-13 04:23 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-18 18:59 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-18 00:39 - 2016-10-08 17:33 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-12-18 00:39 - 2016-10-08 09:55 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-12-18 00:38 - 2016-10-08 18:17 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-18 00:37 - 2016-10-08 13:08 - 00000000 ____D C:\Program Files (x86)\AMD
2016-12-17 06:46 - 2016-10-10 20:33 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 06:46 - 2016-10-10 20:33 - 00003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d221516877dfbe
2016-12-17 00:01 - 2016-11-05 05:12 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\uTorrent
2016-12-13 21:29 - 2016-08-24 14:57 - 00000676 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2016-12-09 15:34 - 2016-08-22 20:35 - 00000000 ____D C:\SACCTDL
2016-12-09 15:29 - 2016-10-08 13:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-09 14:37 - 2016-11-05 04:59 - 04317112 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2016-12-07 19:32 - 2016-10-08 09:50 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-06 19:01 - 2016-09-02 14:41 - 00000000 ____D C:\Users\Alladin\Documents\BeamNG.drive
2016-12-05 23:16 - 2016-09-01 19:04 - 00000845 _____ C:\Users\Alladin\Desktop\Turmoil.lnk
2016-12-03 19:45 - 2016-10-14 17:30 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\Obsidium
2016-12-03 19:45 - 2016-09-09 21:26 - 00000000 ____D C:\Users\Alladin\Documents\Power & Revolution
2016-11-25 21:46 - 2016-11-05 05:34 - 00000000 ____D C:\Users\Alladin\AppData\Roaming\IObit

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-12-23 06:19

==================== End of FRST.txt ============================


LastRegBack: 2016-12-23 06:19

==================== End of FRST.txt ============================

 

[nope guy]

I did everything except downloading sophos because the site doesnt give me permission to access it and when downloading it the download shows an error

 

[Broni]

I didn't ask for Farbar Recovery Scan Tool log but Farbar Service Scanner log.

As for Sophos run this instead...

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Under "ESET Online Scanner" click on "Scan now" button.
• It'll download small file "esetonlinescanner_enu.exe".
• Double click on downloaded file.
• Click on Accept button.
• Checkmark "Disable detection of potentially unwanted applications".
• Click Scan
• Accept any security warnings from your browser.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

 

[Broni]

Still with me?