I had a JoniCoupon infection at some point, years ago. Since then, I was under the impression I had killed it (using SuperAntiSpyware and others). But bizarrely, it has someone infected filed and has become a file type!
More specifically, it has been infecting savegames from... games. If you hover over them, it'll say "type: JoniCoupon". I added a jpg to demonstrate what I mean. My games are failing to load the savegames as they of course don't recognize the .JoniCoupon extension.
Note: this game is the last game I have to finish before I will wipe my PC and get Windows XP instead of the 7 that is currently installed. It will become a PC with no internet connection used for playing old games. So if all else fails, I'll just nuke the whole thing and be done with it.
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18377 BrowserJavaVersion: 11.25.2
Run by User at 22:49:45 on 2016-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.12268.7698 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_ep64.exe
C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe
C:\PROGRA~2\RAPTRI~1\PlaysTV\plays_ep64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: GoSave: {397a4a95-ebca-4775-9cd4-3ea401c7d7fc} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: YoutubeAdBlocke: {7df28b6a-ad67-4f89-8d87-01ae25a07ad9} -
BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [OneDrive] "C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Dropbox Update] "C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
mRun: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 195.130.131.4 195.130.130.4
TCP: Interfaces\{EC97E7CA-C890-4DAC-B57F-F53D727D38B7} : DHCPNameServer = 195.130.131.4 195.130.130.4
TCP: Interfaces\{EC97E7CA-C890-4DAC-B57F-F53D727D38B7}\4554C454E4544584F4D4543505F445 : DHCPNameServer = 195.130.130.141 195.130.131.141
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: GoSave: {397a4a95-ebca-4775-9cd4-3ea401c7d7fc} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: YoutubeAdBlocke: {7df28b6a-ad67-4f89-8d87-01ae25a07ad9} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2014-10-28 62152]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-31 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-31 28656]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-3-13 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2015-8-4 246784]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-3-18 169432]
R2 PlaysService;Plays.tv Update Service;C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [2016-7-13 32528]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2015-7-15 96256]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2012-6-27 1873024]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133816]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-16 533096]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-5-2 136512]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-5-2 413504]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/03/18 09:19:17;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-7-7 72992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 GemCCID;GemCCID;C:\Windows\System32\drivers\GemCCID.sys [2014-11-10 130944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-7-20 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-16 289256]
S3 OCUSBVID;Oculus Positional Tracker Service;C:\Windows\System32\drivers\OCUSBVID.sys [2014-7-22 45488]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2015-2-11 2004488]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-7-17 1309936]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-18 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-5 56832]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-13 1255736]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2016-07-24 02:05:57 12007136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{354EA79D-4477-4AD4-A15A-6159FC26FF0E}\mpengine.dll
2016-07-23 23:43:28 12007136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-07-21 01:46:07 -------- d-----w- C:\Windows\EOONotify
2016-07-20 23:37:57 8192 ----a-w- C:\Windows\System32\drivers\nl-NL\tpm.sys.mui
2016-07-20 23:37:57 451080 ----a-w- C:\Windows\System32\fveapi.dll
2016-07-20 23:37:57 312600 ----a-w- C:\Windows\System32\wbem\Win32_Tpm.dll
2016-07-20 23:37:57 257864 ----a-w- C:\Windows\SysWow64\wbem\Win32_Tpm.dll
2016-07-20 23:37:57 20480 ----a-w- C:\Windows\System32\tbs.dll
2016-07-20 23:37:57 15360 ----a-w- C:\Windows\SysWow64\tbs.dll
2016-07-20 23:37:57 109568 ----a-w- C:\Windows\System32\fveapibase.dll
2016-07-20 23:37:55 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2016-07-20 23:37:53 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2016-07-20 23:37:53 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2016-07-20 23:37:53 1008640 ----a-w- C:\Windows\System32\user32.dll
2016-07-20 23:37:52 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-07-20 02:29:44 91648 ----a-w- C:\Windows\System32\mapistub.dll
2016-07-20 02:29:44 76800 ----a-w- C:\Windows\SysWow64\mapistub.dll
2016-07-20 02:29:44 17920 ----a-w- C:\Windows\System32\fixmapi.exe
2016-07-20 02:29:44 14336 ----a-w- C:\Windows\SysWow64\fixmapi.exe
2016-07-20 02:29:21 156672 ----a-w- C:\Windows\System32\mtxoci.dll
2016-07-20 02:29:21 111616 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2016-07-20 02:29:20 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
2016-07-20 02:29:17 286720 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-07-20 02:28:27 511488 ----a-w- C:\Windows\System32\rpcss.dll
2016-07-20 02:28:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2016-07-20 02:28:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2016-07-20 02:28:11 1885696 ----a-w- C:\Windows\System32\msxml3.dll
2016-07-20 02:28:11 1240576 ----a-w- C:\Windows\SysWow64\msxml3.dll
2016-07-20 02:27:46 2084864 ----a-w- C:\Windows\System32\ole32.dll
2016-07-20 02:27:39 1414144 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-07-20 02:25:59 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-07-20 02:24:45 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-07-20 02:23:54 14176 ----a-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
2016-07-20 02:22:32 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-07-20 02:22:32 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-07-20 02:22:08 986344 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-07-20 02:22:07 264936 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-07-20 02:22:07 144384 ----a-w- C:\Windows\System32\cdd.dll
2016-07-20 02:22:04 1684416 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2016-07-20 02:21:53 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2016-07-20 02:21:44 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2016-07-20 02:21:44 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2016-07-20 02:21:43 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2016-07-20 02:21:39 17408 ----a-w- C:\Windows\System32\wshrm.dll
2016-07-20 02:21:39 14848 ----a-w- C:\Windows\SysWow64\wshrm.dll
2016-07-20 02:21:39 146944 ----a-w- C:\Windows\System32\drivers\rmcast.sys
2016-07-20 02:04:55 -------- d-----w- C:\Users\User\AppData\Roaming\PlaysTV
2016-07-20 02:00:07 -------- d-----w- C:\Program Files (x86)\Raptr Inc
2016-07-20 00:59:57 624640 ----a-w- C:\Windows\System32\qedit.dll
2016-07-20 00:57:22 96256 ----a-w- C:\Windows\System32\gpapi.dll
2016-07-20 00:57:22 794624 ----a-w- C:\Windows\System32\gpsvc.dll
2016-07-20 00:57:22 79360 ----a-w- C:\Windows\SysWow64\gpapi.dll
2016-07-20 00:57:22 502272 ----a-w- C:\Windows\System32\IPSECSVC.DLL
2016-07-20 00:57:22 373760 ----a-w- C:\Windows\System32\polstore.dll
2016-07-20 00:57:22 274944 ----a-w- C:\Windows\SysWow64\polstore.dll
2016-07-20 00:57:21 75776 ----a-w- C:\Windows\System32\FwRemoteSvr.dll
2016-07-20 00:57:21 70144 ----a-w- C:\Windows\SysWow64\winipsec.dll
2016-07-20 00:57:21 44032 ----a-w- C:\Windows\SysWow64\FwRemoteSvr.dll
2016-07-20 00:57:21 105472 ----a-w- C:\Windows\System32\winipsec.dll
2016-07-20 00:55:34 2104320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-07-20 00:54:21 3243520 ----a-w- C:\Windows\System32\msi.dll
2016-07-19 19:22:13 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15695A78-4F24-4C21-AF4B-EA06A61382B4}\gapaengine.dll
2016-07-19 19:19:39 -------- d--h--w- C:\OneDriveTemp
.
==================== Find3M ====================
.
2016-07-19 21:07:52 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-07-19 21:07:52 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-07 00:39:37 485032 ------w- C:\Windows\System32\MpSigStub.exe
2016-06-26 00:35:09 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-06-26 00:27:39 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-06-26 00:27:32 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-06-26 00:27:25 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-06-26 00:27:25 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-06-26 00:27:07 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-06-25 19:54:03 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-06-25 19:53:05 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-06-25 19:53:04 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-06-25 19:41:53 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-06-22 13:06:29 268800 ----a-w- C:\Windows\System32\centel.dll
2016-06-17 18:24:29 571904 ----a-w- C:\Windows\System32\generaltel.dll
2016-06-17 18:24:29 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-06-17 18:24:29 294912 ----a-w- C:\Windows\System32\invagent.dll
2016-06-17 18:24:28 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-06-17 18:24:28 219136 ----a-w- C:\Windows\System32\aepic.dll
2016-06-17 18:24:28 1490432 ----a-w- C:\Windows\System32\appraiser.dll
2016-06-14 15:21:17 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-06-14 15:03:37 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-06-10 21:38:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-06-10 21:38:13 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-06-10 21:20:37 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-06-10 21:19:33 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-06-10 21:19:24 417792 ----a-w- C:\Windows\System32\html.iec
2016-06-10 21:18:57 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-06-10 21:03:14 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-06-10 21:03:13 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-06-10 21:02:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-06-10 20:53:59 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-06-10 20:49:29 6047744 ----a-w- C:\Windows\System32\jscript9.dll
2016-06-10 20:40:41 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-06-10 20:11:27 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-06-10 20:10:46 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-06-10 19:44:23 2869248 ----a-w- C:\Windows\System32\wininet.dll
2016-06-10 19:09:24 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-06-10 18:54:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-06-10 18:53:35 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-06-10 18:53:30 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-06-10 18:53:13 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-06-10 18:52:06 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-06-10 18:41:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-06-10 18:41:22 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-06-10 18:27:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-06-10 18:14:52 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-06-10 18:09:13 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-06-10 18:09:07 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-06-10 17:45:19 2392576 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-05-20 01:13:22 875712 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2016-05-20 01:13:22 536768 ----a-w- C:\Windows\SysWow64\msvcp120_clr0400.dll
2016-05-20 01:03:04 869568 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2016-05-20 01:03:04 678592 ----a-w- C:\Windows\System32\msvcp120_clr0400.dll
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-13 22:15:24 382184 ----a-w- C:\Windows\System32\atmfd.dll
2016-05-13 22:09:19 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-05-13 22:09:16 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-05-13 22:09:13 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-05-13 22:09:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-05-13 21:54:26 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-05-13 21:50:05 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-05-13 21:49:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-05-13 21:27:06 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-05-12 17:20:14 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-05-12 17:20:14 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-12 17:15:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-05-12 17:15:03 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-05-12 17:15:02 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-05-12 17:15:02 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-05-12 15:18:40 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-05-12 15:05:40 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-05-12 14:58:45 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-05-12 14:58:32 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-05-12 14:58:25 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-05-12 14:58:18 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-05-12 14:58:12 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-12 14:58:10 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-12 14:57:27 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-05-12 14:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-05-12 14:51:38 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-05-12 13:05:59 459640 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-05-12 13:05:59 297984 ----a-w- C:\Windows\System32\bcryptprimitives.dll
2016-05-12 13:04:55 249352 ----a-w- C:\Windows\SysWow64\bcryptprimitives.dll
2016-05-11 17:02:50 296448 ----a-w- C:\Windows\System32\ws2_32.dll
2016-05-11 17:02:49 444928 ----a-w- C:\Windows\System32\winhttp.dll
2016-05-11 17:02:48 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2016-05-11 17:02:42 327168 ----a-w- C:\Windows\System32\mswsock.dll
2016-05-11 15:19:26 206336 ----a-w- C:\Windows\SysWow64\ws2_32.dll
2016-05-11 15:19:25 351744 ----a-w- C:\Windows\SysWow64\winhttp.dll
2016-05-11 15:19:24 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2016-05-11 15:19:16 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2016-05-11 15:11:34 25088 ----a-w- C:\Windows\System32\netbtugc.exe
2016-05-11 15:01:19 26624 ----a-w- C:\Windows\SysWow64\netbtugc.exe
2016-05-11 14:58:23 262144 ----a-w- C:\Windows\System32\drivers\netbt.sys
.
============= FINISH: 22:50:21,46 ===============
More specifically, it has been infecting savegames from... games. If you hover over them, it'll say "type: JoniCoupon". I added a jpg to demonstrate what I mean. My games are failing to load the savegames as they of course don't recognize the .JoniCoupon extension.
Note: this game is the last game I have to finish before I will wipe my PC and get Windows XP instead of the 7 that is currently installed. It will become a PC with no internet connection used for playing old games. So if all else fails, I'll just nuke the whole thing and be done with it.
DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18377 BrowserJavaVersion: 11.25.2
Run by User at 22:49:45 on 2016-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.12268.7698 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_ep64.exe
C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe
C:\PROGRA~2\RAPTRI~1\PlaysTV\plays_ep64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: GoSave: {397a4a95-ebca-4775-9cd4-3ea401c7d7fc} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: YoutubeAdBlocke: {7df28b6a-ad67-4f89-8d87-01ae25a07ad9} -
BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [OneDrive] "C:\Users\User\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Dropbox Update] "C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
mRun: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 195.130.131.4 195.130.130.4
TCP: Interfaces\{EC97E7CA-C890-4DAC-B57F-F53D727D38B7} : DHCPNameServer = 195.130.131.4 195.130.130.4
TCP: Interfaces\{EC97E7CA-C890-4DAC-B57F-F53D727D38B7}\4554C454E4544584F4D4543505F445 : DHCPNameServer = 195.130.130.141 195.130.131.141
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: GoSave: {397a4a95-ebca-4775-9cd4-3ea401c7d7fc} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: YoutubeAdBlocke: {7df28b6a-ad67-4f89-8d87-01ae25a07ad9} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2014-10-28 62152]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-31 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-31 28656]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-11-13 289120]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-23 172344]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-3-13 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2015-8-4 246784]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-3-18 169432]
R2 PlaysService;Plays.tv Update Service;C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [2016-7-13 32528]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-5-28 275968]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2015-7-15 96256]
R3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2012-6-27 1873024]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 133816]
R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-1-29 374344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-16 533096]
R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-5-2 136512]
R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-5-2 413504]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/03/18 09:19:17;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-7-7 72992]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 GemCCID;GemCCID;C:\Windows\System32\drivers\GemCCID.sys [2014-11-10 130944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-7-20 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-16 289256]
S3 OCUSBVID;Oculus Positional Tracker Service;C:\Windows\System32\drivers\OCUSBVID.sys [2014-7-22 45488]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2015-2-11 2004488]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-7-17 1309936]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-18 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-5 56832]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-13 1255736]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2016-07-24 02:05:57 12007136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{354EA79D-4477-4AD4-A15A-6159FC26FF0E}\mpengine.dll
2016-07-23 23:43:28 12007136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-07-21 01:46:07 -------- d-----w- C:\Windows\EOONotify
2016-07-20 23:37:57 8192 ----a-w- C:\Windows\System32\drivers\nl-NL\tpm.sys.mui
2016-07-20 23:37:57 451080 ----a-w- C:\Windows\System32\fveapi.dll
2016-07-20 23:37:57 312600 ----a-w- C:\Windows\System32\wbem\Win32_Tpm.dll
2016-07-20 23:37:57 257864 ----a-w- C:\Windows\SysWow64\wbem\Win32_Tpm.dll
2016-07-20 23:37:57 20480 ----a-w- C:\Windows\System32\tbs.dll
2016-07-20 23:37:57 15360 ----a-w- C:\Windows\SysWow64\tbs.dll
2016-07-20 23:37:57 109568 ----a-w- C:\Windows\System32\fveapibase.dll
2016-07-20 23:37:55 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2016-07-20 23:37:53 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2016-07-20 23:37:53 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2016-07-20 23:37:53 1008640 ----a-w- C:\Windows\System32\user32.dll
2016-07-20 23:37:52 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2016-07-20 02:29:44 91648 ----a-w- C:\Windows\System32\mapistub.dll
2016-07-20 02:29:44 76800 ----a-w- C:\Windows\SysWow64\mapistub.dll
2016-07-20 02:29:44 17920 ----a-w- C:\Windows\System32\fixmapi.exe
2016-07-20 02:29:44 14336 ----a-w- C:\Windows\SysWow64\fixmapi.exe
2016-07-20 02:29:21 156672 ----a-w- C:\Windows\System32\mtxoci.dll
2016-07-20 02:29:21 111616 ----a-w- C:\Windows\SysWow64\mtxoci.dll
2016-07-20 02:29:20 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll
2016-07-20 02:29:17 286720 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-07-20 02:28:27 511488 ----a-w- C:\Windows\System32\rpcss.dll
2016-07-20 02:28:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2016-07-20 02:28:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2016-07-20 02:28:11 1885696 ----a-w- C:\Windows\System32\msxml3.dll
2016-07-20 02:28:11 1240576 ----a-w- C:\Windows\SysWow64\msxml3.dll
2016-07-20 02:27:46 2084864 ----a-w- C:\Windows\System32\ole32.dll
2016-07-20 02:27:39 1414144 ----a-w- C:\Windows\SysWow64\ole32.dll
2016-07-20 02:25:59 572416 ----a-w- C:\Windows\System32\vbscript.dll
2016-07-20 02:24:45 970240 ----a-w- C:\Windows\System32\localspl.dll
2016-07-20 02:23:54 14176 ----a-w- C:\Windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
2016-07-20 02:22:32 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2016-07-20 02:22:32 2048 ----a-w- C:\Windows\System32\tzres.dll
2016-07-20 02:22:08 986344 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-07-20 02:22:07 264936 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-07-20 02:22:07 144384 ----a-w- C:\Windows\System32\cdd.dll
2016-07-20 02:22:04 1684416 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2016-07-20 02:21:53 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2016-07-20 02:21:44 3180544 ----a-w- C:\Windows\System32\rdpcorets.dll
2016-07-20 02:21:44 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2016-07-20 02:21:43 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2016-07-20 02:21:39 17408 ----a-w- C:\Windows\System32\wshrm.dll
2016-07-20 02:21:39 14848 ----a-w- C:\Windows\SysWow64\wshrm.dll
2016-07-20 02:21:39 146944 ----a-w- C:\Windows\System32\drivers\rmcast.sys
2016-07-20 02:04:55 -------- d-----w- C:\Users\User\AppData\Roaming\PlaysTV
2016-07-20 02:00:07 -------- d-----w- C:\Program Files (x86)\Raptr Inc
2016-07-20 00:59:57 624640 ----a-w- C:\Windows\System32\qedit.dll
2016-07-20 00:57:22 96256 ----a-w- C:\Windows\System32\gpapi.dll
2016-07-20 00:57:22 794624 ----a-w- C:\Windows\System32\gpsvc.dll
2016-07-20 00:57:22 79360 ----a-w- C:\Windows\SysWow64\gpapi.dll
2016-07-20 00:57:22 502272 ----a-w- C:\Windows\System32\IPSECSVC.DLL
2016-07-20 00:57:22 373760 ----a-w- C:\Windows\System32\polstore.dll
2016-07-20 00:57:22 274944 ----a-w- C:\Windows\SysWow64\polstore.dll
2016-07-20 00:57:21 75776 ----a-w- C:\Windows\System32\FwRemoteSvr.dll
2016-07-20 00:57:21 70144 ----a-w- C:\Windows\SysWow64\winipsec.dll
2016-07-20 00:57:21 44032 ----a-w- C:\Windows\SysWow64\FwRemoteSvr.dll
2016-07-20 00:57:21 105472 ----a-w- C:\Windows\System32\winipsec.dll
2016-07-20 00:55:34 2104320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-07-20 00:54:21 3243520 ----a-w- C:\Windows\System32\msi.dll
2016-07-19 19:22:13 1167568 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15695A78-4F24-4C21-AF4B-EA06A61382B4}\gapaengine.dll
2016-07-19 19:19:39 -------- d--h--w- C:\OneDriveTemp
.
==================== Find3M ====================
.
2016-07-19 21:07:52 796352 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2016-07-19 21:07:52 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2016-07-07 00:39:37 485032 ------w- C:\Windows\System32\MpSigStub.exe
2016-06-26 00:35:09 41704 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2016-06-26 00:27:39 756736 ----a-w- C:\Windows\System32\win32spl.dll
2016-06-26 00:27:32 344576 ----a-w- C:\Windows\System32\ntprint.dll
2016-06-26 00:27:25 22528 ----a-w- C:\Windows\System32\inetppui.dll
2016-06-26 00:27:25 166400 ----a-w- C:\Windows\System32\inetpp.dll
2016-06-26 00:27:07 1208320 ----a-w- C:\Windows\System32\aeinv.dll
2016-06-25 19:54:03 497152 ----a-w- C:\Windows\SysWow64\win32spl.dll
2016-06-25 19:53:56 297472 ----a-w- C:\Windows\SysWow64\ntprint.dll
2016-06-25 19:53:05 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2016-06-25 19:53:04 61952 ----a-w- C:\Windows\System32\ntprint.exe
2016-06-25 19:41:53 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2016-06-22 13:06:29 268800 ----a-w- C:\Windows\System32\centel.dll
2016-06-17 18:24:29 571904 ----a-w- C:\Windows\System32\generaltel.dll
2016-06-17 18:24:29 544256 ----a-w- C:\Windows\System32\devinv.dll
2016-06-17 18:24:29 294912 ----a-w- C:\Windows\System32\invagent.dll
2016-06-17 18:24:28 76800 ----a-w- C:\Windows\System32\acmigration.dll
2016-06-17 18:24:28 219136 ----a-w- C:\Windows\System32\aepic.dll
2016-06-17 18:24:28 1490432 ----a-w- C:\Windows\System32\appraiser.dll
2016-06-14 15:21:17 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2016-06-14 15:03:37 3217408 ----a-w- C:\Windows\System32\win32k.sys
2016-06-10 21:38:26 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2016-06-10 21:38:13 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2016-06-10 21:20:37 66560 ----a-w- C:\Windows\System32\iesetup.dll
2016-06-10 21:19:33 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2016-06-10 21:19:24 417792 ----a-w- C:\Windows\System32\html.iec
2016-06-10 21:18:57 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2016-06-10 21:03:14 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2016-06-10 21:03:13 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2016-06-10 21:02:53 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2016-06-10 20:53:59 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2016-06-10 20:49:29 6047744 ----a-w- C:\Windows\System32\jscript9.dll
2016-06-10 20:40:41 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2016-06-10 20:11:27 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2016-06-10 20:10:46 2131456 ----a-w- C:\Windows\System32\inetcpl.cpl
2016-06-10 19:44:23 2869248 ----a-w- C:\Windows\System32\wininet.dll
2016-06-10 19:09:24 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2016-06-10 18:54:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2016-06-10 18:53:35 497664 ----a-w- C:\Windows\SysWow64\vbscript.dll
2016-06-10 18:53:30 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2016-06-10 18:53:13 341504 ----a-w- C:\Windows\SysWow64\html.iec
2016-06-10 18:52:06 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2016-06-10 18:41:44 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2016-06-10 18:41:22 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2016-06-10 18:27:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2016-06-10 18:14:52 4608000 ----a-w- C:\Windows\SysWow64\jscript9.dll
2016-06-10 18:09:13 2055680 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2016-06-10 18:09:07 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2016-06-10 17:45:19 2392576 ----a-w- C:\Windows\SysWow64\wininet.dll
2016-05-20 01:13:22 875712 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2016-05-20 01:13:22 536768 ----a-w- C:\Windows\SysWow64\msvcp120_clr0400.dll
2016-05-20 01:03:04 869568 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2016-05-20 01:03:04 678592 ----a-w- C:\Windows\System32\msvcp120_clr0400.dll
2016-05-18 16:10:23 312832 ----a-w- C:\Windows\SysWow64\gdi32.dll
2016-05-18 16:09:22 405504 ----a-w- C:\Windows\System32\gdi32.dll
2016-05-13 22:15:24 382184 ----a-w- C:\Windows\System32\atmfd.dll
2016-05-13 22:09:19 41472 ----a-w- C:\Windows\System32\lpk.dll
2016-05-13 22:09:16 100864 ----a-w- C:\Windows\System32\fontsub.dll
2016-05-13 22:09:13 14336 ----a-w- C:\Windows\System32\dciman32.dll
2016-05-13 22:09:10 46080 ----a-w- C:\Windows\System32\atmlib.dll
2016-05-13 21:54:26 308456 ----a-w- C:\Windows\SysWow64\atmfd.dll
2016-05-13 21:50:05 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2016-05-13 21:49:48 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2016-05-13 21:49:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2016-05-13 21:27:06 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2016-05-12 17:20:14 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2016-05-12 17:20:14 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2016-05-12 17:15:03 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2016-05-12 17:15:03 210432 ----a-w- C:\Windows\System32\wdigest.dll
2016-05-12 17:15:02 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2016-05-12 17:15:02 135680 ----a-w- C:\Windows\System32\sspicli.dll
2016-05-12 15:18:40 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2016-05-12 15:05:40 64000 ----a-w- C:\Windows\System32\auditpol.exe
2016-05-12 14:58:45 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-05-12 14:58:32 464896 ----a-w- C:\Windows\System32\drivers\srv.sys
2016-05-12 14:58:25 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2016-05-12 14:58:18 168960 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2016-05-12 14:58:12 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-05-12 14:58:10 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2016-05-12 14:57:27 30720 ----a-w- C:\Windows\System32\lsass.exe
2016-05-12 14:56:15 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2016-05-12 14:51:38 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2016-05-12 13:05:59 459640 ----a-w- C:\Windows\System32\drivers\cng.sys
2016-05-12 13:05:59 297984 ----a-w- C:\Windows\System32\bcryptprimitives.dll
2016-05-12 13:04:55 249352 ----a-w- C:\Windows\SysWow64\bcryptprimitives.dll
2016-05-11 17:02:50 296448 ----a-w- C:\Windows\System32\ws2_32.dll
2016-05-11 17:02:49 444928 ----a-w- C:\Windows\System32\winhttp.dll
2016-05-11 17:02:48 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
2016-05-11 17:02:42 327168 ----a-w- C:\Windows\System32\mswsock.dll
2016-05-11 15:19:26 206336 ----a-w- C:\Windows\SysWow64\ws2_32.dll
2016-05-11 15:19:25 351744 ----a-w- C:\Windows\SysWow64\winhttp.dll
2016-05-11 15:19:24 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
2016-05-11 15:19:16 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2016-05-11 15:11:34 25088 ----a-w- C:\Windows\System32\netbtugc.exe
2016-05-11 15:01:19 26624 ----a-w- C:\Windows\SysWow64\netbtugc.exe
2016-05-11 14:58:23 262144 ----a-w- C:\Windows\System32\drivers\netbt.sys
.
============= FINISH: 22:50:21,46 ===============