Jump to content

longcong01

Honorary Members
  • Posts

    35
  • Joined

  • Last visited

Everything posted by longcong01

  1. Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01 Ran by Allan (2016-02-22 20:44:21) Running from C:\Users\Allan\Downloads\Programs Windows 7 Ultimate Service Pack 1 (X64) (2013-11-02 12:40:24) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3181654477-1840067016-2515705808-500 - Administrator - Disabled) Allan (S-1-5-21-3181654477-1840067016-2515705808-1000 - Administrator - Enabled) => C:\Users\Allan Guest (S-1-5-21-3181654477-1840067016-2515705808-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3181654477-1840067016-2515705808-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden 7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.) ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.1.1.1 - ASUSTek COMPUTER INC.) ASUS GPU TweakII (x32 Version: 1.1.1.1 - ASUSTek COMPUTER INC.) Hidden Autodesk DirectConnect 2015 64-bit Hotfix1 (HKLM\...\Autodesk DirectConnect 2015 64-bit_9001) (Version: 9.0.56.4 - Autodesk) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Catalyst Control Center Next Localization BR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform) Common Desktop Agent (Version: 1.52.0 - OEM) Hidden Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated) DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.4.0.0377 - Disc Soft Ltd) Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version: - EnTech Taiwan) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC) FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.) Futuremark SystemInfo (HKLM-x32\...\{991C8DEA-3C01-45B8-A62B-1BB69BDC277D}) (Version: 4.23.255 - Futuremark) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) iFunBox 2014 (v3.1.562.425), iFunbox DevTeam (HKLM-x32\...\iFunBox 2014_is1) (Version: v3.1.562.425 - ) Intel® C++ Redistributables for Windows* on Intel® 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1658 - Intel Corporation) Intel® Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPRO) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation) Mozilla Firefox 41.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-US)) (Version: 41.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Ongame Uninstall (HKLM-x32\...\Ongame) (Version: - ) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.4.1 - Razer Inc.) Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.28549 - Razer Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7218 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.0 - Rockstar Games) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.00.47.00 - Samsung Electronics Co., Ltd.) Samsung ML-1860 Series (HKLM-x32\...\Samsung ML-1860 Series) (Version: - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.) Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (Version: - Microsoft) Hidden SPlayer (HKLM-x32\...\SPlayer) (Version: - ) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.5.10.0 - Manuel Hoefs (Zottel)) UniKey 4.0 RC2 (build 1101) (HKLM-x32\...\{AC006985-A51F-42AC-A7E9-5E66D8AC8063}_is1) (Version: - Pham Kim Long) Unity Web Player (HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS) Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PRJPRO_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) Update for Skype for Business 2015 (KB3114502) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6F47687A-78E9-41B1-8587-ED0CC2677A2A}) (Version: - Microsoft) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden Viber (HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Viber) (Version: 5.2.0.2546 - Viber Media Inc) Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.) Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.) Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson) WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH) Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {065DADFF-6CA8-4DFA-B569-F2DF751631AD} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_Client_V3.exe Task: {15226288-5087-40F8-9418-99860AA42E9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated) Task: {3E8C21E1-E35E-4FA9-93D5-DECB45E090DA} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {4466F399-9E01-43AA-852B-EF3A14DA60BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.) Task: {4C627802-BD3F-406C-93DE-E82040A377E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {50C2A11F-47D5-46F7-B50D-CE02FD3EF073} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd) Task: {63D2BF68-4855-4EBE-919E-4D354A165802} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe Task: {AC31406E-0A6E-4B98-8281-49B8EAF46E32} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-23] (Advanced Micro Devices, Inc.) Task: {CDC0D532-AEA9-4945-9CC3-E4608C780E55} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {CFA9FCFC-2EE2-4D81-BF01-95637190F4BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-16] (Google Inc.) Task: {D3A552DF-88A3-487E-A460-4B7A6939A366} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation) Task: {EF9C6D40-9144-4CDC-B7E0-A292078C23B8} - System32\Tasks\{B7E15F21-B311-403B-BD35-6E786A767B8D} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.1.0.129.272&LastError=404 Task: {F79BEC48-C24D-4CA5-8C53-95C39248B8AB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.) Task: {FA6A7988-FB77-4AB6-8E35-3B0121B0B110} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-04-10 10:11 - 2012-04-10 10:11 - 00034304 _____ () C:\Windows\System32\ssb6mlm.dll 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-11-02 23:45 - 2012-10-29 18:48 - 00927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe 2014-09-23 18:24 - 2012-07-27 15:10 - 00055296 _____ () C:\Windows\BurnService.exe 2015-11-05 11:11 - 2015-11-05 11:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 2015-11-10 15:45 - 2015-11-10 15:45 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2015-12-21 18:55 - 2015-12-21 18:55 - 00292352 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe 2016-02-19 13:12 - 2016-02-19 13:12 - 00103424 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe 2013-11-02 23:45 - 2016-02-22 13:12 - 00038032 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll 2013-11-02 23:45 - 2012-05-08 03:04 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll 2016-01-06 12:11 - 2016-01-06 12:11 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll 2015-12-31 01:05 - 2015-10-07 06:26 - 50656768 _____ () C:\Users\Allan\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll 2015-12-31 01:05 - 2015-10-07 06:26 - 01874944 _____ () C:\Users\Allan\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll 2015-12-31 01:05 - 2015-10-07 06:26 - 00075264 _____ () C:\Users\Allan\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll 2015-12-24 02:31 - 2015-12-24 02:31 - 00186368 _____ () C:\Windows\SysWOW64\GameManager32.dll 2014-09-16 13:32 - 2015-12-15 16:54 - 00782336 _____ () F:\Steam\SDL2.dll 2015-01-20 14:44 - 2015-07-04 03:12 - 04962816 _____ () F:\Steam\v8.dll 2015-01-20 14:44 - 2015-07-04 03:12 - 01556992 _____ () F:\Steam\icui18n.dll 2015-01-20 14:44 - 2015-07-04 03:12 - 01187840 _____ () F:\Steam\icuuc.dll 2014-09-16 13:32 - 2016-02-05 08:02 - 02546768 _____ () F:\Steam\video.dll 2014-09-16 13:32 - 2015-09-24 11:33 - 02549248 _____ () F:\Steam\libavcodec-56.dll 2014-09-16 13:32 - 2015-09-24 11:33 - 00442880 _____ () F:\Steam\libavutil-54.dll 2014-09-16 13:32 - 2015-09-24 11:33 - 00491008 _____ () F:\Steam\libavformat-56.dll 2014-09-16 13:32 - 2015-09-24 11:33 - 00332800 _____ () F:\Steam\libavresample-2.dll 2014-09-16 13:32 - 2015-09-24 11:33 - 00485888 _____ () F:\Steam\libswscale-3.dll 2014-09-16 13:32 - 2016-02-05 08:01 - 00802896 _____ () F:\Steam\bin\chromehtml.DLL 2015-07-22 20:00 - 2015-12-30 12:51 - 00208896 _____ () F:\Steam\bin\openvr_api.dll 2016-02-22 18:34 - 2016-02-22 18:34 - 00155232 ___HT () C:\Users\Allan\AppData\Local\Temp\~2D3F.tmp 2014-09-16 13:32 - 2016-01-06 12:52 - 48387872 _____ () F:\Steam\bin\libcef.dll 2015-01-20 14:44 - 2015-09-25 10:56 - 00119208 _____ () F:\Steam\winh264.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00198144 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\launcher.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00317952 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00203776 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\vstdlib.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00390656 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\filesystem_stdio.dll 2016-02-19 13:12 - 2016-02-20 11:35 - 06930944 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\engine.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00166912 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\inputsystem.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 01174016 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vphysics.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 01242112 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\materialsystem.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00355840 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\datacache.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00610816 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\studiorender.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00164864 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\soundemittersystem.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00708096 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vscript.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00134656 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\valve_avi.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 01336320 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vguimatsurface.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00395264 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vgui2.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 03276288 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\scaleformui.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 01769984 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\shaderapidx9.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00143360 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\localize.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00230912 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dbg.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 01016832 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\stdshader_dx9.dll 2016-02-19 13:12 - 2016-02-20 11:35 - 00585216 _____ () f:\steam\steamapps\common\counter-strike global offensive\csgo\bin\matchmaking.dll 2016-02-19 13:12 - 2016-02-20 11:35 - 12677120 _____ () f:\steam\steamapps\common\counter-strike global offensive\csgo\bin\client.dll 2016-02-19 13:12 - 2016-02-20 11:36 - 10231296 _____ () f:\steam\steamapps\common\counter-strike global offensive\csgo\bin\server.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00094208 _____ () F:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\scenefilecache.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00084992 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vaudio_miles.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00071680 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\mssmp3.asi 2016-02-19 13:12 - 2016-02-19 13:12 - 00012800 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\mssds3d.flt 2016-02-19 13:12 - 2016-02-19 13:12 - 00055808 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\msseax.flt 2016-02-19 13:12 - 2016-02-19 13:12 - 00974336 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\serverbrowser.dll 2016-02-19 13:12 - 2016-02-19 13:12 - 00173568 _____ () f:\steam\steamapps\common\counter-strike global offensive\bin\vaudio_celt.dll 2015-11-10 15:45 - 2015-11-10 15:45 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-02-20 11:13 - 2016-02-18 15:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll 2016-02-20 11:13 - 2016-02-18 15:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:A1EDB939 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\dell.com -> dell.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-02-21 18:04 - 2014-01-19 19:30 - 00000822 ____A C:\Windows\system32\Drivers\etc\hosts # ::1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun MSCONFIG\startupreg: GarenaPlus => "F:\Garena Plus\GarenaMessenger.exe" -autolaunch MSCONFIG\startupreg: iFunBox Price Watch => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NVIDIA GeForce Experience => C:\Users\Allan\AppData\Local\Temp\nvtmru.exe MSCONFIG\startupreg: Razer Comms => C:\Program Files (x86)\Razer\Core\RazerCore.exe /ChatApplet MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: Spotify => "C:\Users\Allan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Allan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" MSCONFIG\startupreg: uTorrent => "C:\Users\Allan\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{50673821-DA76-4EA5-94D3-2DB91D195180}] => (Allow) LPort=8370 FirewallRules: [{FD227E2E-C981-4B2C-BE79-13D296EC26D1}] => (Allow) LPort=8370 FirewallRules: [{3F1FEF14-DBE0-4BB6-98FB-673AA0EB7E52}] => (Allow) LPort=6937 FirewallRules: [{A1DE7DC6-9831-45F2-8BD0-7937C1B41C88}] => (Allow) LPort=6937 FirewallRules: [TCP Query User{E3410F6A-79C9-44C6-818D-B4F6DB95741B}G:\games\warcraft iii\war3.exe] => (Allow) G:\games\warcraft iii\war3.exe FirewallRules: [uDP Query User{D7B250A5-01A4-420C-BE50-198851EEF7EA}G:\games\warcraft iii\war3.exe] => (Allow) G:\games\warcraft iii\war3.exe FirewallRules: [TCP Query User{C8D3FADF-2AE4-4A25-90A8-4C8C55970592}G:\games\warcraft iii\war3.exe] => (Allow) G:\games\warcraft iii\war3.exe FirewallRules: [uDP Query User{8FC4F137-9AF4-4A3B-9C22-7512C90E8E23}G:\games\warcraft iii\war3.exe] => (Allow) G:\games\warcraft iii\war3.exe FirewallRules: [{5B9DE0E8-8426-4360-B9CB-65F771689717}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{6D6FFC7B-2209-48F9-9AC2-351B726CC01D}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{AF329091-BD85-4C8C-B8CC-7DF449D220E5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{533B0AA9-C493-4A0A-9F2F-774D750CDEB8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{05B27635-92F8-4BED-80A7-ECA85762CA55}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{21E88AE4-6326-489F-B4B4-5BF3C52E3F28}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{05061AE0-728D-4487-899D-E134080C9632}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{78A4CB05-F90C-4A9C-8482-8F79C08BBF1A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{2E229BAB-E6F8-41D3-985D-71D0FC8EEA06}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{C1626BC5-9BF8-405F-96DE-073199735AC3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{1991006F-AE8D-4004-B587-687196DD6E06}] => (Allow) F:\Steam\Steam.exe FirewallRules: [{BF0DD8FD-CE24-4B4F-9D1F-609E6CAF03A3}] => (Allow) F:\Steam\Steam.exe FirewallRules: [{3F7FC6A0-0BA6-46BA-A6E9-2F42B7C0EA2B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{C5F08152-CECB-486D-891A-CB58B2472B51}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{E2770657-1390-4FF8-8A8D-73EAFA3C9254}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{8AE6450D-E13D-4FD8-B796-9C0A3F24BCD9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{4FBE4D5A-2028-47D2-9638-0F5FD6044828}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D0F70DED-837D-4225-9654-F8FDAB5AB323}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{3291EF40-980B-4799-A71F-DC20EB53BEE8}D:\gta v\gta5.exe] => (Allow) D:\gta v\gta5.exe FirewallRules: [uDP Query User{4CFD9D1E-598D-44DE-82EF-C9604EFA392C}D:\gta v\gta5.exe] => (Allow) D:\gta v\gta5.exe FirewallRules: [{307C7409-9679-4D7B-8D00-1B6399BC34CD}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{B42CC7B8-7D0A-4D5B-B300-06D3D3CF9781}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe FirewallRules: [{AE6818B0-3B1D-4C77-A112-BD7690EF05D5}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{1E30B941-C391-44B9-8409-9A7B0B903EC8}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe FirewallRules: [{E8FFD2A2-A699-4588-95C0-924011018FBF}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{5912D62F-83CA-493E-BB1D-6B6912E07D7C}] => (Allow) F:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AD2BC2C4-A8CB-431C-8D1F-80B3F793CC8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{042DF80F-A8CF-4A71-AB3B-2D951727BEB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1F3514EF-469C-4D6B-9364-39BA41DF6195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1CB4A712-8C0C-48E8-A78E-184A05B85F2C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{F4AD760A-727E-4BEE-A7D7-FA3FECACE398}] => (Allow) F:\Steam\bin\steamwebhelper.exe FirewallRules: [{56BE511E-E0DE-433A-AD78-E32FE40115CA}] => (Allow) F:\Steam\bin\steamwebhelper.exe FirewallRules: [{7FC6D454-3099-4FE6-8FB3-E8C7F0977270}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{CDCB7B9B-8103-4030-AF2E-25E8502AFA51}] => (Allow) LPort=9143 FirewallRules: [{82C11CF0-8DF6-45DB-8164-24419E6298C2}] => (Allow) LPort=2333 FirewallRules: [TCP Query User{2AC72426-5B9A-483A-A7C5-07336F43154D}C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe FirewallRules: [uDP Query User{1EE214DC-1882-478A-884E-1AF741F8DAE8}C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe] => (Allow) C:\program files (x86)\ultrabox entertainment\chroma sync\chroma sync.exe FirewallRules: [{9D33BACD-35AB-497B-8BEA-F5F7D0C76C95}] => (Allow) F:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{0C12ED30-4346-4E07-A631-47C0C76323B9}] => (Allow) F:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{46155086-99CB-4FBB-BDFA-530C62FAAEE6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 22-02-2016 13:17:23 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/22/2016 02:15:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (02/22/2016 01:14:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 07:01:16 PM) (Source: Windows Backup) (EventID: 4104) (User: ) Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048). Error: (02/21/2016 05:09:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 05:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 04:23:30 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 12:42:47 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 11:20:23 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (02/21/2016 11:17:37 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (02/21/2016 11:07:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (02/21/2016 06:03:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (02/21/2016 04:21:50 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (02/21/2016 11:18:03 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.6680.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/21/2016 11:18:03 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: %NT AUTHORITY60 has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.213.6680.0 Update Source: %NT AUTHORITY59 Update Stage: 4.8.0204.00 Source Path: 4.8.0204.01 Signature Type: %NT AUTHORITY602 Update Type: %NT AUTHORITY604 User: NT AUTHORITY\SYSTEM Current Engine Version: %NT AUTHORITY605 Previous Engine Version: %NT AUTHORITY606 Error code: %NT AUTHORITY607 Error description: %NT AUTHORITY608 Error: (02/19/2016 07:35:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (02/11/2016 11:18:49 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:17:16 AM on ‎2/‎11/‎2016 was unexpected. Error: (02/09/2016 02:40:35 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (02/09/2016 11:59:04 AM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (02/05/2016 04:54:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (02/05/2016 04:54:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. CodeIntegrity: =================================== Date: 2016-02-21 13:08:57.222 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.217 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.213 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.112 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.106 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.102 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.022 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.018 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:57.015 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. Date: 2016-02-21 13:08:56.890 Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume1\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available. ==================== Memory info =========================== Processor: Intel® Core i7-4770K CPU @ 3.50GHz Percentage of memory in use: 35% Total physical RAM: 16321.47 MB Available physical RAM: 10467.91 MB Total Virtual: 32641.14 MB Available Virtual: 25442.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:6.78 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:60.62 GB) NTFS Drive f: (New Volume) (Fixed) (Total:127.73 GB) (Free:87.01 GB) NTFS Drive g: (New Volume) (Fixed) (Total:585.93 GB) (Free:97.87 GB) NTFS Drive h: (New Volume) (Fixed) (Total:683.59 GB) (Free:78.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C08A0197) Partition 1: (Active) - (Size=111.7 GB) - (Type=07 NTFS) Addtion.txt ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C799510C) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 4D3B57B9) Partition 1: (Not Active) - (Size=127.7 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1269.5 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================
  2. FRST Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01Ran by Allan (administrator) on ALLAN-PC (22-02-2016 20:44:05)Running from C:\Users\Allan\Downloads\ProgramsLoaded Profiles: Allan (Available Profiles: Allan)Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe() C:\Windows\BurnService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe(Razer, Inc.) C:\Users\Allan\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe(Valve Corporation) F:\Steam\Steam.exe(Valve Corporation) F:\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Valve Corporation) F:\Steam\bin\steamwebhelper.exe() F:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe(Razer, Inc.) C:\Users\Allan\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe(Valve Corporation) F:\Steam\GameOverlayUI.exe(Valve Corporation) F:\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) F:\Steam\bin\steamwebhelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)HKLM\...\Run: [startCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4887752 2015-12-23] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [594240 2016-01-13] (Razer Inc.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Winlogon: [shell] explorer.exe, [ ] () <=== ATTENTIONHKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Run: [Viber] => C:\Users\Allan\AppData\Local\Viber\Viber.exe [51657424 2015-11-09] ()HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3125280 2013-10-17] (Disc Soft Ltd)HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3915832 2016-01-28] (Tonec Inc.)HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Run: [GoogleChromeAutoLaunch_4E6D16C6E981389D04E2F9DFD680F0A9] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-18] (Google Inc.)HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Policies\Explorer: [] HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\MountPoints2: {12b268d6-4452-11e3-b42a-806e6f6e6963} - E:\.\Bin\ASSETUP.exeHKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\MountPoints2: {49c16855-6592-11e4-8534-806e6f6e6963} - E:\Setup.exeShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2016-02-12]ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\D2U.lnk [2014-09-06]ShortcutTarget: D2U.lnk -> C:\Users\Allan\AppData\Local\Temp\Rar$EXa0.480\Dota2 Utilities v1.2.exe (No File)GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4Tcpip\..\Interfaces\{C475629D-ECAB-46CA-B7DE-7FEB7BD2CD4B}: [DhcpNameServer] 8.8.8.8 8.8.4.4Tcpip\..\Interfaces\{E154AA45-3815-47CC-89D0-476F70C2DB37}: [DhcpNameServer] 172.20.10.1 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSEHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSEHKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433587094&z=6c984797463974d1ba44a67g0z8c0c2wdb9m1eem9w&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1433587094&z=6c984797463974d1ba44a67g0z8c0c2wdb9m1eem9w&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433587094&z=6c984797463974d1ba44a67g0z8c0c2wdb9m1eem9w&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1433587094&z=6c984797463974d1ba44a67g0z8c0c2wdb9m1eem9w&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=dspp&ts=1433587124&z=1a6f25a4866a9e1884ec5ceg7zdcbc2webbmeg9eaq&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSEHKU\S-1-5-21-3181654477-1840067016-2515705808-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://iat.ninemsn.com.au/tickler/default.aspx?ocid=iehpHKU\S-1-5-21-3181654477-1840067016-2515705808-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=dspp&ts=1433587124&z=1a6f25a4866a9e1884ec5ceg7zdcbc2webbmeg9eaq&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&q={searchTerms}SearchScopes: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&ts=1433587129&type=default&q={searchTerms}SearchScopes: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&ts=1433587129&type=default&q={searchTerms}SearchScopes: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&ts=1433587129&type=default&q={searchTerms}SearchScopes: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSESearchScopes: HKU\S-1-5-21-3181654477-1840067016-2515705808-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W&ts=1433587129&type=default&q={searchTerms}BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-09] (Internet Download Manager, Tonec Inc.)BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-09] (Internet Download Manager, Tonec Inc.)BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-11-18] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-18] (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-18] (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation) FireFox:========FF ProfilePath: C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.defaultFF Homepage: hxxp://www.google.com/FF Session Restore: -> is enabled.FF NetworkProxy: "backup.ftp", ""FF NetworkProxy: "backup.ftp_port", 0FF NetworkProxy: "backup.socks", ""FF NetworkProxy: "backup.socks_port", 0FF NetworkProxy: "backup.ssl", ""FF NetworkProxy: "backup.ssl_port", 0FF NetworkProxy: "ftp", "113.161.77.184"FF NetworkProxy: "ftp_port", 10FF NetworkProxy: "http", "113.161.77.184"FF NetworkProxy: "http_port", 10FF NetworkProxy: "share_proxy_settings", trueFF NetworkProxy: "socks", "113.161.77.184"FF NetworkProxy: "socks_port", 10FF NetworkProxy: "ssl", "113.161.77.184"FF NetworkProxy: "ssl_port", 10FF NetworkProxy: "type", 4FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-3181654477-1840067016-2515705808-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Allan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)FF user.js: detected! => C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.default\user.js [2015-08-12]FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)FF Extension: YouTube Auto Replay - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.default\extensions\YouTubeAutoReplay@arikv.com.xpi [2015-07-13]FF Extension: Xmarks - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.default\extensions\foxmarks@kei.com [2015-12-23]FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-01-27]FF Extension: Adblock Plus - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-22]FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Allan\AppData\Roaming\Mozilla\Firefox\Profiles\mstj4es1.default\extensions\sweetsearch@gmail.com => not foundFF HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpiFF HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Allan\AppData\Roaming\IDM\idmmzcc5FF Extension: IDM CC - C:\Users\Allan\AppData\Roaming\IDM\idmmzcc5 [2016-02-22] [not signed]FF HKU\S-1-5-21-3181654477-1840067016-2515705808-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi Chrome: =======CHR HomePage: Default -> hxxp://google.com.au/CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1433587094&z=6c984797463974d1ba44a67g0z8c0c2wdb9m1eem9w&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W","hxxp://do-search.com/?type=hppp&ts=1433587124&z=1a6f25a4866a9e1884ec5ceg7zdcbc2webbmeg9eaq&from=cor&uid=SamsungXSSDX840XEVOX120GB_S1D5NSBD917016W","hxxp://www.google.com/"CHR Session Restore: Default -> is enabled.CHR Profile: C:\Users\Allan\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-16]CHR Extension: (Google Docs) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-16]CHR Extension: (Google Drive) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]CHR Extension: (YouTube) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-16]CHR Extension: (Adblock Plus) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-04]CHR Extension: (Steam inventory helper) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-02-21]CHR Extension: (Google Search) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-16]CHR Extension: (Google Sheets) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-16]CHR Extension: (Google Docs Offline) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-16]CHR Extension: (MonoChrome) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnlphmmcijokifloflhecnkkhbpdnnk [2016-01-16]CHR Extension: (Auto Replay for YouTube™) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2016-01-16]CHR Extension: (IDM Integration Module) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-02-14]CHR Extension: (Chrome Web Store Payments) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-16]CHR Extension: (Gmail) - C:\Users\Allan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-16]CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-01-29]CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-01-29] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()R2 Asus VGA Burn Service; C:\Windows\BurnService.exe [55296 2012-07-27] () [File not signed]S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-11-21] (Futuremark)S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [58368 2016-02-03] (Razer Inc.) [File not signed]R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-05-29] (Enigma Software Group USA, LLC.)R2 Themes; C:\Windows\system32\themeservice.dll [44544 2015-06-06] (Microsoft Corporation) [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-28] ()R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-15] (Disc Soft Ltd)R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-29] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-14] (Razer Inc)R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)S3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-07-29] (Windows ® Win 7 DDK provider)S3 WinRing0_1_2_0; C:\Users\Allan\Desktop\New folder\RealTemp_370\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)S3 cpuz138; \??\C:\Users\Allan\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]S3 GPU-Z; \??\C:\Users\Allan\AppData\Local\Temp\GPU-Z.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X]S3 X6va029; \??\C:\Windows\SysWOW64\Drivers\X6va029 [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-22 20:43 - 2016-02-22 20:44 - 00000000 ____D C:\FRST2016-02-21 12:08 - 2016-01-22 17:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2016-02-21 12:08 - 2016-01-22 17:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2016-02-21 12:08 - 2016-01-22 17:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2016-02-21 12:08 - 2016-01-22 17:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2016-02-21 12:08 - 2016-01-22 17:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2016-02-21 12:08 - 2016-01-22 17:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2016-02-21 12:08 - 2016-01-22 17:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2016-02-21 12:08 - 2016-01-22 17:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2016-02-21 12:08 - 2016-01-22 17:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll2016-02-21 12:08 - 2016-01-22 17:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll2016-02-21 12:08 - 2016-01-22 17:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2016-02-21 12:08 - 2016-01-22 17:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2016-02-21 12:08 - 2016-01-22 17:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2016-02-21 12:08 - 2016-01-22 17:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll2016-02-21 12:08 - 2016-01-22 17:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2016-02-21 12:08 - 2016-01-22 17:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2016-02-21 12:08 - 2016-01-22 17:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2016-02-21 12:08 - 2016-01-22 17:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2016-02-21 12:08 - 2016-01-22 17:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2016-02-21 12:08 - 2016-01-22 17:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2016-02-21 12:08 - 2016-01-22 17:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2016-02-21 12:08 - 2016-01-22 17:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2016-02-21 12:08 - 2016-01-22 17:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2016-02-21 12:08 - 2016-01-22 17:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll2016-02-21 12:08 - 2016-01-22 17:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 17:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2016-02-21 12:08 - 2016-01-22 17:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2016-02-21 12:08 - 2016-01-22 17:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2016-02-21 12:08 - 2016-01-22 17:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2016-02-21 12:08 - 2016-01-22 17:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2016-02-21 12:08 - 2016-01-22 17:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll2016-02-21 12:08 - 2016-01-22 17:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll2016-02-21 12:08 - 2016-01-22 17:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 16:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2016-02-21 12:08 - 2016-01-22 16:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2016-02-21 12:08 - 2016-01-22 16:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2016-02-21 12:08 - 2016-01-22 16:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2016-02-21 12:08 - 2016-01-22 15:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2016-02-21 12:08 - 2016-01-22 15:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2016-02-21 12:08 - 2016-01-22 15:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2016-02-21 12:08 - 2016-01-22 15:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2016-02-21 12:08 - 2016-01-22 15:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2016-02-21 12:08 - 2016-01-22 15:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2016-02-21 12:08 - 2016-01-22 15:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2016-02-21 12:08 - 2016-01-22 15:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2016-02-21 12:08 - 2016-01-22 15:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2016-02-21 12:08 - 2016-01-22 15:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll2016-02-21 12:08 - 2016-01-22 15:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 15:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 15:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2016-02-21 12:08 - 2016-01-22 15:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2016-02-21 12:06 - 2016-01-17 06:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll2016-02-21 12:06 - 2016-01-17 05:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll2016-02-21 12:05 - 2015-11-20 01:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll2016-02-21 12:05 - 2015-11-20 01:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll2016-02-21 12:04 - 2016-01-22 17:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2016-02-21 12:04 - 2016-01-22 17:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll2016-02-21 12:04 - 2016-01-22 17:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2016-02-21 12:04 - 2016-01-22 17:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2016-02-21 12:04 - 2016-01-22 17:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll2016-02-21 12:04 - 2016-01-22 16:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2016-02-21 12:04 - 2016-01-22 16:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe2016-02-21 12:04 - 2016-01-22 16:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe2016-02-21 12:04 - 2016-01-12 06:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2016-02-21 12:04 - 2016-01-08 04:53 - 03211776 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2016-02-21 12:03 - 2016-01-23 07:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2016-02-21 12:03 - 2016-01-23 07:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2016-02-21 12:03 - 2016-01-22 17:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2016-02-21 12:03 - 2016-01-22 17:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2016-02-21 12:03 - 2016-01-22 17:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2016-02-21 12:03 - 2016-01-22 17:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2016-02-21 12:03 - 2016-01-22 17:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2016-02-21 12:03 - 2016-01-22 17:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2016-02-21 12:03 - 2016-01-22 17:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2016-02-21 12:03 - 2016-01-22 17:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2016-02-21 12:03 - 2016-01-22 17:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2016-02-21 12:03 - 2016-01-22 17:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2016-02-21 12:03 - 2016-01-22 17:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2016-02-21 12:03 - 2016-01-22 17:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2016-02-21 12:03 - 2016-01-22 17:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2016-02-21 12:03 - 2016-01-22 17:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2016-02-21 12:03 - 2016-01-22 17:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2016-02-21 12:03 - 2016-01-22 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll2016-02-21 12:03 - 2016-01-22 17:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2016-02-21 12:03 - 2016-01-22 17:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2016-02-21 12:03 - 2016-01-22 17:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2016-02-21 12:03 - 2016-01-22 17:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2016-02-21 12:03 - 2016-01-22 17:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2016-02-21 12:03 - 2016-01-22 17:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2016-02-21 12:03 - 2016-01-22 17:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2016-02-21 12:03 - 2016-01-22 17:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2016-02-21 12:03 - 2016-01-22 17:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2016-02-21 12:03 - 2016-01-22 16:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2016-02-21 12:03 - 2016-01-22 16:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2016-02-21 12:03 - 2016-01-22 16:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2016-02-21 12:03 - 2016-01-22 16:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2016-02-21 12:03 - 2016-01-22 16:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2016-02-21 12:03 - 2016-01-22 16:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2016-02-21 12:03 - 2016-01-22 16:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2016-02-21 12:03 - 2016-01-22 16:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2016-02-21 12:03 - 2016-01-22 16:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2016-02-21 12:03 - 2016-01-22 16:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2016-02-21 12:03 - 2016-01-22 16:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2016-02-21 12:03 - 2016-01-22 16:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll2016-02-21 12:03 - 2016-01-22 16:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2016-02-21 12:03 - 2016-01-22 16:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2016-02-21 12:03 - 2016-01-22 16:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2016-02-21 12:03 - 2016-01-22 16:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2016-02-21 12:03 - 2016-01-22 16:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2016-02-21 12:03 - 2016-01-22 16:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2016-02-21 12:03 - 2016-01-22 16:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2016-02-21 12:03 - 2016-01-22 16:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2016-02-21 12:03 - 2016-01-22 16:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2016-02-21 12:03 - 2016-01-22 16:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2016-02-21 12:03 - 2016-01-22 16:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2016-02-21 12:03 - 2016-01-22 16:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2016-02-21 12:03 - 2016-01-22 16:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2016-02-21 12:01 - 2016-02-06 21:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2016-02-21 12:01 - 2016-02-06 21:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2016-02-21 12:01 - 2016-02-06 21:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2016-02-21 12:01 - 2016-02-06 21:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2016-02-21 12:01 - 2016-02-06 21:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2016-02-21 12:01 - 2016-02-06 21:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2016-02-21 12:01 - 2016-02-06 20:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2016-02-21 12:01 - 2016-02-06 20:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2016-02-21 12:01 - 2016-02-06 20:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2016-02-21 12:01 - 2016-02-06 20:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2016-02-21 12:01 - 2016-02-06 20:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2016-02-21 12:01 - 2016-02-06 20:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2016-02-21 12:01 - 2016-02-06 20:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2016-02-21 12:01 - 2016-02-06 19:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2016-02-21 11:59 - 2016-01-08 04:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2016-02-21 11:57 - 2016-01-17 06:06 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2016-02-21 11:57 - 2016-01-17 05:54 - 01162240 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2016-02-21 11:57 - 2016-01-12 01:08 - 01362944 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2016-02-21 11:57 - 2016-01-12 01:08 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2016-02-21 11:57 - 2016-01-12 01:08 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2016-02-21 11:57 - 2016-01-12 01:08 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2016-02-21 11:57 - 2016-01-12 01:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2016-02-21 11:57 - 2016-01-07 06:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2016-02-21 11:57 - 2016-01-07 06:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll2016-02-21 11:57 - 2016-01-07 05:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2016-02-21 11:56 - 2016-01-12 06:05 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2016-02-21 11:56 - 2016-01-12 06:05 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2016-02-21 11:56 - 2016-01-12 06:05 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2016-02-21 11:56 - 2016-01-12 05:52 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2016-02-21 11:56 - 2016-01-12 05:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2016-02-21 11:56 - 2016-01-12 05:26 - 02610176 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2016-02-21 11:56 - 2016-01-12 05:24 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2016-02-21 11:56 - 2016-01-12 05:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2016-02-21 11:56 - 2016-01-12 05:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2016-02-21 11:56 - 2016-01-12 05:23 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2016-02-21 11:56 - 2016-01-12 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2016-02-21 11:56 - 2016-01-12 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2016-02-21 11:56 - 2016-01-12 05:14 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2016-02-21 11:56 - 2016-01-12 05:14 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2016-02-21 11:56 - 2016-01-12 05:14 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2016-02-21 11:56 - 2016-01-12 05:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2016-02-21 11:56 - 2015-12-21 05:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2016-02-21 11:56 - 2015-12-21 05:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll2016-02-21 11:56 - 2015-12-21 01:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll2016-02-21 11:56 - 2015-01-09 14:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll2016-02-21 11:56 - 2015-01-09 14:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll2016-02-21 11:56 - 2015-01-09 14:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll2016-02-21 11:56 - 2015-01-09 13:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll2016-02-19 13:23 - 2016-02-19 13:23 - 00000199 _____ C:\Users\Allan\Desktop\Counter-Strike Global Offensive.url2016-02-15 14:30 - 2016-02-15 14:30 - 00264204 _____ C:\Users\Allan\Desktop\Customer Service Representative - Role Profile.pdf2016-02-15 14:30 - 2016-02-15 14:30 - 00199159 _____ C:\Users\Allan\Desktop\Cook - Role Profile.pdf2016-02-15 11:47 - 2016-02-18 21:55 - 00000030 _____ C:\Users\Allan\Desktop\New Text Document.txt2016-02-14 16:27 - 2016-02-14 16:27 - 00003584 _____ C:\Users\Allan\Downloads\tickets2016-02-14.xls2016-02-11 23:14 - 2016-02-22 20:43 - 00000000 ____D C:\Users\Allan\AppData\Roaming\IDM2016-02-11 23:14 - 2016-02-11 23:14 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager2016-02-11 23:14 - 2016-02-11 23:14 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager2016-02-11 13:57 - 2016-02-11 13:59 - 00000000 ____D C:\onGamepc2016-02-11 13:57 - 2016-02-11 13:57 - 01941888 _____ C:\Users\Allan\Desktop\Ongame_StarterInstall.exe2016-02-11 13:57 - 2016-02-11 13:57 - 00065536 _____ C:\Windows\IFinst27.exe2016-02-11 13:57 - 2016-02-11 13:57 - 00001641 _____ C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Ongame.LNK2016-02-11 13:57 - 2016-02-11 13:57 - 00001617 _____ C:\Users\Allan\Desktop\Ongame.LNK2016-02-11 13:57 - 2016-02-11 13:57 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\onGamepc2016-02-11 09:53 - 2016-02-11 09:53 - 03870154 _____ C:\Users\Allan\Desktop\Artisan_2012_review-by-tubby.pdf2016-02-10 20:07 - 2016-02-10 20:07 - 00391309 _____ C:\Users\Allan\Desktop\AllanCV.pdf2016-02-09 12:59 - 2016-02-09 12:59 - 00000000 ____D C:\Users\Allan\AppData\Roaming\GameDog2016-02-09 12:43 - 2016-02-09 12:59 - 00000000 ____D C:\Users\Allan\AppData\Roaming\ChromaSync2016-02-09 12:43 - 2016-02-09 12:43 - 00000000 ____D C:\Users\Allan\AppData\Local\Downloaded Installations2016-02-09 12:43 - 2016-02-09 12:43 - 00000000 ____D C:\Program Files (x86)\Ultrabox Entertainment2016-02-09 11:59 - 2016-02-09 11:59 - 00000000 ____D C:\Program Files\Razer Chroma SDK2016-02-09 11:59 - 2016-02-09 11:59 - 00000000 ____D C:\Program Files (x86)\Razer Chroma SDK2016-02-08 20:29 - 2016-02-08 20:29 - 00002023 _____ C:\Windows\SysWOW64\CAM.lnk2016-02-08 20:21 - 2016-02-09 09:31 - 00003204 _____ C:\Windows\System32\Tasks\CAM2016-02-08 16:40 - 2016-02-08 16:40 - 00392993 _____ C:\Users\Allan\Desktop\Allan CV.pdf2016-02-05 16:17 - 2016-02-08 16:40 - 00000000 ____D C:\Users\Allan\Desktop\New folder2016-02-03 19:23 - 2016-02-03 19:23 - 00092672 _____ (Razer Inc.) C:\Windows\system32\RzChromaSDK64.dll2016-02-03 17:55 - 2016-02-03 17:55 - 00080384 _____ (Razer Inc.) C:\Windows\SysWOW64\RzChromaSDK.dll2016-02-03 17:55 - 2016-02-03 17:55 - 00035328 _____ (Razer Inc.) C:\Windows\SysWOW64\RzAPIChromaSDK.dll2016-02-02 15:49 - 2016-02-15 00:27 - 00096766 _____ C:\Users\Allan\Desktop\Cover letter.pdf2016-01-29 01:47 - 2016-01-28 20:20 - 00209056 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys2016-01-28 14:12 - 2016-01-28 14:12 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo2016-01-26 15:39 - 2016-01-26 15:39 - 00000000 ____D C:\Users\Public\Foxit Software2016-01-26 15:39 - 2016-01-26 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader2016-01-23 10:46 - 2016-01-23 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings2016-01-23 10:46 - 2016-01-23 10:46 - 00000000 ____D C:\Program Files (x86)\AMD2016-01-23 10:01 - 2016-01-23 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved2016-01-23 10:01 - 2016-01-23 10:01 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-02-22 20:43 - 2013-12-08 20:30 - 00000000 ____D C:\Users\Allan\AppData\Roaming\DMCache2016-02-22 20:24 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\tracing2016-02-22 20:10 - 2016-01-16 00:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2016-02-22 19:49 - 2014-01-31 01:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2016-02-22 17:10 - 2016-01-16 00:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2016-02-22 15:24 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache2016-02-22 13:20 - 2009-07-14 15:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-02-22 13:20 - 2009-07-14 15:45 - 00029200 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-02-22 13:18 - 2009-07-14 16:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI2016-02-22 13:18 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\inf2016-02-22 13:13 - 2015-08-22 21:06 - 00000000 ____D C:\Users\Allan\AppData\Roaming\ViberPC2016-02-22 13:12 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2016-02-21 18:47 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF2016-02-21 12:45 - 2014-05-21 12:24 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-02-21 12:40 - 2009-07-14 15:45 - 05182736 _____ C:\Windows\system32\FNTCACHE.DAT2016-02-21 12:39 - 2014-12-13 12:56 - 00000000 ____D C:\Windows\system32\appraiser2016-02-21 12:39 - 2014-05-06 16:41 - 00000000 ___SD C:\Windows\system32\CompatTel2016-02-21 12:39 - 2013-12-08 21:46 - 00000000 ____D C:\Windows\system32\MRT2016-02-21 12:39 - 2011-04-12 19:28 - 00000000 ____D C:\Program Files\Windows Journal2016-02-21 12:36 - 2014-09-22 18:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132016-02-21 12:36 - 2013-12-08 21:46 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2016-02-21 12:35 - 2009-07-14 13:34 - 00000513 _____ C:\Windows\win.ini2016-02-21 12:30 - 2013-12-09 16:32 - 00773912 _____ C:\Windows\SysWOW64\PerfStringBackup.INI2016-02-21 11:07 - 2014-02-16 14:53 - 00000000 ____D C:\Users\Allan\AppData\Local\CrashDumps2016-02-20 22:09 - 2009-07-14 16:08 - 00032584 _____ C:\Windows\Tasks\SCHEDLGU.TXT2016-02-20 11:13 - 2016-01-16 01:04 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2016-02-19 17:18 - 2014-06-05 22:02 - 00000000 ____D C:\Users\Allan\Downloads\Compressed2016-02-19 13:35 - 2015-05-27 14:44 - 00000000 ____D C:\Users\Allan\Documents\ViberDownloads2016-02-19 13:23 - 2013-12-26 00:36 - 00000000 ___RD C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2016-02-19 09:52 - 2013-12-14 19:47 - 00000000 ____D C:\Users\Allan\AppData\Roaming\SPlayer2016-02-19 09:52 - 2013-12-14 19:46 - 00000000 ____D C:\Program Files (x86)\SPlayer2016-02-18 22:45 - 2016-01-16 00:58 - 00000000 ____D C:\Users\Allan\AppData\Local\Deployment2016-02-18 22:42 - 2015-06-08 16:37 - 00000000 ____D C:\Program Files (x86)\RocketDock2016-02-18 22:11 - 2013-12-14 16:52 - 00000022 _____ C:\Windows\GPU-Z.INI2016-02-17 18:15 - 2015-11-27 14:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2016-02-13 13:53 - 2013-12-08 20:30 - 00000000 ____D C:\Users\Allan\Downloads\Video2016-02-12 08:57 - 2015-03-11 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager2016-02-10 17:49 - 2014-01-31 01:40 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2016-02-10 17:49 - 2014-01-31 01:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2016-02-10 17:49 - 2014-01-31 01:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2016-02-10 17:05 - 2016-01-16 00:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2016-02-10 17:05 - 2016-01-16 00:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2016-02-01 00:19 - 2014-06-28 02:23 - 00000000 ____D C:\Users\Allan\AppData\Local\ElevatedDiagnostics2016-01-28 19:26 - 2015-04-01 19:34 - 00000000 ____D C:\Program Files\CCleaner2016-01-27 10:49 - 2013-12-10 19:57 - 00000000 ____D C:\Users\Allan\AppData\Roaming\Foxit Software2016-01-26 20:26 - 2015-07-11 00:39 - 00000000 ___HD C:\$Windows.~BT2016-01-26 15:39 - 2015-08-17 20:48 - 00000073 _____ C:\Users\Public\Documents\pre_fileassoc.tmp2016-01-25 15:20 - 2014-09-14 15:30 - 00000000 ____D C:\AMD2016-01-23 10:46 - 2014-09-14 15:44 - 00000000 ____D C:\Program Files\AMD ==================== Files in the root of some directories ======= 2005-04-08 13:16 - 2013-12-14 11:17 - 0027745 ____H () C:\Users\Allan\AppData\Roaming\Allanlog.dat2014-02-05 17:03 - 2014-05-05 22:47 - 0045270 _____ () C:\Users\Allan\AppData\Roaming\room_v3.dat2014-02-11 15:13 - 2014-03-30 13:27 - 0034816 _____ () C:\Users\Allan\AppData\Roaming\RZR_0010375a485988bb99c73272acff.db2014-12-04 18:28 - 2014-12-04 18:28 - 0000044 _____ () C:\Users\Allan\AppData\Roaming\twow_sysprepdt.dat2013-12-10 22:45 - 2014-03-28 20:28 - 1065984 _____ () C:\Users\Allan\AppData\Local\file__0.localstorage2015-04-30 01:59 - 2015-12-08 19:45 - 0007592 _____ () C:\Users\Allan\AppData\Local\resmon.resmoncfg2013-12-08 21:20 - 2013-12-08 21:20 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2014-06-22 14:58 - 2014-08-25 17:45 - 0006927 _____ () C:\ProgramData\hpzinstall.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-18 15:19 ==================== End of FRST.txt ============================
  3. Hi, Attached are the required txt file. Just want to know whether i'm infected. Thank you for your time Addition.txt FRST.txt
  4. I've found this website (via bing). Followed both solutions, and now I can access Google again. http://www.gadgetsupersite.com/err_name_not_resolved/ Thank you for assisting me! Much appreciate
  5. So I just factory format my router. Problem still persists. I have a TPlink Archer D7 router
  6. Hi, Yes I have reset my router, multiple times indeed. Problem still persist. I don't know the cause and what to do
  7. Hi Malwarebytes team, As being said in the title, none of the device in our home can access Google.com (computers, ios phones/tablets, android phones) The internet works just fine. Other websites work just fine. Google.com is the only thing we cannot access to. I've tried DNS flush using cmd. Run a few malwarebytes scan but they all post clean results Please assist me with this problem. Thank you very much. Allan
  8. Hi Malwarebytes team, As being said in the title, none of the device in our home can access Google.com (computers, ios phones/tablets, android phones) The internet works just fine. Other websites work just fine. Google.com is the only thing we cannot access to. I've tried DNS flush using cmd. Run a few malwarebytes scan but they all post clean results Please assist me with this problem. Thank you very much. Allan
  9. I've done with the clean up procedure. and I think we can wrap it up here! Much appreciate for your effort and time!
  10. I ran a Malwarebyte full-scan, It came out all clean! I think we can clean up now since no more email from my ISP until now
  11. - Attachment is the produced log from Malwarebyte scan as required by procedure above. - However, a night before that, Malwarebyte actually found something else more suspected (I can't remember the name of the file, but it lies somewhere in C:\Window\Temp...) and I, without reported to you, had deleted it via Malwarebyte (sorry). - Still no email from my ISP though. MBAM-log-2013-11-30 (23-34-57).txt
  12. - I'd re-ran the scan, still no folder or log file showed up in my C drive. - It's been 3 days I haven't received any email from my ISP! Could this be good news for us all!?
  13. This helps! But I don't know why I don't have that folder in my C drive! Maybe I'll run the scan once more time then
  14. So I've completed the scan. Nothing much happened during the scan though. Booted back into window to find the log file. But then I can't find it with your directory link. Like there was no "Start > Computer > C:\Kaspersky Rescue Disck 10.0" in my C drive. Could it be somewhere else because right after the scan I saw it was actually saving something but didn't get to look at where it saved !?
  15. I've been busy and had no time for the previous procedure! Please don't close the thread as I'll proceed doing it asap. Thanx
  16. - So the thing is I tried to run the scan twice. But in both time, during the full-scan, my system just crashed and appear to be a blue screen (blue screen of death?). I did the exact as instruction above by the way. - Latest email from ISP [2013-11-19 09:58:20] [14.201.233.223] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-19 09:20:51] [14.201.233.223] Trojan: Sality - Source Port :: 11581/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus [2013-11-18 20:21:04] [14.201.233.223] Trojan: Sality - Source Port :: 25764/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus [2013-11-18 00:51:58] [14.201.239.89] Trojan: Zeus
  17. Here's the latest email from the ISP [2013-11-18 00:51:58] [14.201.239.89] Trojan: Zeus [2013-11-18 00:37:42] [14.201.239.89] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-18 00:27:37] [14.201.239.89] Trojan: Sality - Source Port :: 25541/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus [2013-11-16 00:18:04] [14.201.239.89] Trojan: Zeus
  18. The virus are still around. Here's part of the email I'd just received this morning: [2013-11-16 00:18:04] [14.201.239.89] Trojan: Zeus [2013-11-16 00:08:30] [14.201.239.89] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-16 00:01:54] [14.201.239.89] Trojan: Sality [2013-11-16 00:01:54] [14.201.239.89] Trojan: Sality - Source Port :: 11750/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus It looks different from any other previous.
  19. - Yup, that did solved the problem. Thanx for now. IE seem to have nothing wrong btw. - I'll tell you if I keep getting email from my ISP about the trojans.
  20. It's kind of solved the problem. What I've meant by "kind of" is: -when I open a new browser, it's actually "google.com.au" -however, when I open a new tab from that browser, it's still that "https://www.google.com.au/?gfe_rd=cr&ei=KsKGUs3PDOTC8gejsoHICQ" Latest email from my ISP: [2013-11-14 19:39:12] [14.201.233.226] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-14 15:38:28] [14.201.233.226] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-14 14:38:26] [14.201.233.226] Trojan: Zeus [2013-11-14 14:13:28] [14.201.233.226] Trojan: Sality
  21. - attachment is the zoek log - the Firefox issue still remain after I ran the zoek zoek-results.txt
  22. So I've just noticed something in my Mozilla Firefox browser. Whenever I open it or get a new tab, this page appear "https://www.google.com.au/?gfe_rd=ctrl&ei=l7mFUqrOOsHC8gel6oHYBA&gws_rd=cr" I'm just wondering is that normal or something wrong with it as shouldn't it just be "https://www.google.com.au"?
  23. - So I tried to run the esset online scan with the exact instruction above but it turned out being something like "You are trying to launch ESET Online Scanner in a different browser than Internet Explorer". I'd clear cache and cookies of the IE and tried again but still fail -Here's the latest email from ISP (received before the procedure in post #17) [2013-11-13 14:16:33] [14.201.233.226] Trojan: Zeus - sinkhole: 82.165.37.26:80 domain: appds8.www8binup.com [2013-11-13 13:28:49] [14.201.233.226] Trojan: Zeus [2013-11-13 10:16:34] [14.201.233.226] Trojan: Sality - Source Port :: 12250/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus [2013-11-12 18:04:31] [14.201.233.226] Trojan: Sality - Source Port :: 18486/tcp Destination Port :: 80/tcp Destination DNS :: akdari.com Varient :: Sality_Virus
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.