Jump to content

HELP! Loopback Proxy Malware


OMGHA
 Share

Recommended Posts

I have probably a Trojan or some sort on my laptop right now. It doesn't allow me to change the browser proxy settings, it's configured to loopback on 127.0.0.1:8080 and can only get rid of the configurations when I start a browser through administrative rights, but when I restart the computer of close the program it changes the configurations back to the same. When I visit Google, I noticed that the search page does not look the same. 

 

I have previously run many threat searches and removed a few things, but the issue is not resolved.

 

Here is my log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by OMGHA (administrator) on SHERRY-LAP on 06-01-2015 12:32:07
Running from C:\Users\OMGHA\Downloads\Programs
Loaded Profile: OMGHA (Available profiles: Sherry & OMGHA)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(InstallShield) C:\Program Files (x86)\avast! Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(resolution Reichert Network Solutions GmbH) C:\Program Files (x86)\Your Freedom\freedom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11831400 2011-04-22] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-02-18] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-02-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-18] (Lenovo(beijing) Limited)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [softEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-20] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-27] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-27] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-12-09] (AVAST Software)
HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [7063832 2014-11-22] (Piriform Ltd)
HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\Run: [iDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-21] (Tonec Inc.)
HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [410216 2014-11-03] (CyberGhost S.R.L.)
HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\Run: [Lantern] => [X]
HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\Run: [Viber] => C:\Users\OMGHA\AppData\Local\Viber\Viber.exe [936656 2014-10-20] ()
HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\RunOnce: [Adobe Speed Launcher] => 1420526160
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1992856194-2626363674-791745257-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [HKLM] => ProxyEnable is set.
ProxyEnable: [HKLM-x32] => ProxyEnable is set.
ProxyServer: [HKLM] => http=127.0.0.1:8001;https=127.0.0.1:8001
ProxyServer: [HKLM-x32] => http=127.0.0.1:8001;https=127.0.0.1:8001
ProxyEnable: [s-1-5-21-1992856194-2626363674-791745257-1004] => Internet Explorer proxy is enabled.
ProxyServer: [s-1-5-21-1992856194-2626363674-791745257-1004] => ftp=localhost:8080;gopher=localhost:8080;http=localhost:8080;https=localhost:8080;socks=localhost:1080
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1992856194-2626363674-791745257-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKU\S-1-5-21-1992856194-2626363674-791745257-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1992856194-2626363674-791745257-1004 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-1992856194-2626363674-791745257-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {22A6822D-F690-11D3-8B46-002078E01DE4} https://secure.freightliner.com/partspro/Setup/PartsPro_en-usv5_1_31.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{689530A0-DBE6-4303-83A1-7ED4630AECEC}: [NameServer] 8.8.4.4,8.8.8.8
Tcpip\..\Interfaces\{AC0DBB39-A12F-4619-9A82-1D5FC4818D9D}: [NameServer] 10.11.0.2 65.19.175.2
Tcpip\..\Interfaces\{B550D01C-ACEF-4B51-A6A7-5F5CE9528720}: [NameServer] 107.20.150.147,8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: Lantern Proxy Configurator - C:\Users\OMGHA\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\lantern@getlantern.org [2014-12-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-09]
FF HKU\S-1-5-21-1992856194-2626363674-791745257-1004\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\OMGHA\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\OMGHA\AppData\Roaming\IDM\idmmzcc5 [2014-12-21]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-10]
CHR Extension: (YouTube) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-11]
CHR Extension: (Adblock Plus) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-10]
CHR Extension: (Google Search) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-11]
CHR Extension: (Tampermonkey) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-12-21]
CHR Extension: (Avast Online Security) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-10]
CHR Extension: (Pin It Button) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-12-10]
CHR Extension: (IDM Integration Module) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-12-19]
CHR Extension: (FVD Downloader) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-12-24]
CHR Extension: (Google Wallet) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10]
CHR Extension: (Gmail) - C:\Users\OMGHA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-11]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-12-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-09-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 OliveService; C:\Program Files (x86)\Olive\Service\svc\oliveservice.exe [80896 2013-03-28] (Apache Software Foundation) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [4374072 2014-12-20] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 Updater.exe; C:\Program Files (x86)\avast! Updater\Updater.exe [35328 2014-11-14] (InstallShield) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-12] (Advanced Micro Devices)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-12-09] ()
S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [15160 2010-06-03] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0057.sys [28768 2014-12-20] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-12-20] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-10-16] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
U3 BcmSqlStartupSvc; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
U2 DriverService; No ImagePath
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 nvUpdatusService; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-06 09:58 - 2015-01-06 09:58 - 00000606 _____ () C:\windows\PFRO.log
2015-01-05 16:27 - 2015-01-05 16:28 - 00000000 ____D () C:\Users\OMGHA\Desktop\video
2015-01-05 15:16 - 2015-01-05 17:26 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\avidemux
2015-01-05 15:16 - 2015-01-05 15:16 - 00000907 _____ () C:\Users\Public\Desktop\Avidemux 2.6 - 64bits.lnk
2015-01-05 15:16 - 2015-01-05 15:16 - 00000000 ____D () C:\Program Files\Avidemux 2.6 - 64bits
2015-01-05 15:01 - 2015-01-05 15:08 - 245583695 _____ () C:\Users\OMGHA\Desktop\My Movie.mp4
2015-01-05 14:58 - 2015-01-05 15:01 - 00000000 ____D () C:\Users\OMGHA\Documents\Freemake
2015-01-05 14:58 - 2015-01-05 15:01 - 00000000 ____D () C:\ProgramData\Freemake
2015-01-05 14:58 - 2015-01-05 14:58 - 00001280 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2015-01-05 14:58 - 2015-01-05 14:58 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-05 14:58 - 2015-01-05 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-01-05 14:57 - 2015-01-05 14:58 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-01-04 17:05 - 2015-01-04 17:05 - 00006344 _____ () C:\Users\OMGHA\Documents\My Movie.wlmp
2015-01-04 10:32 - 2015-01-05 16:41 - 00000000 ____D () C:\Users\OMGHA\Desktop\Iraj phone
2015-01-04 07:25 - 2015-01-04 02:23 - 1010057169 ____N () C:\Users\OMGHA\Desktop\Film Kamel Farsh Ghermez _ فیلم کامل فرش قرمز  _ Red Carpet Full Iranian Movie __HD.mp4
2015-01-03 18:47 - 2015-01-03 22:46 - 00000000 ____D () C:\Users\OMGHA\Desktop\Toronto
2015-01-03 14:59 - 2015-01-03 14:59 - 00000000 ____D () C:\Noor
2015-01-03 14:58 - 2015-01-03 14:58 - 00001822 _____ () C:\Users\OMGHA\Desktop\The Shahnameh of Ferdowsi.lnk
2015-01-03 14:58 - 2015-01-03 14:58 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Noor
2015-01-03 14:47 - 2015-01-03 15:33 - 00002981 _____ () C:\windows\Er00275.INI
2015-01-03 14:47 - 2015-01-03 14:56 - 00000000 ____D () C:\Program Files (x86)\Noor
2015-01-03 14:47 - 2015-01-03 14:47 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Noor
2014-12-29 18:08 - 2014-12-29 18:08 - 00000000 ____D () C:\Users\OMGHA\Downloads\Foxcatcher (2014) 720p HDRip x264 AC3-CPG
2014-12-29 12:57 - 2015-01-06 09:58 - 00004110 _____ () C:\windows\setupact.log
2014-12-29 12:57 - 2014-12-29 12:57 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-12-29 12:57 - 2014-12-29 12:57 - 00000000 _____ () C:\windows\setuperr.log
2014-12-27 20:26 - 2014-12-27 20:26 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Apple Computer
2014-12-27 15:20 - 2015-01-06 10:06 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\ViberPC
2014-12-27 15:20 - 2014-12-27 15:20 - 00001066 _____ () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2014-12-27 15:20 - 2014-12-27 15:20 - 00001058 _____ () C:\Users\OMGHA\Desktop\Viber.lnk
2014-12-27 15:14 - 2015-01-06 10:06 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Viber
2014-12-27 13:39 - 2014-12-27 13:39 - 00278554 _____ () C:\Users\OMGHA\Documents\cc_20141227_133933.reg
2014-12-27 12:52 - 2014-12-27 12:52 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2014-12-27 12:49 - 2014-12-27 12:52 - 00000000 ____D () C:\Users\OMGHA\Downloads\EaseUS.Partition.Master.v10.2.Multilingual.Incl.Keygen-TSZ
2014-12-27 12:48 - 2014-12-27 12:48 - 00002022 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2014-12-27 12:48 - 2014-12-27 12:48 - 00001962 _____ () C:\Users\Public\Desktop\Avast Pro Antivirus.lnk
2014-12-27 12:46 - 2014-12-09 17:44 - 00334648 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-27 12:35 - 2014-12-27 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-27 12:09 - 2014-12-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-27 11:41 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\windows\SysWOW64\secman.dll
2014-12-27 11:20 - 2014-12-27 12:40 - 00000000 ____D () C:\Program Files\SAMSUNG
2014-12-26 07:37 - 2015-01-03 09:09 - 00000000 ____D () C:\Users\OMGHA\Desktop\Temp
2014-12-25 15:32 - 2014-12-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer
2014-12-25 15:32 - 2014-12-27 12:40 - 00000000 ____D () C:\Program Files (x86)\Fotosizer
2014-12-25 15:32 - 2014-12-25 15:32 - 00000979 _____ () C:\Users\Public\Desktop\Fotosizer.lnk
2014-12-25 15:04 - 2014-12-25 15:28 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\IrfanView
2014-12-25 14:52 - 2014-12-27 12:39 - 00000000 ____D () C:\Users\OMGHA\Documents\High Motion Software
2014-12-25 07:25 - 2014-12-25 08:27 - 882795069 _____ () C:\Users\OMGHA\Downloads\The.Interview.2014.HDRIP.x264-TOPKEK.mp4
2014-12-24 12:20 - 2014-12-24 12:20 - 00012001 _____ () C:\Users\OMGHA\Downloads\download.htm
2014-12-24 10:22 - 2014-12-27 12:41 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Your Freedom
2014-12-24 10:06 - 2014-12-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Freedom
2014-12-24 10:06 - 2014-12-27 12:40 - 00000000 ____D () C:\Program Files (x86)\Your Freedom
2014-12-24 08:22 - 2015-01-03 15:35 - 00000000 ____D () C:\Users\OMGHA\Downloads\Homeland.S04E11.HDTV.x264-KILLERS
2014-12-24 06:42 - 2014-12-27 16:34 - 00000000 ____D () C:\Users\OMGHA\.lantern
2014-12-24 06:42 - 2014-12-27 12:41 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\byteexec
2014-12-24 06:42 - 2014-12-27 12:40 - 00000000 ____D () C:\Users\OMGHA\.littleshoot
2014-12-24 06:42 - 2014-12-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lantern
2014-12-24 06:42 - 2014-12-27 12:39 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Mozilla
2014-12-24 06:41 - 2014-12-27 12:41 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Lantern
2014-12-23 06:32 - 2014-12-27 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-12-23 06:32 - 2014-12-27 12:40 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-12-23 06:32 - 2014-12-23 06:54 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\CyberGhost
2014-12-22 18:25 - 2015-01-06 12:32 - 00000000 ____D () C:\FRST
2014-12-22 18:15 - 2014-12-22 18:15 - 00033668 _____ () C:\ComboFix.txt
2014-12-22 17:57 - 2014-12-22 18:15 - 00000000 ____D () C:\Qoobox
2014-12-22 17:57 - 2011-06-26 10:15 - 00256000 _____ () C:\windows\PEV.exe
2014-12-22 17:57 - 2010-11-07 20:50 - 00208896 _____ () C:\windows\MBR.exe
2014-12-22 17:57 - 2009-04-20 08:26 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-12-22 17:57 - 2000-08-31 03:30 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-12-22 17:57 - 2000-08-31 03:30 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-12-22 17:57 - 2000-08-31 03:30 - 00098816 _____ () C:\windows\sed.exe
2014-12-22 17:57 - 2000-08-31 03:30 - 00080412 _____ () C:\windows\grep.exe
2014-12-22 17:57 - 2000-08-31 03:30 - 00068096 _____ () C:\windows\zip.exe
2014-12-22 17:56 - 2014-12-22 18:13 - 00000000 ____D () C:\windows\erdnt
2014-12-22 14:33 - 2014-12-22 14:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-22 12:07 - 2014-12-22 12:07 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\FastStone
2014-12-21 15:47 - 2014-12-21 15:47 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\FastStone
2014-12-21 15:44 - 2014-12-21 15:46 - 00001077 _____ () C:\Users\Public\Desktop\FastStone Photo Resizer.lnk
2014-12-21 15:44 - 2014-12-21 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Photo Resizer
2014-12-21 15:44 - 2014-12-21 15:44 - 00000000 ____D () C:\Program Files (x86)\FastStone Photo Resizer
2014-12-21 14:08 - 2014-12-21 14:08 - 00001801 _____ () C:\Users\OMGHA\Desktop\Anti-Filter - Shortcut.lnk
2014-12-21 10:43 - 2014-12-21 10:43 - 00003170 _____ () C:\windows\System32\Tasks\{3D5E9428-B464-428C-8F91-4C66CB6CA0DF}
2014-12-21 10:19 - 2014-12-21 10:19 - 00235302 _____ () C:\Users\OMGHA\AppData\Local\census.cache
2014-12-21 10:19 - 2014-12-21 10:19 - 00195823 _____ () C:\Users\OMGHA\AppData\Local\ars.cache
2014-12-21 10:16 - 2014-12-21 10:16 - 00000010 _____ () C:\Users\OMGHA\AppData\Local\sponge.last.runtime.cache
2014-12-21 09:35 - 2013-09-28 06:26 - 00285208 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-12-21 09:33 - 2014-12-21 09:33 - 00000036 _____ () C:\Users\OMGHA\AppData\Local\housecall.guid.cache
2014-12-21 08:40 - 2014-12-27 13:37 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-21 08:40 - 2014-12-21 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-12-21 08:40 - 2014-12-21 08:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-12-21 06:07 - 2014-12-21 12:08 - 00000969 _____ () C:\Users\OMGHA\Desktop\Internet Download Manager.lnk
2014-12-21 06:07 - 2014-12-21 06:07 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-12-21 06:07 - 2014-12-21 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-12-21 05:57 - 2014-12-21 05:58 - 00000000 ____D () C:\Users\OMGHA\Downloads\Internet Download Manager IDM 6.21 Build 17 Final Incl. Crack [ATOM]
2014-12-20 21:29 - 2014-12-20 21:29 - 00000000 ____D () C:\Program Files (x86)\Olive
2014-12-20 20:55 - 2014-12-20 20:55 - 00028768 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\windows\system32\Drivers\Neo_0057.sys
2014-12-20 20:12 - 2014-12-20 20:12 - 00001939 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2014-12-20 20:12 - 2014-12-20 20:12 - 00001933 _____ () C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2014-12-20 20:12 - 2014-12-20 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2014-12-20 18:11 - 2014-11-27 05:13 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-20 18:11 - 2014-11-27 04:40 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-20 18:11 - 2014-11-22 06:43 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-20 18:11 - 2014-11-22 06:36 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-20 18:11 - 2014-11-22 06:36 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-20 18:11 - 2014-11-22 06:20 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-20 18:11 - 2014-11-22 06:20 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-20 18:11 - 2014-11-22 06:19 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-20 18:11 - 2014-11-22 06:19 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-20 18:11 - 2014-11-22 06:18 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-20 18:11 - 2014-11-22 06:11 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-20 18:11 - 2014-11-22 06:10 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-20 18:11 - 2014-11-22 06:07 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-20 18:11 - 2014-11-22 06:05 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-20 18:11 - 2014-11-22 06:04 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-20 18:11 - 2014-11-22 05:56 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-20 18:11 - 2014-11-22 05:52 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-20 18:11 - 2014-11-22 05:52 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-20 18:11 - 2014-11-22 05:50 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-20 18:11 - 2014-11-22 05:44 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-20 18:11 - 2014-11-22 05:39 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-20 18:11 - 2014-11-22 05:38 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-20 18:11 - 2014-11-22 05:37 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-20 18:11 - 2014-11-22 05:37 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-20 18:11 - 2014-11-22 05:36 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-20 18:11 - 2014-11-22 05:35 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-20 18:11 - 2014-11-22 05:35 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-20 18:11 - 2014-11-22 05:31 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-20 18:11 - 2014-11-22 05:29 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-20 18:11 - 2014-11-22 05:28 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-20 18:11 - 2014-11-22 05:26 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-20 18:11 - 2014-11-22 05:24 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-20 18:11 - 2014-11-22 05:19 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-20 18:11 - 2014-11-22 05:19 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-20 18:11 - 2014-11-22 05:17 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-20 18:11 - 2014-11-22 05:16 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-20 18:11 - 2014-11-22 05:15 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-20 18:11 - 2014-11-22 05:13 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-20 18:11 - 2014-11-22 05:10 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-20 18:11 - 2014-11-22 05:06 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-20 18:11 - 2014-11-22 05:05 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-20 18:11 - 2014-11-22 05:03 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-20 18:11 - 2014-11-22 04:59 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-20 18:11 - 2014-11-22 04:58 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-20 18:11 - 2014-11-22 04:53 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-20 18:11 - 2014-11-22 04:52 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-20 18:11 - 2014-11-22 04:51 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-20 18:11 - 2014-11-22 04:45 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-20 18:11 - 2014-11-22 04:43 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-20 18:11 - 2014-11-22 04:33 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-20 18:11 - 2014-11-22 04:30 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-20 18:11 - 2014-11-22 04:26 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-20 18:11 - 2014-11-22 04:24 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-19 22:50 - 2015-01-04 20:09 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\HandBrake
2014-12-19 21:05 - 2014-12-24 06:45 - 00000511 _____ () C:\Users\OMGHA\Downloads\Backup-codes-ogharipour.txt
2014-12-19 19:39 - 2014-12-04 06:20 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-19 19:39 - 2014-12-04 06:20 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-19 19:39 - 2014-12-04 06:20 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-19 19:39 - 2014-12-04 06:14 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-19 19:39 - 2014-12-02 02:58 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-19 19:38 - 2014-12-04 06:20 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-19 19:38 - 2014-12-04 06:20 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-19 19:38 - 2014-12-04 06:20 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-19 19:20 - 2014-12-20 20:51 - 00000600 _____ () C:\Users\OMGHA\AppData\Local\PUTTY.RND
2014-12-19 18:31 - 2014-11-11 06:39 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-19 18:31 - 2014-11-11 06:14 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-19 18:31 - 2014-11-11 05:16 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-19 18:26 - 2014-10-30 05:33 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-19 18:26 - 2014-10-30 05:15 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-19 18:26 - 2014-10-03 05:42 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-19 18:26 - 2014-10-03 05:42 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-19 18:26 - 2014-10-03 05:42 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-19 18:26 - 2014-10-03 05:41 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-19 18:26 - 2014-10-03 05:15 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-19 18:26 - 2014-10-03 05:15 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-19 18:26 - 2014-10-03 05:15 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-19 18:26 - 2014-10-03 05:14 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-19 18:20 - 2014-11-08 06:46 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-19 18:20 - 2014-11-08 06:15 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-19 13:19 - 2014-12-19 14:34 - 00000000 ____D () C:\Users\OMGHA\Documents\Adobe
2014-12-19 11:35 - 2014-10-18 05:35 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-19 11:35 - 2014-10-18 05:03 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-18 17:22 - 2014-12-13 08:39 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 17:22 - 2014-12-13 07:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-18 09:57 - 2014-12-18 09:57 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-18 09:14 - 2014-12-18 09:14 - 00000000 ____D () C:\Users\OMGHA\Documents\SelfMV
2014-12-18 07:37 - 2014-12-27 11:58 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Samsung
2014-12-18 07:37 - 2014-12-18 09:43 - 00000000 ____D () C:\Users\OMGHA\Documents\samsung
2014-12-18 07:37 - 2014-12-18 07:37 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-12-18 07:30 - 2014-12-27 12:37 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-18 07:30 - 2014-12-18 09:41 - 00000000 ____D () C:\ProgramData\Samsung
2014-12-18 07:10 - 2014-12-19 10:14 - 00000000 ____D () C:\Users\OMGHA\.android
2014-12-18 07:09 - 2014-12-18 07:09 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Kingosoft
2014-12-17 22:41 - 2014-12-17 22:41 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\CompleteFCE
2014-12-16 16:11 - 2014-11-29 04:07 - 00180648 _____ (Tonec Inc.) C:\windows\system32\Drivers\idmwfp.sys
2014-12-11 23:21 - 2014-12-19 10:16 - 00000000 ____D () C:\EEK
2014-12-11 22:17 - 2014-12-19 10:14 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Apps\2.0
2014-12-11 22:17 - 2014-12-11 22:17 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Deployment
2014-12-11 22:13 - 2014-12-11 22:13 - 01123665 _____ () C:\Users\OMGHA\Documents\bookmarks_12_11_14.html
2014-12-11 21:33 - 2014-12-21 09:33 - 00000000 ____D () C:\Users\OMGHA\Desktop\Malware Detection Software
2014-12-11 20:53 - 2014-12-11 21:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 __SHD () C:\Users\OMGHA\AppData\Local\EmieUserList
2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 __SHD () C:\Users\OMGHA\AppData\Local\EmieSiteList
2014-12-11 09:33 - 2014-12-11 09:33 - 00000000 __SHD () C:\Users\OMGHA\AppData\Local\EmieBrowserModeList
2014-12-11 07:34 - 2014-12-20 11:50 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-11 06:26 - 2014-12-11 06:26 - 00000000 ____D () C:\ProgramData\ATI
2014-12-11 06:23 - 2014-12-11 06:23 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\library_dir
2014-12-11 06:22 - 2014-12-19 10:14 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Raptr
2014-12-11 05:52 - 2014-12-11 05:52 - 00001145 _____ () C:\Users\Sherry\Desktop\Music.lnk
2014-12-11 05:51 - 2014-12-11 05:51 - 00001214 _____ () C:\Users\Sherry\Desktop\Movies.lnk
2014-12-10 18:26 - 2014-12-19 13:19 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Adobe
2014-12-10 18:23 - 2014-12-19 10:17 - 00000000 ____D () C:\Users\OMGHA\.ebookreader
2014-12-10 17:20 - 2014-12-19 10:17 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Winamp
2014-12-10 15:34 - 2014-11-22 06:04 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 15:34 - 2014-10-03 05:42 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 15:34 - 2014-10-03 05:15 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 09:19 - 2014-12-10 09:19 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Macromedia
2014-12-10 09:14 - 2014-12-10 09:15 - 00000000 ____D () C:\Users\OMGHA\.rssowl2
2014-12-10 09:13 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSSOwl
2014-12-10 09:13 - 2014-12-10 09:15 - 00000000 ____D () C:\Program Files (x86)\RSSOwl
2014-12-10 09:13 - 2014-12-10 09:13 - 00001809 _____ () C:\Users\OMGHA\Desktop\RSSOwl.lnk
2014-12-10 09:13 - 2014-12-10 09:13 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RSSOwl
2014-12-10 08:37 - 2014-12-10 08:37 - 00001989 _____ () C:\Users\OMGHA\Desktop\Movies.lnk
2014-12-10 08:36 - 2014-12-10 08:37 - 00001860 _____ () C:\Users\OMGHA\Desktop\Music.lnk
2014-12-10 08:29 - 2014-12-11 04:46 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Mp3tag
2014-12-10 08:24 - 2014-12-10 08:24 - 00001749 _____ () C:\Users\OMGHA\Desktop\uTorrent.lnk
2014-12-10 08:22 - 2014-12-10 08:22 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\uTorrent
2014-12-10 07:56 - 2014-12-10 17:45 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Skype
2014-12-10 07:56 - 2014-12-10 07:56 - 00002097 _____ () C:\Users\OMGHA\Desktop\Skype.lnk
2014-12-10 07:56 - 2014-12-10 07:56 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Skype
2014-12-10 07:49 - 2014-12-10 07:49 - 00000693 _____ () C:\Users\OMGHA\Desktop\Spelunky.lnk
2014-12-10 07:45 - 2014-12-10 07:45 - 00001533 _____ () C:\Users\OMGHA\Desktop\Bastion.lnk
2014-12-10 07:44 - 2014-12-10 07:44 - 00001350 _____ () C:\Users\OMGHA\Desktop\Mp3tag.lnk
2014-12-10 07:43 - 2014-12-10 07:43 - 00001632 _____ () C:\Users\OMGHA\Desktop\CompleteFCE.lnk
2014-12-10 07:42 - 2014-12-10 07:42 - 00002101 _____ () C:\Users\OMGHA\Desktop\Counter-Strike_Global_Offensive.lnk
2014-12-10 07:01 - 2014-12-10 07:01 - 00002145 _____ () C:\Users\OMGHA\Desktop\Fifa14.lnk
2014-12-10 06:59 - 2015-01-06 12:30 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\DMCache
2014-12-10 06:59 - 2015-01-05 15:45 - 00000000 ____D () C:\Users\OMGHA\Downloads\Compressed
2014-12-10 06:59 - 2014-12-27 15:14 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\IDM
2014-12-10 06:59 - 2014-12-24 12:35 - 00000000 ____D () C:\Users\OMGHA\Downloads\Video
2014-12-10 06:57 - 2014-12-10 06:57 - 00000000 ____D () C:\Users\OMGHA\Downloads\Games
2014-12-10 06:55 - 2015-01-05 16:29 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\vlc
2014-12-10 06:26 - 2014-12-10 06:26 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\AVAST Software
2014-12-10 05:12 - 2014-12-10 05:45 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Mp3tag
2014-12-10 05:09 - 2014-12-10 05:09 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-12-09 21:22 - 2014-12-19 10:17 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\vlc
2014-12-09 21:11 - 2014-12-09 21:21 - 00000000 ____D () C:\Users\Sherry\Documents\FIFA 14
2014-12-09 21:11 - 2014-12-09 21:11 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-09 21:10 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-09 21:10 - 2014-12-09 21:10 - 00000000 ____D () C:\ProgramData\Origin
2014-12-09 18:37 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoVPN
2014-12-09 18:37 - 2014-12-09 19:53 - 00000000 ____D () C:\Program Files (x86)\GoVPN
2014-12-09 18:07 - 2014-12-09 18:10 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-12-09 17:49 - 2014-12-09 17:49 - 01180529 _____ () C:\windows\unins000.exe
2014-12-09 17:49 - 2014-12-09 17:49 - 00001239 _____ () C:\windows\unins000.dat
2014-12-09 17:45 - 2015-01-06 09:23 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-12-09 17:45 - 2014-12-09 17:45 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\AVAST Software
2014-12-09 17:44 - 2014-12-09 17:45 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-09 17:44 - 2014-12-09 17:45 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-12-09 17:44 - 2014-12-09 17:45 - 00085328 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-12-09 17:44 - 2014-12-09 17:44 - 01039096 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.1418134505684
2014-12-09 17:44 - 2014-12-09 17:44 - 00423240 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys.1418134505684
2014-12-09 17:44 - 2014-12-09 17:44 - 00208416 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-09 17:44 - 2014-12-09 17:44 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-09 17:44 - 2014-12-09 17:44 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-09 17:44 - 2014-12-09 17:44 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-09 17:44 - 2014-12-09 17:44 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-09 17:44 - 2014-12-09 17:44 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-09 17:44 - 2014-12-09 17:43 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-12-09 17:43 - 2014-12-09 17:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-09 17:42 - 2014-12-09 17:42 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-09 17:41 - 2015-01-06 12:00 - 00000488 _____ () C:\windows\Tasks\avast! Updater.job
2014-12-09 17:41 - 2014-12-09 17:41 - 00003232 _____ () C:\windows\System32\Tasks\avast! Updater
2014-12-09 17:41 - 2014-12-09 17:41 - 00000000 ____D () C:\Program Files (x86)\avast! Updater
2014-12-09 17:36 - 2014-12-19 13:15 - 00002784 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-12-09 17:17 - 2014-12-09 17:17 - 00000420 _____ () C:\Users\Sherry\Documents\cc_20141209_084711.reg
2014-12-09 17:15 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-09 17:15 - 2014-12-09 17:15 - 00000000 ____D () C:\Program Files (x86)\CCleaner
2014-12-09 11:56 - 2014-12-09 11:56 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-12-09 11:56 - 2014-12-09 11:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-09 11:50 - 2014-12-09 11:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 06:02 - 2014-12-09 06:02 - 00002021 _____ () C:\Users\OMGHA\Desktop\Sherlock.lnk
2014-12-09 06:02 - 2014-12-09 06:02 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\WinRAR
2014-12-09 05:59 - 2014-12-29 12:57 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Apple Computer
2014-12-09 05:59 - 2014-12-09 05:59 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\ATI
2014-12-09 05:59 - 2014-12-09 05:59 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\ATI
2014-12-09 05:59 - 2014-12-09 05:59 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\AMD
2014-12-09 05:58 - 2015-01-03 14:59 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\VirtualStore
2014-12-09 05:58 - 2014-12-27 12:42 - 00000000 ____D () C:\Users\OMGHA
2014-12-09 05:58 - 2014-12-27 12:41 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-09 05:58 - 2014-12-19 18:58 - 00000000 ____D () C:\Users\OMGHA\AppData\Roaming\Adobe
2014-12-09 05:58 - 2014-12-19 10:09 - 00000000 ____D () C:\Users\OMGHA\AppData\Local\Google
2014-12-09 05:58 - 2014-12-09 17:10 - 00112072 _____ () C:\Users\OMGHA\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 05:58 - 2014-12-09 05:58 - 00001413 _____ () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-09 05:58 - 2014-12-09 05:58 - 00000020 ___SH () C:\Users\OMGHA\ntuser.ini
2014-12-09 05:58 - 2014-09-15 19:55 - 00002060 _____ () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-12-09 05:58 - 2009-07-14 08:24 - 00000000 ___RD () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-09 05:58 - 2009-07-14 08:19 - 00000000 ___RD () C:\Users\OMGHA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-09 04:49 - 2009-09-05 02:14 - 00515416 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_5.dll
2014-12-09 04:49 - 2009-09-05 02:14 - 00069464 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_3.dll
2014-12-09 04:49 - 2009-09-05 01:59 - 00523088 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_42.dll
2014-12-09 04:49 - 2009-09-05 01:59 - 00453456 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_42.dll
2014-12-09 04:49 - 2008-10-15 14:52 - 05631312 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll
2014-12-09 04:49 - 2008-10-15 14:52 - 04379984 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_40.dll
2014-12-09 04:49 - 2008-10-15 14:52 - 02605920 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll
2014-12-09 04:49 - 2008-10-15 14:52 - 02036576 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_40.dll
2014-12-09 04:49 - 2008-10-15 14:52 - 00519000 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_40.dll
2014-12-09 04:49 - 2008-10-15 14:52 - 00452440 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_40.dll
2014-12-09 04:48 - 2006-11-29 21:36 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll
2014-12-09 04:48 - 2006-11-29 21:36 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll
2014-12-09 04:45 - 2014-12-09 04:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strogino CS Portal
2014-12-09 04:30 - 2014-12-09 04:30 - 00000000 ____D () C:\Program Files\Strogino CS Portal
2014-12-09 04:14 - 2014-12-09 04:14 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bastion
2014-12-09 04:14 - 2014-12-09 04:14 - 00000000 ____D () C:\Program Files (x86)\Bastion
2014-12-09 04:12 - 2014-12-09 04:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2014-12-09 04:04 - 2014-12-09 04:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games
2014-12-09 04:03 - 2014-12-09 04:03 - 00000000 ____D () C:\Program Files (x86)\WB Games
2014-12-09 03:45 - 2014-12-09 03:45 - 00000000 ____D () C:\Users\Sherry\Documents\My Games
2014-12-09 03:44 - 2014-12-19 10:17 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-09 03:44 - 2014-12-09 03:44 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Steam
2014-12-09 03:43 - 2014-12-19 10:06 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-09 03:43 - 2014-12-09 03:43 - 00061880 _____ () C:\windows\SysWOW64\CCCInstall_201412081913051244.log
2014-12-09 03:42 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-09 03:41 - 2014-12-19 10:06 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-12-09 03:31 - 2014-12-20 21:28 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-09 03:30 - 2014-12-11 06:01 - 00000772 _____ () C:\SetupCD.txt
2014-12-09 03:29 - 2014-12-11 06:00 - 00000000 ____D () C:\AMD
2014-12-09 03:26 - 2010-06-02 13:25 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll
2014-12-09 03:26 - 2010-06-02 13:25 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2014-12-09 03:26 - 2010-05-26 20:11 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2014-12-09 03:26 - 2010-05-26 20:11 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll
2014-12-09 03:26 - 2010-02-04 18:31 - 00530776 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll
2014-12-09 03:26 - 2010-02-04 18:31 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll
2014-12-09 03:26 - 2010-02-04 18:31 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_6.dll
2014-12-09 03:26 - 2010-02-04 18:31 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll
2014-12-09 03:26 - 2010-02-04 18:31 - 00078680 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll
2014-12-09 03:26 - 2010-02-04 18:31 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll
2014-12-09 03:26 - 2010-02-04 18:31 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2014-12-09 03:26 - 2010-02-04 18:31 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2014-12-09 03:26 - 2009-09-05 02:14 - 00517960 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_5.dll
2014-12-09 03:26 - 2009-09-05 02:14 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_5.dll
2014-12-09 03:26 - 2009-09-05 02:14 - 00176968 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll
2014-12-09 03:26 - 2009-09-05 02:14 - 00073544 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_3.dll
2014-12-09 03:26 - 2009-09-05 01:59 - 05554512 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll
2014-12-09 03:26 - 2009-09-05 01:59 - 05501792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_42.dll
2014-12-09 03:26 - 2009-09-05 01:59 - 02582888 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll
2014-12-09 03:26 - 2009-09-05 01:59 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
2014-12-09 03:26 - 2009-09-05 01:59 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2014-12-09 03:26 - 2009-09-05 01:59 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2014-12-09 03:26 - 2009-09-05 01:59 - 00285024 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll
2014-12-09 03:26 - 2009-09-05 01:59 - 00235344 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_42.dll
2014-12-09 03:26 - 2009-03-16 22:48 - 00521560 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll
2014-12-09 03:26 - 2009-03-16 22:48 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll
2014-12-09 03:26 - 2009-03-16 22:48 - 00235352 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_4.dll
2014-12-09 03:26 - 2009-03-16 22:48 - 00174936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll
2014-12-09 03:26 - 2009-03-16 22:48 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll
2014-12-09 03:26 - 2009-03-16 22:48 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_6.dll
2014-12-09 03:26 - 2009-03-09 23:57 - 05425496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_41.dll
2014-12-09 03:26 - 2009-03-09 23:57 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll
2014-12-09 03:26 - 2009-03-09 23:57 - 02430312 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_41.dll
2014-12-09 03:26 - 2009-03-09 23:57 - 00520544 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_41.dll
2014-12-09 03:26 - 2008-10-27 18:34 - 00518480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll
2014-12-09 03:26 - 2008-10-27 18:34 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll
2014-12-09 03:26 - 2008-10-27 18:34 - 00074576 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll
2014-12-09 03:26 - 2008-10-27 18:34 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll
2014-12-09 03:25 - 2008-10-27 18:34 - 00235856 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_3.dll
2014-12-09 03:25 - 2008-10-27 18:34 - 00175440 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll
2014-12-09 03:25 - 2008-10-27 18:34 - 00025936 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll
2014-12-09 03:25 - 2008-10-27 18:34 - 00023376 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_5.dll
2014-12-09 03:25 - 2008-07-31 19:11 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_2.dll
2014-12-09 03:25 - 2008-07-31 19:11 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll
2014-12-09 03:25 - 2008-07-31 19:11 - 00072200 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll
2014-12-09 03:25 - 2008-07-31 19:11 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2014-12-09 03:25 - 2008-07-31 19:10 - 00513544 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll
2014-12-09 03:25 - 2008-07-31 19:10 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2014-12-09 03:25 - 2008-07-10 19:31 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2014-12-09 03:25 - 2008-07-10 19:30 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2014-12-09 03:25 - 2008-07-10 19:30 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2014-12-09 03:25 - 2008-07-10 19:30 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2014-12-09 03:25 - 2008-07-10 19:30 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2014-12-09 03:25 - 2008-07-10 19:30 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2014-12-09 03:25 - 2008-05-30 22:49 - 00511496 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll
2014-12-09 03:25 - 2008-05-30 22:49 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll
2014-12-09 03:25 - 2008-05-30 22:48 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_1.dll
2014-12-09 03:25 - 2008-05-30 22:48 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll
2014-12-09 03:25 - 2008-05-30 22:47 - 00068104 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll
2014-12-09 03:25 - 2008-05-30 22:47 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll
2014-12-09 03:25 - 2008-05-30 22:47 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_4.dll
2014-12-09 03:25 - 2008-05-30 22:46 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll
2014-12-09 03:25 - 2008-05-30 22:41 - 04991496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll
2014-12-09 03:25 - 2008-05-30 22:41 - 03850760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_38.dll
2014-12-09 03:25 - 2008-05-30 22:41 - 01941528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll
2014-12-09 03:25 - 2008-05-30 22:41 - 01491992 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_38.dll
2014-12-09 03:25 - 2008-05-30 22:41 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll
2014-12-09 03:25 - 2008-05-30 22:41 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_38.dll
2014-12-09 03:25 - 2008-03-06 00:34 - 00489480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll
2014-12-09 03:25 - 2008-03-06 00:33 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll
2014-12-09 03:25 - 2008-03-06 00:33 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_0.dll
2014-12-09 03:25 - 2008-03-06 00:33 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll
2014-12-09 03:25 - 2008-03-06 00:30 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll
2014-12-09 03:25 - 2008-03-06 00:30 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_3.dll
2014-12-09 03:25 - 2008-03-06 00:26 - 04910088 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll
2014-12-09 03:25 - 2008-03-06 00:26 - 03786760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_37.dll
2014-12-09 03:25 - 2008-03-06 00:26 - 01860120 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll
2014-12-09 03:25 - 2008-03-06 00:26 - 01420824 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_37.dll
2014-12-09 03:25 - 2008-02-06 07:37 - 00529424 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll
2014-12-09 03:25 - 2008-02-06 07:37 - 00462864 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_37.dll
2014-12-09 03:25 - 2007-10-22 12:10 - 00411656 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_10.dll
2014-12-09 03:25 - 2007-10-22 12:09 - 00267272 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_10.dll
2014-12-09 03:25 - 2007-10-22 12:07 - 00021000 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_2.dll
2014-12-09 03:25 - 2007-10-22 12:07 - 00017928 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_2.dll
2014-12-09 03:25 - 2007-10-12 23:44 - 05081608 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_36.dll
2014-12-09 03:25 - 2007-10-12 23:44 - 03734536 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_36.dll
2014-12-09 03:25 - 2007-10-12 23:44 - 02006552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_36.dll
2014-12-09 03:25 - 2007-10-12 23:44 - 01374232 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_36.dll
2014-12-09 03:25 - 2007-10-02 18:26 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_36.dll
2014-12-09 03:25 - 2007-10-02 18:26 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_36.dll
2014-12-09 03:25 - 2007-07-20 09:27 - 00411496 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_9.dll
2014-12-09 03:25 - 2007-07-20 09:27 - 00267112 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_9.dll
2014-12-09 03:25 - 2007-07-20 02:44 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll
2014-12-09 03:25 - 2007-07-20 02:44 - 01985904 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_35.dll
2014-12-09 03:25 - 2007-07-20 02:44 - 01358192 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_35.dll
2014-12-09 03:25 - 2007-07-20 02:44 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_35.dll
2014-12-09 03:25 - 2007-07-20 02:44 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_35.dll
2014-12-09 03:25 - 2007-06-21 05:19 - 00409960 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_8.dll
2014-12-09 03:25 - 2007-06-21 05:16 - 00266088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_8.dll
2014-12-09 03:25 - 2007-05-17 01:15 - 04496232 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_34.dll
2014-12-09 03:25 - 2007-05-17 01:15 - 03497832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_34.dll
2014-12-09 03:25 - 2007-05-17 01:15 - 01401200 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_34.dll
2014-12-09 03:25 - 2007-05-17 01:15 - 01124720 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_34.dll
2014-12-09 03:25 - 2007-05-17 01:15 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_34.dll
2014-12-09 03:25 - 2007-05-17 01:15 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_34.dll
2014-12-09 03:25 - 2007-04-05 03:25 - 00403304 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_7.dll
2014-12-09 03:25 - 2007-04-05 03:25 - 00261480 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_7.dll
2014-12-09 03:25 - 2007-03-16 01:27 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_33.dll
2014-12-09 03:25 - 2007-03-16 01:27 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_33.dll
2014-12-09 03:25 - 2007-03-13 01:12 - 04494184 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_33.dll
2014-12-09 03:25 - 2007-03-13 01:12 - 03495784 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_33.dll
2014-12-09 03:25 - 2007-03-13 01:12 - 01400176 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_33.dll
2014-12-09 03:25 - 2007-03-13 01:12 - 01123696 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_33.dll
2014-12-09 03:25 - 2007-03-05 21:12 - 00017688 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_1.dll
2014-12-09 03:25 - 2007-03-05 21:12 - 00015128 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_1.dll
2014-12-09 03:25 - 2007-01-24 23:57 - 00393576 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_6.dll
2014-12-09 03:25 - 2007-01-24 23:57 - 00255848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_6.dll
2014-12-09 03:25 - 2006-12-08 20:32 - 00251672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_5.dll
2014-12-09 03:25 - 2006-12-08 20:30 - 00390424 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_5.dll
2014-12-09 03:25 - 2006-11-29 21:36 - 00469264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10.dll
2014-12-09 03:25 - 2006-11-29 21:36 - 00440080 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10.dll
2014-12-09 03:25 - 2006-09-29 00:35 - 03977496 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll
2014-12-09 03:25 - 2006-09-29 00:35 - 02414360 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_31.dll
2014-12-09 03:25 - 2006-09-29 00:35 - 00237848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_4.dll
2014-12-09 03:25 - 2006-09-29 00:34 - 00364824 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_4.dll
2014-12-09 03:25 - 2006-07-28 18:01 - 00083736 _____ (Microsoft Corporation) C:\windows\system32\xinput1_2.dll
2014-12-09 03:25 - 2006-07-28 18:00 - 00363288 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_3.dll
2014-12-09 03:25 - 2006-07-28 18:00 - 00236824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_3.dll
2014-12-09 03:25 - 2006-07-28 18:00 - 00062744 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_2.dll
2014-12-09 03:25 - 2006-05-31 15:54 - 00230168 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_2.dll
2014-12-09 03:25 - 2006-05-31 15:52 - 00354072 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_2.dll
2014-12-09 03:25 - 2006-03-31 21:11 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll
2014-12-09 03:25 - 2006-03-31 21:10 - 02388176 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_30.dll
2014-12-09 03:25 - 2006-03-31 21:10 - 00352464 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_1.dll
2014-12-09 03:25 - 2006-03-31 21:09 - 00229584 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_1.dll
2014-12-09 03:25 - 2006-03-31 21:09 - 00083664 _____ (Microsoft Corporation) C:\windows\system32\xinput1_1.dll
2014-12-09 03:25 - 2006-03-31 21:09 - 00062672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_1.dll
2014-12-09 03:25 - 2006-02-03 17:13 - 03830992 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_29.dll
2014-12-09 03:25 - 2006-02-03 17:13 - 02332368 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_29.dll
2014-12-09 03:25 - 2006-02-03 17:12 - 00355536 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_0.dll
2014-12-09 03:25 - 2006-02-03 17:12 - 00230096 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_0.dll
2014-12-09 03:25 - 2006-02-03 17:11 - 00016592 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_0.dll
2014-12-09 03:25 - 2006-02-03 17:11 - 00014032 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_0.dll
2014-12-09 03:25 - 2005-12-06 02:39 - 03815120 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_28.dll
2014-12-09 03:25 - 2005-12-06 02:39 - 02323664 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_28.dll
2014-12-09 03:25 - 2005-07-23 04:29 - 03807440 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_27.dll
2014-12-09 03:25 - 2005-07-23 04:29 - 02319568 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_27.dll
2014-12-09 03:25 - 2005-05-27 00:04 - 03767504 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_26.dll
2014-12-09 03:25 - 2005-05-27 00:04 - 02297552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_26.dll
2014-12-09 03:25 - 2005-03-19 01:49 - 03823312 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_25.dll
2014-12-09 03:25 - 2005-03-19 01:49 - 02337488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_25.dll
2014-12-09 03:25 - 2005-02-06 04:15 - 03544272 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_24.dll
2014-12-09 03:25 - 2005-02-06 04:15 - 02222800 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_24.dll
2014-12-09 03:18 - 2014-12-09 03:26 - 00000000 ____D () C:\windows\SysWOW64\directx
2014-12-09 02:52 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sherlock Holmes Crimes and Punishments
2014-12-09 02:42 - 2014-12-09 02:43 - 00000000 ____D () C:\Program Files (x86)\Sherlock Holmes Crimes and Punishments
2014-12-09 01:54 - 2014-12-11 06:33 - 00000000 ____D () C:\Users\Sherry\Downloads\Video
2014-12-09 01:54 - 2014-12-10 07:48 - 00000000 ____D () C:\Users\Sherry\Downloads\Compressed Files
2014-12-09 01:42 - 2015-01-06 09:42 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\DMCache
2014-12-09 01:42 - 2014-12-21 12:41 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2014-12-09 00:35 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2014-12-09 00:35 - 2014-12-09 00:37 - 00000000 ____D () C:\Program Files\TAP-Windows
2014-12-09 00:35 - 2014-12-09 00:37 - 00000000 ____D () C:\Program Files\OpenVPN
2014-12-09 00:35 - 2014-12-09 00:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2014-12-09 00:03 - 2013-10-30 03:05 - 00000000 ____D () C:\Users\OMGHA\Desktop\Wilmaa
2014-12-08 23:54 - 2014-12-08 23:54 - 00000000 ____D () C:\Users\Sherry\.ebookreader
2014-12-08 23:53 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Ebook Reader
2014-12-08 23:53 - 2014-12-08 23:53 - 00000000 ____D () C:\Program Files (x86)\Icecream Ebook Reader
2014-12-08 23:28 - 2014-12-27 12:41 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-12-08 23:27 - 2014-12-19 11:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-12-08 23:26 - 2014-12-08 23:26 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-08 23:25 - 2014-12-08 23:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-08 23:24 - 2014-12-08 23:25 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-08 23:21 - 2014-12-08 23:21 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-12-08 23:21 - 2014-12-08 23:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-12-08 23:20 - 2014-12-20 11:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-08 23:20 - 2014-12-19 10:07 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-12-08 23:20 - 2014-12-08 23:20 - 00000000 ____D () C:\Users\Sherry\AppData\Local\Microsoft Help
2014-12-08 23:20 - 2014-12-08 23:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-08 23:18 - 2014-12-08 23:18 - 00000000 ___RD () C:\MSOCache
2014-12-08 20:37 - 2014-12-08 20:37 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spelunky HD 1.0
2014-12-08 20:36 - 2014-12-08 20:36 - 00000000 ____D () C:\Games
2014-12-08 20:11 - 2014-12-09 08:44 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\CompleteFCE
2014-12-08 20:10 - 2014-12-08 20:10 - 00002657 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CompleteFCE.lnk
2014-12-08 20:10 - 2014-12-08 20:10 - 00000000 ____D () C:\Program Files (x86)\Cambridge
2014-12-08 19:55 - 2014-12-19 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2014-12-08 19:55 - 2014-12-08 19:55 - 00000000 ____D () C:\Program Files\PowerISO
2014-12-08 19:55 - 2014-10-08 16:43 - 00127760 _____ (Power Software Ltd) C:\windows\system32\Drivers\scdemu.sys
2014-12-08 17:58 - 2014-12-08 17:58 - 00000000 ____D () C:\ProgramData\Steam
2014-12-08 17:36 - 2014-12-08 17:36 - 00000000 ____D () C:\Program Files (x86)\DAMN NFO Viewer
2014-12-08 08:13 - 2014-12-08 08:13 - 00000000 ____D () C:\ProgramData\SystemRequirementsLab
2014-12-08 08:13 - 2014-12-08 08:13 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-12-08 07:21 - 2010-06-02 13:25 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2014-12-08 07:21 - 2010-06-02 13:25 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2014-12-08 07:21 - 2010-06-02 13:25 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2014-12-08 07:21 - 2010-06-02 13:25 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2014-12-08 07:21 - 2010-05-26 20:11 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2014-12-08 07:21 - 2010-05-26 20:11 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2014-12-08 07:21 - 2010-05-26 20:11 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2014-12-08 07:21 - 2010-05-26 20:11 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-12-08 07:21 - 2010-05-26 20:11 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2014-12-08 07:21 - 2010-05-26 20:11 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll
2014-12-08 07:21 - 2010-05-26 20:11 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-12-08 07:21 - 2010-05-26 20:11 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2014-12-08 07:21 - 2007-04-05 03:24 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2014-12-08 07:21 - 2007-04-05 03:23 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-06 12:30 - 2013-11-24 15:44 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2015-01-06 11:54 - 2013-08-28 23:59 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 11:53 - 2014-10-13 20:02 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-06 10:06 - 2009-07-14 08:15 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 10:06 - 2009-07-14 08:15 - 00028928 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 10:05 - 2013-08-28 23:59 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-06 10:05 - 2012-02-18 18:04 - 00590724 _____ () C:\windows\system32\fastboot.set
2015-01-06 10:04 - 2009-07-14 08:43 - 00757336 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-06 10:03 - 2012-02-18 17:28 - 01825157 _____ () C:\windows\WindowsUpdate.log
2015-01-06 09:58 - 2009-07-14 08:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-06 09:41 - 2012-11-25 19:01 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Skype
2015-01-04 10:29 - 2013-05-24 17:12 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\uTorrent
2015-01-03 15:33 - 2012-02-18 17:41 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-27 13:42 - 2013-11-29 11:49 - 03845120 ___SH () C:\Users\Sherry\Desktop\Thumbs.db
2014-12-27 12:41 - 2014-05-20 23:37 - 00000000 ____D () C:\windows\ERUNT
2014-12-27 12:41 - 2013-11-17 19:48 - 00000000 ____D () C:\Users\OMGHA\Documents\Anti-Filter
2014-12-27 12:41 - 2012-11-22 01:13 - 00000000 ____D () C:\Users\Sherry
2014-12-27 12:41 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\AppCompat
2014-12-27 12:39 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\registration
2014-12-27 12:15 - 2014-10-20 06:51 - 00000000 ____D () C:\ProgramData\IDM
2014-12-26 07:52 - 2013-11-17 09:18 - 00000000 ____D () C:\temp
2014-12-22 18:15 - 2009-07-14 06:50 - 00000000 __RHD () C:\Users\Default
2014-12-22 18:11 - 2009-07-14 06:04 - 00000215 _____ () C:\windows\system.ini
2014-12-21 16:40 - 2009-07-14 06:50 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-21 12:39 - 2009-07-14 06:50 - 00000000 __RSD () C:\windows\Media
2014-12-21 10:42 - 2014-05-20 23:50 - 00000000 ____D () C:\AdwCleaner
2014-12-21 06:58 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\rescache
2014-12-21 03:17 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-20 20:12 - 2013-11-24 15:46 - 00038240 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\windows\system32\Drivers\see.sys
2014-12-20 20:12 - 2013-11-24 15:45 - 00135736 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\windows\system32\vpncmd.exe
2014-12-20 11:50 - 2014-05-07 12:55 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-19 21:34 - 2012-12-04 15:11 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-19 11:45 - 2013-07-20 15:54 - 00000000 ____D () C:\windows\system32\MRT
2014-12-19 11:41 - 2012-11-23 01:54 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-19 10:18 - 2009-07-14 06:50 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-19 10:18 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\servicing
2014-12-19 10:17 - 2014-08-04 03:12 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Zona
2014-12-19 10:17 - 2013-12-08 18:08 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Winamp
2014-12-19 10:17 - 2013-08-29 00:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-19 10:17 - 2012-11-22 01:13 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-19 10:16 - 2013-08-15 19:33 - 00000000 ____D () C:\Program Files (x86)\GC
2014-12-19 10:16 - 2012-02-18 17:39 - 00000000 ____D () C:\Program Files\AMD
2014-12-19 10:16 - 2012-02-18 17:37 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-12-19 10:06 - 2012-02-18 18:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-19 10:06 - 2012-02-18 17:37 - 00000000 ____D () C:\Program Files\ATI
2014-12-18 20:54 - 2012-11-22 01:11 - 00000000 ____D () C:\Recovery
2014-12-11 06:22 - 2012-02-18 17:40 - 00000000 ____D () C:\ProgramData\AMD
2014-12-10 17:03 - 2009-07-14 09:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-10 17:03 - 2009-07-14 09:02 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-10 17:03 - 2009-07-14 09:02 - 00000000 ____D () C:\Program Files\DVD Maker
2014-12-10 17:03 - 2009-07-14 06:50 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-10 17:02 - 2011-09-29 07:07 - 00000000 ____D () C:\windows\ShellNew
2014-12-10 17:02 - 2009-07-14 06:50 - 00000000 ____D () C:\windows\system32\spool
2014-12-10 06:06 - 2014-03-12 23:31 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\HandBrake
2014-12-10 05:57 - 2014-10-22 03:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-10 05:57 - 2012-11-25 19:01 - 00000000 ____D () C:\ProgramData\Skype
2014-12-09 23:33 - 2014-03-18 03:02 - 00000000 ____D () C:\Users\Sherry\AppData\Local\Popcorn-Time
2014-12-09 21:09 - 2012-11-23 01:47 - 00000000 ____D () C:\Program Files\VideoLAN
2014-12-09 18:12 - 2014-10-20 06:51 - 00000000 ____D () C:\Users\Sherry\AppData\Roaming\IDM
2014-12-09 18:02 - 2014-05-22 05:20 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-12-09 18:02 - 2013-07-21 20:31 - 00000000 ____D () C:\windows\Minidump
2014-12-09 18:02 - 2011-02-22 14:49 - 00000000 ____D () C:\windows\Panther
2014-12-09 17:39 - 2012-11-30 00:47 - 00001945 _____ () C:\windows\epplauncher.mif
2014-12-09 16:54 - 2012-11-22 01:27 - 00000000 ____D () C:\Users\Sherry\AppData\Local\Google
2014-12-09 16:43 - 2012-11-22 01:17 - 00112072 _____ () C:\Users\Sherry\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-09 16:42 - 2009-07-14 08:15 - 00436424 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-09 12:16 - 2009-07-14 06:50 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-09 12:16 - 2009-07-14 06:04 - 00000502 _____ () C:\windows\win.ini
2014-12-09 02:04 - 2013-01-29 06:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2014-12-09 01:17 - 2014-03-18 19:23 - 00000000 ___HD () C:\Users\Sherry\Desktop\.picasaoriginals
2014-12-09 00:23 - 2013-11-17 19:24 - 00000600 _____ () C:\Users\Sherry\PUTTY.RND
2014-12-08 19:53 - 2012-02-18 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-12-08 19:53 - 2012-02-18 18:01 - 00000000 ____D () C:\Program Files (x86)\Lenovo
 
Some content of TEMP:
====================
C:\Users\OMGHA\AppData\Local\Temp\FreemakeVideoConverterFull.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 21:57
 
==================== End Of Log ============================
 
 
 
Link to post
Share on other sites

  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

  • Staff

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.