longcong01
Honorary Members-
Posts
35 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by longcong01
-
Need help to see if I'm infected
longcong01 replied to longcong01's topic in Resolved Malware Removal Logs
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01 Ran by Allan (2016-02-22 20:44:21) Running from C:\Users\Allan\Downloads\Programs Windows 7 Ultimate Service Pack 1 (X64) (2013-11-02 12:40:24) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3181654477-1840067016-2515705808-500 - Administrator - Disabled) Allan (S-1-5-21-3181654477-1840067016-2515705808-1000 - Administrator - Enabled) => C:\Users\Allan Guest (S-1-5-21-3181654477-1840067016-2515705808-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3181654477-1840067016-2515705808-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.1.1.1 - ASUSTek COMPUTER INC.) ASUS GPU TweakII (x32 Version: 1.1.1.1 - ASUSTek COMPUTER INC.) Hidden Autodesk DirectConnect 2015 64-bit Hotfix1 (HKLM\...\Autodesk DirectConnect 2015 64-bit_9001) (Version: 9.0.56.4 - Autodesk) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Catalyst Control Center Next Localization BR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform) Common Desktop Agent (Version: 1.52.0 - OEM) Hidden Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.4.0.0377 - Disc Soft Ltd) Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: - EnTech Taiwan) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC) FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.) Futuremark SystemInfo (HKLM-x32\...\{991C8DEA-3C01-45B8-A62B-1BB69BDC277D}) (Version: 4.23.255 - Futuremark) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) iFunBox 2014 (v3.1.562.425), iFunbox DevTeam (HKLM-x32\...\iFunBox 2014_is1) (Version: v3.1.562.425 - ) Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1658 - Intel Corporation) Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Ongame Uninstall (HKLM-x32\...\Ongame) (Version: - ) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.4.1 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.00.47.00 - Samsung Electronics Co., Ltd.) Samsung ML-1860 Series (HKLM-x32\...\Samsung ML-1860 Series) (Version: - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (Version: - Microsoft) Hidden SPlayer (HKLM-x32\...\SPlayer) (Version: - ) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.5.10.0 - Manuel Hoefs (Zottel)) UniKey 4.0 RC2 (build 1101) (HKLM-x32\...\{AC006985-A51F-42AC-A7E9-5E66D8AC8063}_is1) (Version: - Pham Kim Long) Unity Web Player (HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PRJPRO_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Viber (HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc) Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.) Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.) Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson) WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {065DADFF-6CA8-4DFA-B569-F2DF751631AD} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client_V3.exe Task: {15226288-5087-40F8-9418-99860AA42E9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {3E8C21E1-E35E-4FA9-93D5-DECB45E090DA} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {4466F399-9E01-43AA-852B-EF3A14DA60BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.) Task: {4C627802-BD3F-406C-93DE-E82040A377E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {50C2A11F-47D5-46F7-B50D-CE02FD3EF073} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd) Task: {63D2BF68-4855-4EBE-919E-4D354A165802} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe Task: {AC31406E-0A6E-4B98-8281-49B8EAF46E32} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-23] (Advanced Micro Devices, Inc.) Task: {CDC0D532-AEA9-4945-9CC3-E4608C780E55} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {CFA9FCFC-2EE2-4D81-BF01-95637190F4BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.) Task: {D3A552DF-88A3-487E-A460-4B7A6939A366} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {EF9C6D40-9144-4CDC-B7E0-A292078C23B8} - System32\Tasks\{B7E15F21-B311-403B-BD35-6E786A767B8D} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.1.0.129.272&LastError=404 Task: {F79BEC48-C24D-4CA5-8C53-95C39248B8AB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {FA6A7988-FB77-4AB6-8E35-3B0121B0B110} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-04-10 10:11 - 2012-04-10 10:11 - 00034304 _____ () C:\Windows\System32\ssb6mlm.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-11-02 23:45 - 2012-10-29 18:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe 2014-09-23 18:24 - 2012-07-27 15:10 - 00055296 _____ () C:\Windows\BurnService.exe 2015-11-05 11:11 - 2015-11-05 11:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2015-11-10 15:45 - 2015-11-10 15:45 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2015-12-21 18:55 - 2015-12-21 18:55 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe 2016-02-19 13:12 - 2016-02-19 13:12 - 00103424 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe 2013-11-02 23:45 - 2016-02-22 13:12 - 00038032 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll 2013-11-02 23:45 - 2012-05-08 03:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll 2016-01-06 12:11 - 2016-01-06 12:11 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll 2015-12-31 01:05 - 2015-10-07 06:26 - 50656768 _____ () C:\Users\Allan\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll 2015-12-31 01:05 - 2015-10-07 06:26 - 01874944 _____ () C:\Users\Allan\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll 2015-12-31 01:05 - 2015-10-07 06:26 - 00075264 _____ () C:\Users\Allan\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll 2015-12-24 02:31 - 2015-12-24 02:31 - 00186368 _____ () C:\Windows\SysWOW64\GameManager32.dll 2014-09-16 13:32 - 2015-12-15 16:54 - 00782336 _____ () F:\Steam\SDL2.dll 2015-01-20 14:44 - 2015-07-04 03:12 - 04962816 _____ () F:\Steam\v8.dll 2015-01-20 14:44 - 2015-07-04 03:12 - 01556992 _____ () F:\Steam\icui18n.dll 2015-01-20 14:44 - 2015-07-04 03:12 - 01187840 _____ () F:\Steam\icuuc.dll 2014-09-16 13:32 - 2016-02-05 08:02 - 02546768 _____ () F:\Steam\video.dll 2014-09-16 13:32 - 2015-09-24 11:33 - 02549248 _____ () F:\Steam\libavcodec-56.dll 2014-09-16 13:32 - 2015-09-24 11:33 - 00442880 _____ () F:\Steam\libavutil-54.dll 2014-09-16 13:32 - 2015-09-24 11:33 - 00491008 _____ () F:\Steam\libavformat-56.dll 2014-09-16 13:32 - 2015-09-24 11:33 - 00332800 _____ () F:\Steam\libavresample-2.dll 2014-09-16 13:32 - 2015-09-24 11:33 - 00485888 _____ () F:\Steam\libswscale-3.dll 2014-09-16 13:32 - 2016-02-05 08:01 - 00802896 _____ () F:\Steam\bin\chromehtml.DLL 2015-07-22 20:00 - 2015-12-30 12:51 - 00208896 _____ () F:\Steam\bin\openvr_api.dll 2016-02-22 18:34 - 2016-02-22 18:34 - 00155232 ___HT () C:\Users\Allan\AppData\Local\Temp\~2D3F.tmp 2014-09-16 13:32 - 2016-01-06 12:52 - 48387872 _____ () F:\Steam\bin\libcef.dll 2015-01-20 14:44 - 2015-09-25 10:56 - 00119208 _____ () F:\Steam\winh264.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00198144 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00317952 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00203776 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00390656 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll 2016-02-19 13:12 - 2016-02-20 11:35 - 06930944 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\engine.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00166912 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 01174016 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 01242112 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00355840 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00610816 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00164864 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00708096 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00134656 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 01336320 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00395264 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 03276288 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 01769984 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00143360 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\localize.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00230912 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 01016832 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll 2016-02-19 13:12 - 2016-02-20 11:35 - 00585216 _____ () f:\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll 2016-02-19 13:12 - 2016-02-20 11:35 - 12677120 _____ () f:\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll 2016-02-19 13:12 - 2016-02-20 11:36 - 10231296 _____ () f:\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00094208 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00084992 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00071680 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi 2016-02-19 13:12 - 2016-02-19 13:12 - 00012800 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt 2016-02-19 13:12 - 2016-02-19 13:12 - 00055808 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\msseax.flt 2016-02-19 13:12 - 2016-02-19 13:12 - 00974336 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00173568 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vaudio_celt.dll 2015-11-10 15:45 - 2015-11-10 15:45 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-02-20 11:13 - 2016-02-18 15:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll 2016-02-20 11:13 - 2016-02-18 15:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-02-21 18:04 - 2014-01-19 19:30 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts # ::1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun MSCONFIG\startupreg: GarenaPlus => "F:\Garena Plus\GarenaMessenger.exe" -autolaunch MSCONFIG\startupreg: iFunBox Price Watch => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NVIDIA GeForce Experience => C:\Users\Allan\AppData\Local\Temp\nvtmru.exe MSCONFIG\startupreg: Razer Comms => C:\Program Files (x86)\Razer\Core\RazerCore.exe /ChatApplet MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Spotify => "C:\Users\Allan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Allan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" MSCONFIG\startupreg: uTorrent => "C:\Users\Allan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{50673821-DA76-4EA5-94D3-2DB91D195180}] => (Allow) LPort=8370 FirewallRules: [{FD227E2E-C981-4B2C-BE79-13D296EC26D1}] => (Allow) LPort=8370 FirewallRules: [{3F1FEF14-DBE0-4BB6-98FB-673AA0EB7E52}] => (Allow) LPort=6937 FirewallRules: [{A1DE7DC6-9831-45F2-8BD0-7937C1B41C88}] => (Allow) LPort=6937 FirewallRules: [TCP Query User{E3410F6A-79C9-44C6-818D-B4F6DB95741B}G:\games\warcraft iii\war3.exe] => (Allow) G:\games\warcraft iii\war3.exe FirewallRules: [uDP Query User{D7B250A5-01A4-420C-BE50-198851EEF7EA}G:\games\warcraft iii\war3.exe] => (Allow) G:\games\warcraft iii\war3.exe FirewallRules: [TCP Query User{C8D3FADF-2AE4-4A25-90A8-4C8C55970592}G:\games\warcraft iii\war3.exe] => (Allow) G:\games\warcraft iii\war3.exe FirewallRules: [uDP Query User{8FC4F137-9AF4-4A3B-9C22-7512C90E8E23}G:\games\warcraft iii\war3.exe] => (Allow) G:\games\warcraft iii\war3.exe FirewallRules: [{5B9DE0E8-8426-4360-B9CB-65F771689717}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{6D6FFC7B-2209-48F9-9AC2-351B726CC01D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{AF329091-BD85-4C8C-B8CC-7DF449D220E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{533B0AA9-C493-4A0A-9F2F-774D750CDEB8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{05B27635-92F8-4BED-80A7-ECA85762CA55}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{21E88AE4-6326-489F-B4B4-5BF3C52E3F28}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{05061AE0-728D-4487-899D-E134080C9632}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{78A4CB05-F90C-4A9C-8482-8F79C08BBF1A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{2E229BAB-E6F8-41D3-985D-71D0FC8EEA06}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{C1626BC5-9BF8-405F-96DE-073199735AC3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{1991006F-AE8D-4004-B587-687196DD6E06}] => (Allow) F:\Steam\Steam.exe FirewallRules: [{BF0DD8FD-CE24-4B4F-9D1F-609E6CAF03A3}] => (Allow) F:\Steam\Steam.exe FirewallRules: [{3F7FC6A0-0BA6-46BA-A6E9-2F42B7C0EA2B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{C5F08152-CECB-486D-891A-CB58B2472B51}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{E2770657-1390-4FF8-8A8D-73EAFA3C9254}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{8AE6450D-E13D-4FD8-B796-9C0A3F24BCD9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{4FBE4D5A-2028-47D2-9638-0F5FD6044828}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D0F70DED-837D-4225-9654-F8FDAB5AB323}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{3291EF40-980B-4799-A71F-DC20EB53BEE8}D:\gta v\gta5.exe] => (Allow) D:\gta v\gta5.exe FirewallRules: [uDP Query User{4CFD9D1E-598D-44DE-82EF-C9604EFA392C}D:\gta v\gta5.exe] => (Allow) D:\gta v\gta5.exe FirewallRules: [{307C7409-9679-4D7B-8D00-1B6399BC34CD}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{B42CC7B8-7D0A-4D5B-B300-06D3D3CF9781}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{AE6818B0-3B1D-4C77-A112-BD7690EF05D5}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{1E30B941-C391-44B9-8409-9A7B0B903EC8}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{E8FFD2A2-A699-4588-95C0-924011018FBF}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5912D62F-83CA-493E-BB1D-6B6912E07D7C}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AD2BC2C4-A8CB-431C-8D1F-80B3F793CC8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{042DF80F-A8CF-4A71-AB3B-2D951727BEB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1F3514EF-469C-4D6B-9364-39BA41DF6195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1CB4A712-8C0C-48E8-A78E-184A05B85F2C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F4AD760A-727E-4BEE-A7D7-FA3FECACE398}] => (Allow) F:\Steam\bin\steamwebhelper.exe FirewallRules: [{56BE511E-E0DE-433A-AD78-E32FE40115CA}] => (Allow) F:\Steam\bin\steamwebhelper.exe FirewallRules: [{7FC6D454-3099-4FE6-8FB3-E8C7F0977270}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{CDCB7B9B-8103-4030-AF2E-25E8502AFA51}] => (Allow) LPort=9143 FirewallRules: [{82C11CF0-8DF6-45DB-8164-24419E6298C2}] => (Allow) LPort=2333 FirewallRules: [TCP Query User{2AC72426-5B9A-483A-A7C5-07336F43154D}C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe FirewallRules: [uDP Query User{1EE214DC-1882-478A-884E-1AF741F8DAE8}C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe FirewallRules: [{9D33BACD-35AB-497B-8BEA-F5F7D0C76C95}] => (Allow) F:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{0C12ED30-4346-4E07-A631-47C0C76323B9}] => (Allow) F:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{46155086-99CB-4FBB-BDFA-530C62FAAEE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 22-02-2016 13:17:23 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/22/2016 02:15:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (02/22/2016 01:14:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 07:01:16 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048). Error: (02/21/2016 05:09:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 05:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 04:23:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 12:42:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 11:20:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 11:17:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (02/21/2016 11:07:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (02/21/2016 06:03:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (02/21/2016 04:21:50 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (02/21/2016 11:18:03 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.6680.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/21/2016 11:18:03 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.6680.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/19/2016 07:35:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (02/11/2016 11:18:49 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:17:16 AM on 2/11/2016 was unexpected. Error: (02/09/2016 02:40:35 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (02/09/2016 11:59:04 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (02/05/2016 04:54:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (02/05/2016 04:54:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. CodeIntegrity: =================================== Date: 2016-02-21 13:08:57.222 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.217 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.213 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.112 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.106 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.102 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.022 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.018 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.015 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:56.890 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. ==================== Memory info =========================== Processor: Intel® Core i7-4770K CPU @ 3.50GHz Percentage of memory in use: 35% Total physical RAM: 16321.47 MB Available physical RAM: 10467.91 MB Total Virtual: 32641.14 MB Available Virtual: 25442.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:6.78 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:60.62 GB) NTFS Drive f: (New Volume) (Fixed) (Total:127.73 GB) (Free:87.01 GB) NTFS Drive g: (New Volume) (Fixed) (Total:585.93 GB) (Free:97.87 GB) NTFS Drive h: (New Volume) (Fixed) (Total:683.59 GB) (Free:78.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C08A0197) Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS) Addtion.txt ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C799510C) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 4D3B57B9) Partition 1: (Not Active) - (Size=127.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1269.5 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================ -
Need help to see if I'm infected
longcong01 replied to longcong01's topic in Resolved Malware Removal Logs
FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01Ran by Allan (administrator) on ALLAN-PC (22-02-2016 20:44:05)Running from C:\Users\Allan\Downloads\ProgramsLoaded Profiles: Allan (Available Profiles: Allan)Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe() C:\Windows\BurnService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe(Razer, Inc.) C:\Users\Allan\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe(Valve Corporation) F:\Steam\Steam.exe(Valve Corporation) F:\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Valve Corporation) F:\Steam\bin\steamwebhelper.exe() F:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe(Razer, Inc.) C:\Users\Allan\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe(Valve Corporation) F:\Steam\GameOverlayUI.exe(Valve Corporation) F:\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) F:\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)HKLM\...\Run: [startCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4887752 2015-12-23] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Winlogon: [shell] explorer.exe, [ ] () <=== ATTENTIONHKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Run: [Viber] => C:\Users\Allan\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3125280 2013-10-17] (Disc Soft Ltd)HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3915832 2016-01-28] (Tonec Inc.)HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Run: [GoogleChromeAutoLaunch_4E6D16C6E981389D04E2F9DFD680F0A9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-18] (Google Inc.)HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Policies\Explorer: [] HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\MountPoints2: {12b268d6-4452-11e3-b42a-806e6f6e6963} - E:\.\Bin\ASSETUP.exeHKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\MountPoints2: {49c16855-6592-11e4-8534-806e6f6e6963} - E:\Setup.exeShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2016-02-12]ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\D2U.lnk [2014-09-06]ShortcutTarget: D2U.lnk -> C:\Users\Allan\AppData\Local\Temp\Rar$EXa0.480\Dota2 Utilities v1.2.exe (No File)GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4Tcpip\..\Interfaces\{C475629D-ECAB-46CA-B7DE-7FEB7BD2CD4B}: [DhcpNameServer] 8.8.8.8 8.8.4.4Tcpip\..\Interfaces\{E154AA45-3815-47CC-89D0-476F70C2DB37}: [DhcpNameServer] 172.20.10.1 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSEHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSEHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433587094&z=6c984797463974d1ba44a67g0z8c0c2wdb9m1eem9w&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433587094&z=6c984797463974d1ba44a67g0z8c0c2wdb9m1eem9w&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433587094&z=6c984797463974d1ba44a67g0z8c0c2wdb9m1eem9w&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433587094&z=6c984797463974d1ba44a67g0z8c0c2wdb9m1eem9w&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=dspp&ts=1433587124&z=1a6f25a4866a9e1884ec5ceg7zdcbc2webbmeg9eaq&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSEHKU\S-1-5-21-3181654477-1840067016-2515705808-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://iat.ninemsn.com.au/tickler/default.aspx?ocid=iehpHKU\S-1-5-21-3181654477-1840067016-2515705808-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=dspp&ts=1433587124&z=1a6f25a4866a9e1884ec5ceg7zdcbc2webbmeg9eaq&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}SearchScopes: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&ts=1433587129&type=default&q={searchTerms}SearchScopes: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&ts=1433587129&type=default&q={searchTerms}SearchScopes: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&ts=1433587129&type=default&q={searchTerms}SearchScopes: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSESearchScopes: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&ts=1433587129&type=default&q={searchTerms}BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-09] (Internet Download Manager, Tonec Inc.)BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-09] (Internet Download Manager, Tonec Inc.)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation) FireFox:========FF ProfilePath: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.defaultFF Homepage: hxxp://www.google.com/FF Session Restore: -> is enabled.FF NetworkProxy: "backup.ftp", ""FF NetworkProxy: "backup.ftp_port", 0FF NetworkProxy: "backup.socks", ""FF NetworkProxy: "backup.socks_port", 0FF NetworkProxy: "backup.ssl", ""FF NetworkProxy: "backup.ssl_port", 0FF NetworkProxy: "ftp", "113.161.77.184"FF NetworkProxy: "ftp_port", 10FF NetworkProxy: "http", "113.161.77.184"FF NetworkProxy: "http_port", 10FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "113.161.77.184"FF NetworkProxy: "socks_port", 10FF NetworkProxy: "ssl", "113.161.77.184"FF NetworkProxy: "ssl_port", 10FF NetworkProxy: "type", 4FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-3181654477-1840067016-2515705808-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Allan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)FF user.js: detected! => C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.default\user.js [2015-08-12]FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)FF Extension: YouTube Auto Replay - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.default\extensions\YouTubeAutoReplay@arikv.com.xpi [2015-07-13]FF Extension: Xmarks - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.default\extensions\foxmarks@kei.com [2015-12-23]FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27]FF Extension: Adblock Plus - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-22]FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.default\extensions\sweetsearch@gmail.com => not foundFF HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpiFF HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Allan\AppData\Roaming\IDM\idmmzcc5FF Extension: IDM CC - C:\Users\Allan\AppData\Roaming\IDM\idmmzcc5 [2016-02-22] [not signed]FF HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi Chrome: =======CHR HomePage: Default -> hxxp://google.com.au/CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1433587094&z=6c984797463974d1ba44a67g0z8c0c2wdb9m1eem9w&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W","hxxp://do-search.com/?type=hppp&ts=1433587124&z=1a6f25a4866a9e1884ec5ceg7zdcbc2webbmeg9eaq&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W","hxxp://www.google.com/"CHR Session Restore: Default -> is enabled.CHR Profile: C:\Users\Allan\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-16]CHR Extension: (Google Docs) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-16]CHR Extension: (Google Drive) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]CHR Extension: (YouTube) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-16]CHR Extension: (Adblock Plus) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04]CHR Extension: (Steam inventory helper) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-02-21]CHR Extension: (Google Search) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-16]CHR Extension: (Google Sheets) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-16]CHR Extension: (Google Docs Offline) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-16]CHR Extension: (MonoChrome) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnlphmmcijokifloflhecnkkhbpdnnk [2016-01-16]CHR Extension: (Auto Replay for YouTube™) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2016-01-16]CHR Extension: (IDM Integration Module) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-02-14]CHR Extension: (Chrome Web Store Payments) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-16]CHR Extension: (Gmail) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-16]CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-01-29]CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-01-29] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()R2 Asus VGA Burn Service; C:\Windows\BurnService.exe [55296 2012-07-27] () [File not signed]S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [58368 2016-02-03] (Razer Inc.) [File not signed]R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-05-29] (Enigma Software Group USA, LLC.)R2 Themes; C:\Windows\system32\themeservice.dll [44544 2015-06-06] (Microsoft Corporation) [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-15] (Disc Soft Ltd)R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-29] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-14] (Razer Inc)R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)S3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-07-29] (Windows ® Win 7 DDK provider)S3 WinRing0_1_2_0; C:\Users\Allan\Desktop\New folder\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)S3 cpuz138; \??\C:\Users\Allan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]S3 GPU-Z; \??\C:\Users\Allan\AppData\Local\Temp\GPU-Z.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-22 20:43 - 2016-02-22 20:44 - 00000000 ____D C:\FRST2016-02-21 12:08 - 2016-01-22 17:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2016-02-21 12:08 - 2016-01-22 17:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2016-02-21 12:08 - 2016-01-22 17:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2016-02-21 12:08 - 2016-01-22 17:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2016-02-21 12:08 - 2016-01-22 17:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2016-02-21 12:08 - 2016-01-22 17:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2016-02-21 12:08 - 2016-01-22 17:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2016-02-21 12:08 - 2016-01-22 17:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll2016-02-21 12:08 - 2016-01-22 17:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll2016-02-21 12:08 - 2016-01-22 17:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2016-02-21 12:08 - 2016-01-22 17:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2016-02-21 12:08 - 2016-01-22 17:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2016-02-21 12:08 - 2016-01-22 17:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll2016-02-21 12:08 - 2016-01-22 17:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2016-02-21 12:08 - 2016-01-22 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2016-02-21 12:08 - 2016-01-22 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2016-02-21 12:08 - 2016-01-22 17:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2016-02-21 12:08 - 2016-01-22 17:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2016-02-21 12:08 - 2016-01-22 17:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2016-02-21 12:08 - 2016-01-22 17:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2016-02-21 12:08 - 2016-01-22 17:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2016-02-21 12:08 - 2016-01-22 17:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2016-02-21 12:08 - 2016-01-22 17:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll2016-02-21 12:08 - 2016-01-22 17:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2016-02-21 12:08 - 2016-01-22 17:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2016-02-21 12:08 - 2016-01-22 17:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2016-02-21 12:08 - 2016-01-22 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2016-02-21 12:08 - 2016-01-22 17:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll2016-02-21 12:08 - 2016-01-22 17:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2016-02-21 12:08 - 2016-01-22 16:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2016-02-21 12:08 - 2016-01-22 16:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2016-02-21 12:08 - 2016-01-22 16:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2016-02-21 12:08 - 2016-01-22 15:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2016-02-21 12:08 - 2016-01-22 15:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2016-02-21 12:08 - 2016-01-22 15:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2016-02-21 12:08 - 2016-01-22 15:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2016-02-21 12:08 - 2016-01-22 15:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2016-02-21 12:08 - 2016-01-22 15:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2016-02-21 12:08 - 2016-01-22 15:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2016-02-21 12:08 - 2016-01-22 15:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2016-02-21 12:08 - 2016-01-22 15:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2016-02-21 12:08 - 2016-01-22 15:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll2016-02-21 12:08 - 2016-01-22 15:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 15:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 15:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 15:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2016-02-21 12:06 - 2016-01-17 06:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll2016-02-21 12:06 - 2016-01-17 05:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll2016-02-21 12:04 - 2016-01-22 17:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2016-02-21 12:04 - 2016-01-22 17:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll2016-02-21 12:04 - 2016-01-22 17:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2016-02-21 12:04 - 2016-01-22 17:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2016-02-21 12:04 - 2016-01-22 17:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll2016-02-21 12:04 - 2016-01-22 16:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2016-02-21 12:04 - 2016-01-22 16:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe2016-02-21 12:04 - 2016-01-22 16:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe2016-02-21 12:04 - 2016-01-12 06:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2016-02-21 12:04 - 2016-01-08 04:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2016-02-21 12:03 - 2016-01-23 07:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2016-02-21 12:03 - 2016-01-23 07:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2016-02-21 12:03 - 2016-01-22 17:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2016-02-21 12:03 - 2016-01-22 17:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2016-02-21 12:03 - 2016-01-22 17:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2016-02-21 12:03 - 2016-01-22 17:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2016-02-21 12:03 - 2016-01-22 17:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2016-02-21 12:03 - 2016-01-22 17:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2016-02-21 12:03 - 2016-01-22 17:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2016-02-21 12:03 - 2016-01-22 17:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2016-02-21 12:03 - 2016-01-22 17:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2016-02-21 12:03 - 2016-01-22 17:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2016-02-21 12:03 - 2016-01-22 17:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2016-02-21 12:03 - 2016-01-22 17:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2016-02-21 12:03 - 2016-01-22 17:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2016-02-21 12:03 - 2016-01-22 17:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2016-02-21 12:03 - 2016-01-22 17:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2016-02-21 12:03 - 2016-01-22 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll2016-02-21 12:03 - 2016-01-22 17:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2016-02-21 12:03 - 2016-01-22 17:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2016-02-21 12:03 - 2016-01-22 17:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2016-02-21 12:03 - 2016-01-22 17:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2016-02-21 12:03 - 2016-01-22 17:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2016-02-21 12:03 - 2016-01-22 17:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2016-02-21 12:03 - 2016-01-22 17:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2016-02-21 12:03 - 2016-01-22 17:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2016-02-21 12:03 - 2016-01-22 17:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2016-02-21 12:03 - 2016-01-22 16:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2016-02-21 12:03 - 2016-01-22 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2016-02-21 12:03 - 2016-01-22 16:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2016-02-21 12:03 - 2016-01-22 16:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2016-02-21 12:03 - 2016-01-22 16:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2016-02-21 12:03 - 2016-01-22 16:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2016-02-21 12:03 - 2016-01-22 16:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2016-02-21 12:03 - 2016-01-22 16:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2016-02-21 12:03 - 2016-01-22 16:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2016-02-21 12:03 - 2016-01-22 16:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2016-02-21 12:03 - 2016-01-22 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2016-02-21 12:03 - 2016-01-22 16:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2016-02-21 12:03 - 2016-01-22 16:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2016-02-21 12:03 - 2016-01-22 16:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2016-02-21 12:03 - 2016-01-22 16:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2016-02-21 12:03 - 2016-01-22 16:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2016-02-21 12:03 - 2016-01-22 16:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2016-02-21 12:03 - 2016-01-22 16:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2016-02-21 12:03 - 2016-01-22 16:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2016-02-21 12:03 - 2016-01-22 16:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2016-02-21 12:03 - 2016-01-22 16:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2016-02-21 12:03 - 2016-01-22 16:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2016-02-21 12:03 - 2016-01-22 16:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2016-02-21 12:03 - 2016-01-22 16:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2016-02-21 12:03 - 2016-01-22 16:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2016-02-21 12:01 - 2016-02-06 21:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2016-02-21 12:01 - 2016-02-06 21:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2016-02-21 12:01 - 2016-02-06 21:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2016-02-21 12:01 - 2016-02-06 21:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2016-02-21 12:01 - 2016-02-06 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2016-02-21 12:01 - 2016-02-06 21:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2016-02-21 12:01 - 2016-02-06 20:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2016-02-21 12:01 - 2016-02-06 20:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2016-02-21 12:01 - 2016-02-06 20:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2016-02-21 12:01 - 2016-02-06 20:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2016-02-21 12:01 - 2016-02-06 20:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2016-02-21 12:01 - 2016-02-06 20:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2016-02-21 12:01 - 2016-02-06 20:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2016-02-21 12:01 - 2016-02-06 19:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2016-02-21 11:59 - 2016-01-08 04:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2016-02-21 11:57 - 2016-01-17 06:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2016-02-21 11:57 - 2016-01-17 05:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2016-02-21 11:57 - 2016-01-12 01:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2016-02-21 11:57 - 2016-01-12 01:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2016-02-21 11:57 - 2016-01-12 01:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2016-02-21 11:57 - 2016-01-12 01:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2016-02-21 11:57 - 2016-01-12 01:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2016-02-21 11:57 - 2016-01-07 06:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2016-02-21 11:57 - 2016-01-07 06:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll2016-02-21 11:57 - 2016-01-07 05:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2016-02-21 11:56 - 2016-01-12 06:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2016-02-21 11:56 - 2016-01-12 06:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2016-02-21 11:56 - 2016-01-12 06:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2016-02-21 11:56 - 2016-01-12 05:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2016-02-21 11:56 - 2016-01-12 05:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2016-02-21 11:56 - 2016-01-12 05:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2016-02-21 11:56 - 2016-01-12 05:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2016-02-21 11:56 - 2016-01-12 05:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2016-02-21 11:56 - 2016-01-12 05:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2016-02-21 11:56 - 2016-01-12 05:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2016-02-21 11:56 - 2016-01-12 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2016-02-21 11:56 - 2016-01-12 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2016-02-21 11:56 - 2016-01-12 05:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2016-02-21 11:56 - 2016-01-12 05:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2016-02-21 11:56 - 2016-01-12 05:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2016-02-21 11:56 - 2016-01-12 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2016-02-21 11:56 - 2015-12-21 05:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2016-02-21 11:56 - 2015-12-21 05:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll2016-02-21 11:56 - 2015-12-21 01:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll2016-02-21 11:56 - 2015-01-09 14:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll2016-02-21 11:56 - 2015-01-09 14:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll2016-02-21 11:56 - 2015-01-09 14:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll2016-02-21 11:56 - 2015-01-09 13:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll2016-02-19 13:23 - 2016-02-19 13:23 - 00000199 _____ C:\Users\Allan\Desktop\Counter-Strike Global Offensive.url2016-02-15 14:30 - 2016-02-15 14:30 - 00264204 _____ C:\Users\Allan\Desktop\Customer Service Representative - Role Profile.pdf2016-02-15 14:30 - 2016-02-15 14:30 - 00199159 _____ C:\Users\Allan\Desktop\Cook - Role Profile.pdf2016-02-15 11:47 - 2016-02-18 21:55 - 00000030 _____ C:\Users\Allan\Desktop\New Text Document.txt2016-02-14 16:27 - 2016-02-14 16:27 - 00003584 _____ C:\Users\Allan\Downloads\tickets2016-02-14.xls2016-02-11 23:14 - 2016-02-22 20:43 - 00000000 ____D C:\Users\Allan\AppData\Roaming\IDM2016-02-11 23:14 - 2016-02-11 23:14 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager2016-02-11 23:14 - 2016-02-11 23:14 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager2016-02-11 13:57 - 2016-02-11 13:59 - 00000000 ____D C:\onGamepc2016-02-11 13:57 - 2016-02-11 13:57 - 01941888 _____ C:\Users\Allan\Desktop\Ongame_StarterInstall.exe2016-02-11 13:57 - 2016-02-11 13:57 - 00065536 _____ C:\Windows\IFinst27.exe2016-02-11 13:57 - 2016-02-11 13:57 - 00001641 _____ C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Ongame.LNK2016-02-11 13:57 - 2016-02-11 13:57 - 00001617 _____ C:\Users\Allan\Desktop\Ongame.LNK2016-02-11 13:57 - 2016-02-11 13:57 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\onGamepc2016-02-11 09:53 - 2016-02-11 09:53 - 03870154 _____ C:\Users\Allan\Desktop\Artisan_2012_review-by-tubby.pdf2016-02-10 20:07 - 2016-02-10 20:07 - 00391309 _____ C:\Users\Allan\Desktop\AllanCV.pdf2016-02-09 12:59 - 2016-02-09 12:59 - 00000000 ____D C:\Users\Allan\AppData\Roaming\GameDog2016-02-09 12:43 - 2016-02-09 12:59 - 00000000 ____D C:\Users\Allan\AppData\Roaming\ChromaSync2016-02-09 12:43 - 2016-02-09 12:43 - 00000000 ____D C:\Users\Allan\AppData\Local\Downloaded Installations2016-02-09 12:43 - 2016-02-09 12:43 - 00000000 ____D C:\Program Files (x86)\Ultrabox Entertainment2016-02-09 11:59 - 2016-02-09 11:59 - 00000000 ____D C:\Program Files\Razer Chroma SDK2016-02-09 11:59 - 2016-02-09 11:59 - 00000000 ____D C:\Program Files (x86)\Razer Chroma SDK2016-02-08 20:29 - 2016-02-08 20:29 - 00002023 _____ C:\Windows\SysWOW64\CAM.lnk2016-02-08 20:21 - 2016-02-09 09:31 - 00003204 _____ C:\Windows\System32\Tasks\CAM2016-02-08 16:40 - 2016-02-08 16:40 - 00392993 _____ C:\Users\Allan\Desktop\Allan CV.pdf2016-02-05 16:17 - 2016-02-08 16:40 - 00000000 ____D C:\Users\Allan\Desktop\New folder2016-02-03 19:23 - 2016-02-03 19:23 - 00092672 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll2016-02-03 17:55 - 2016-02-03 17:55 - 00080384 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll2016-02-03 17:55 - 2016-02-03 17:55 - 00035328 _____ (Razer Inc.) C:\Windows\SysWOW64\RzAPIChromaSDK.dll2016-02-02 15:49 - 2016-02-15 00:27 - 00096766 _____ C:\Users\Allan\Desktop\Cover letter.pdf2016-01-29 01:47 - 2016-01-28 20:20 - 00209056 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys2016-01-28 14:12 - 2016-01-28 14:12 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo2016-01-26 15:39 - 2016-01-26 15:39 - 00000000 ____D C:\Users\Public\Foxit Software2016-01-26 15:39 - 2016-01-26 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader2016-01-23 10:46 - 2016-01-23 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings2016-01-23 10:46 - 2016-01-23 10:46 - 00000000 ____D C:\Program Files (x86)\AMD2016-01-23 10:01 - 2016-01-23 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved2016-01-23 10:01 - 2016-01-23 10:01 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-22 20:43 - 2013-12-08 20:30 - 00000000 ____D C:\Users\Allan\AppData\Roaming\DMCache2016-02-22 20:24 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\tracing2016-02-22 20:10 - 2016-01-16 00:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2016-02-22 19:49 - 2014-01-31 01:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2016-02-22 17:10 - 2016-01-16 00:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2016-02-22 15:24 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache2016-02-22 13:20 - 2009-07-14 15:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-02-22 13:20 - 2009-07-14 15:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-02-22 13:18 - 2009-07-14 16:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI2016-02-22 13:18 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\inf2016-02-22 13:13 - 2015-08-22 21:06 - 00000000 ____D C:\Users\Allan\AppData\Roaming\ViberPC2016-02-22 13:12 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2016-02-21 18:47 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF2016-02-21 12:45 - 2014-05-21 12:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-02-21 12:40 - 2009-07-14 15:45 - 05182736 _____ C:\Windows\system32\FNTCACHE.DAT2016-02-21 12:39 - 2014-12-13 12:56 - 00000000 ____D C:\Windows\system32\appraiser2016-02-21 12:39 - 2014-05-06 16:41 - 00000000 ___SD C:\Windows\system32\CompatTel2016-02-21 12:39 - 2013-12-08 21:46 - 00000000 ____D C:\Windows\system32\MRT2016-02-21 12:39 - 2011-04-12 19:28 - 00000000 ____D C:\Program Files\Windows Journal2016-02-21 12:36 - 2014-09-22 18:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132016-02-21 12:36 - 2013-12-08 21:46 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2016-02-21 12:35 - 2009-07-14 13:34 - 00000513 _____ C:\Windows\win.ini2016-02-21 12:30 - 2013-12-09 16:32 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2016-02-21 11:07 - 2014-02-16 14:53 - 00000000 ____D C:\Users\Allan\AppData\Local\CrashDumps2016-02-20 22:09 - 2009-07-14 16:08 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT2016-02-20 11:13 - 2016-01-16 01:04 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2016-02-19 17:18 - 2014-06-05 22:02 - 00000000 ____D C:\Users\Allan\Downloads\Compressed2016-02-19 13:35 - 2015-05-27 14:44 - 00000000 ____D C:\Users\Allan\Documents\ViberDownloads2016-02-19 13:23 - 2013-12-26 00:36 - 00000000 ___RD C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2016-02-19 09:52 - 2013-12-14 19:47 - 00000000 ____D C:\Users\Allan\AppData\Roaming\SPlayer2016-02-19 09:52 - 2013-12-14 19:46 - 00000000 ____D C:\Program Files (x86)\SPlayer2016-02-18 22:45 - 2016-01-16 00:58 - 00000000 ____D C:\Users\Allan\AppData\Local\Deployment2016-02-18 22:42 - 2015-06-08 16:37 - 00000000 ____D C:\Program Files (x86)\RocketDock2016-02-18 22:11 - 2013-12-14 16:52 - 00000022 _____ C:\Windows\GPU-Z.INI2016-02-17 18:15 - 2015-11-27 14:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2016-02-13 13:53 - 2013-12-08 20:30 - 00000000 ____D C:\Users\Allan\Downloads\Video2016-02-12 08:57 - 2015-03-11 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager2016-02-10 17:49 - 2014-01-31 01:40 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2016-02-10 17:49 - 2014-01-31 01:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2016-02-10 17:49 - 2014-01-31 01:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2016-02-10 17:05 - 2016-01-16 00:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2016-02-10 17:05 - 2016-01-16 00:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2016-02-01 00:19 - 2014-06-28 02:23 - 00000000 ____D C:\Users\Allan\AppData\Local\ElevatedDiagnostics2016-01-28 19:26 - 2015-04-01 19:34 - 00000000 ____D C:\Program Files\CCleaner2016-01-27 10:49 - 2013-12-10 19:57 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Foxit Software2016-01-26 20:26 - 2015-07-11 00:39 - 00000000 ___HD C:\$Windows.~BT2016-01-26 15:39 - 2015-08-17 20:48 - 00000073 _____ C:\Users\Public\Documents\pre_fileassoc.tmp2016-01-25 15:20 - 2014-09-14 15:30 - 00000000 ____D C:\AMD2016-01-23 10:46 - 2014-09-14 15:44 - 00000000 ____D C:\Program Files\AMD ==================== Files in the root of some directories ======= 2005-04-08 13:16 - 2013-12-14 11:17 - 0027745 ____H () C:\Users\Allan\AppData\Roaming\Allanlog.dat2014-02-05 17:03 - 2014-05-05 22:47 - 0045270 _____ () C:\Users\Allan\AppData\Roaming\room_v3.dat2014-02-11 15:13 - 2014-03-30 13:27 - 0034816 _____ () C:\Users\Allan\AppData\Roaming\RZR_0010375a485988bb99c73272acff.db2014-12-04 18:28 - 2014-12-04 18:28 - 0000044 _____ () C:\Users\Allan\AppData\Roaming\twow_sysprepdt.dat2013-12-10 22:45 - 2014-03-28 20:28 - 1065984 _____ () C:\Users\Allan\AppData\Local\file__0.localstorage2015-04-30 01:59 - 2015-12-08 19:45 - 0007592 _____ () C:\Users\Allan\AppData\Local\resmon.resmoncfg2013-12-08 21:20 - 2013-12-08 21:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2014-06-22 14:58 - 2014-08-25 17:45 - 0006927 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-18 15:19 ==================== End of FRST.txt ============================ -
Hi, Attached are the required txt file. Just want to know whether i'm infected. Thank you for your time Addition.txt FRST.txt
-
Unable to access Google.com throughout home network
longcong01 replied to longcong01's topic in General Windows PC Help
I've found this website (via bing). Followed both solutions, and now I can access Google again. http://www.gadgetsupersite.com/err_name_not_resolved/ Thank you for assisting me! Much appreciate -
Unable to access Google.com throughout home network
longcong01 replied to longcong01's topic in General Windows PC Help
So I just factory format my router. Problem still persists. I have a TPlink Archer D7 router -
Unable to access Google.com throughout home network
longcong01 replied to longcong01's topic in General Windows PC Help
Hi, Yes I have reset my router, multiple times indeed. Problem still persist. I don't know the cause and what to do -
Unable to access Google.com throughout home network
longcong01 replied to longcong01's topic in Resolved Malware Removal Logs
please delete this post. Think this post is in a wrong section -
Hi Malwarebytes team, As being said in the title, none of the device in our home can access Google.com (computers, ios phones/tablets, android phones) The internet works just fine. Other websites work just fine. Google.com is the only thing we cannot access to. I've tried DNS flush using cmd. Run a few malwarebytes scan but they all post clean results Please assist me with this problem. Thank you very much. Allan
-
Hi Malwarebytes team, As being said in the title, none of the device in our home can access Google.com (computers, ios phones/tablets, android phones) The internet works just fine. Other websites work just fine. Google.com is the only thing we cannot access to. I've tried DNS flush using cmd. Run a few malwarebytes scan but they all post clean results Please assist me with this problem. Thank you very much. Allan
-
- Attachment is the produced log from Malwarebyte scan as required by procedure above. - However, a night before that, Malwarebyte actually found something else more suspected (I can't remember the name of the file, but it lies somewhere in C:\Window\Temp...) and I, without reported to you, had deleted it via Malwarebyte (sorry). - Still no email from my ISP though. MBAM-log-2013-11-30 (23-34-57).txt
-
So I've completed the scan. Nothing much happened during the scan though. Booted back into window to find the log file. But then I can't find it with your directory link. Like there was no "Start > Computer > C:\Kaspersky Rescue Disck 10.0" in my C drive. Could it be somewhere else because right after the scan I saw it was actually saving something but didn't get to look at where it saved !?
-
- So the thing is I tried to run the scan twice. But in both time, during the full-scan, my system just crashed and appear to be a blue screen (blue screen of death?). I did the exact as instruction above by the way. - Latest email from ISP [2013-11-19 09:58:20] [14.201.233.223] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-19 09:20:51] [14.201.233.223] Trojan: Sality - Source Port :: 11581/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus [2013-11-18 20:21:04] [14.201.233.223] Trojan: Sality - Source Port :: 25764/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus [2013-11-18 00:51:58] [14.201.239.89] Trojan: Zeus
-
Here's the latest email from the ISP [2013-11-18 00:51:58] [14.201.239.89] Trojan: Zeus [2013-11-18 00:37:42] [14.201.239.89] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-18 00:27:37] [14.201.239.89] Trojan: Sality - Source Port :: 25541/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus [2013-11-16 00:18:04] [14.201.239.89] Trojan: Zeus
-
The virus are still around. Here's part of the email I'd just received this morning: [2013-11-16 00:18:04] [14.201.239.89] Trojan: Zeus [2013-11-16 00:08:30] [14.201.239.89] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-16 00:01:54] [14.201.239.89] Trojan: Sality [2013-11-16 00:01:54] [14.201.239.89] Trojan: Sality - Source Port :: 11750/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus It looks different from any other previous.
-
It's kind of solved the problem. What I've meant by "kind of" is: -when I open a new browser, it's actually "google.com.au" -however, when I open a new tab from that browser, it's still that "https://www.google.com.au/?gfe_rd=cr&ei=KsKGUs3PDOTC8gejsoHICQ" Latest email from my ISP: [2013-11-14 19:39:12] [14.201.233.226] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-14 15:38:28] [14.201.233.226] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-14 14:38:26] [14.201.233.226] Trojan: Zeus [2013-11-14 14:13:28] [14.201.233.226] Trojan: Sality
-
So I've just noticed something in my Mozilla Firefox browser. Whenever I open it or get a new tab, this page appear "https://www.google.com.au/?gfe_rd=ctrl&ei=l7mFUqrOOsHC8gel6oHYBA&gws_rd=cr" I'm just wondering is that normal or something wrong with it as shouldn't it just be "https://www.google.com.au"?
-
- So I tried to run the esset online scan with the exact instruction above but it turned out being something like "You are trying to launch ESET Online Scanner in a different browser than Internet Explorer". I'd clear cache and cookies of the IE and tried again but still fail -Here's the latest email from ISP (received before the procedure in post #17) [2013-11-13 14:16:33] [14.201.233.226] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-13 13:28:49] [14.201.233.226] Trojan: Zeus [2013-11-13 10:16:34] [14.201.233.226] Trojan: Sality - Source Port :: 12250/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus [2013-11-12 18:04:31] [14.201.233.226] Trojan: Sality - Source Port :: 18486/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus