GerardGuce Posted August 19, 2016 ID:1057259 Share Posted August 19, 2016 I cant get rid of Hao123 infecting my browser. Tried using JRT, Adwarecleaner but after restarting my pc the virus is on my browser again. Help Windows 7 64 Link to post Share on other sites More sharing options...
kevinf80 Posted August 19, 2016 ID:1057264 Share Posted August 19, 2016 Hello GerardGuce and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Change the download folder setting for your Default Browser so all tools we may use are saved to the Desktop:Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties" In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK" Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location..... Next, Follow the instructions in the following link to show hidden files:http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Download RKill from here: http://www.bleepingcomputer.com/download/rkill/ There are three buttons to choose from with different names on, select the first one and save it to your desktop. Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7/8/10, right-click on it and Run As Administrator. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply. If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time. If the tool does not run from any of the links provided, please let me know. Next, Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete Apply Actions to any found entries. Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. After the restart once you are back at your desktop, open MBAM once more. To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to replyXML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… If Malwarebytes is not installed follow these instructions first: Download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above.... Next, Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach those logs to your reply. Let me see those logs in your reply... Thank you, Kevin... Link to post Share on other sites More sharing options...
GerardGuce Posted August 19, 2016 Author ID:1057277 Share Posted August 19, 2016 Just restarted my pc and the hao thing is not on my browser anymore. Ill msg you again if i saw it again. Thanks for ur help! Appreciated much! Rkill 2.8.4 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link:http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 08/19/2016 04:35:24 AM in x64 mode. Windows Version: Windows 7 Ultimate Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * TBS [Missing Service] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 08/19/2016 04:35:38 AM Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s) ______________________________________________________________ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 8/19/2016 Scan Time: 4:37 AM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.08.19.04 Rootkit Database: v2016.08.15.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Gaming Scan Type: Threat Scan Result: Completed Objects Scanned: 286224 Time Elapsed: 7 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ------------------------------------------------------------- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016 Ran by Gaming (administrator) on GAMING-PC (19-08-2016 04:46:41) Running from C:\Users\Gaming\Downloads Loaded Profiles: Gaming (Available Profiles: Gaming) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-10-30] (Realtek Semiconductor) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6626696 2016-07-18] (Advanced Micro Devices, Inc.) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKU\S-1-5-21-3243600020-3937093381-359131250-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-16] (Valve Corporation) HKU\S-1-5-21-3243600020-3937093381-359131250-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.) HKU\S-1-5-21-3243600020-3937093381-359131250-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd) HKU\S-1-5-21-3243600020-3937093381-359131250-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation) Startup: C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-08-10] ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122 Tcpip\..\Interfaces\{0DE98107-1D0A-40B8-8FB4-E24CC83951A0}: [DhcpNameServer] 192.168.1.254 75.153.171.122 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a0650887 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a0650887 HKU\S-1-5-21-3243600020-3937093381-359131250-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a0650887 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms} SearchScopes: HKU\S-1-5-21-3243600020-3937093381-359131250-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms} SearchScopes: HKU\S-1-5-21-3243600020-3937093381-359131250-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3243600020-3937093381-359131250-1001: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File] Chrome: ======= CHR HomePage: Profile 1 -> hxxp://google.com/ CHR StartupUrls: Profile 1 -> "hxxps://www.google.ca/?gfe_rd=cr&ei=3ICYV7KPNdHe8AeYiITIDQ&gws_rd=ssl","hxxps://support.google.com/chrome/answer/95314?hl=en" CHR Session Restore: Profile 1 -> is enabled. CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll () CHR Profile: C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Default CHR Profile: C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (AdBlock) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-10] CHR Extension: (Notifier for Twitter) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn [2016-08-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-09] CHR Extension: (Chrome Media Router) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] () S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] () R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-19] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2506384 2015-08-12] (MediaTek Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed] R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-08-16] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-08-16] (Zemana Ltd.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-19 04:35 - 2016-08-19 04:35 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Gaming\Desktop\rkill.exe 2016-08-19 04:35 - 2016-08-19 04:35 - 00002042 _____ C:\Users\Gaming\Desktop\Rkill.txt 2016-08-19 01:54 - 2016-08-19 01:54 - 30659457 _____ C:\Users\Gaming\Downloads\Windows6.1-KB3172605-x64.msu 2016-08-19 01:54 - 2016-06-10 12:51 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-19 01:54 - 2016-06-10 12:51 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-19 01:54 - 2016-06-10 12:46 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-19 01:54 - 2016-06-10 12:46 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-19 01:54 - 2016-06-10 09:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-19 01:54 - 2016-06-10 09:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-19 01:54 - 2016-06-10 08:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-19 01:54 - 2016-06-10 08:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-19 01:54 - 2016-06-10 08:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-19 01:54 - 2016-06-10 08:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-19 01:54 - 2016-06-10 08:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-19 01:54 - 2016-06-10 08:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-19 01:54 - 2016-06-06 10:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2016-08-19 01:54 - 2016-06-06 10:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2016-08-19 01:54 - 2016-06-06 10:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2016-08-19 01:54 - 2016-06-06 10:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2016-08-19 01:54 - 2016-06-06 09:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2016-08-19 01:54 - 2016-06-06 09:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2016-08-19 01:54 - 2016-06-06 09:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2016-08-19 01:54 - 2016-06-06 09:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2016-08-19 01:54 - 2016-05-16 17:22 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-08-19 01:54 - 2016-05-16 17:19 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-08-19 01:54 - 2016-05-16 17:19 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-08-19 01:54 - 2016-05-16 17:18 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-08-19 01:54 - 2016-05-16 17:18 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-08-19 01:54 - 2016-05-16 17:17 - 01732888 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-08-19 01:54 - 2016-05-16 17:16 - 01314136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 15:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-08-19 01:54 - 2016-05-16 15:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-08-19 01:54 - 2016-05-16 15:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-08-19 01:54 - 2016-05-16 15:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-08-19 01:54 - 2016-05-16 15:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-08-19 01:54 - 2016-05-16 15:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-08-19 01:54 - 2016-05-16 15:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-08-19 01:54 - 2016-05-16 15:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-08-19 01:54 - 2016-05-16 15:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-08-19 01:54 - 2016-05-16 15:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-08-19 01:54 - 2016-05-16 15:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 15:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 15:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-08-19 01:54 - 2016-05-16 15:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-08-19 01:54 - 2016-05-13 16:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2016-08-19 01:54 - 2016-05-13 16:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2016-08-19 01:54 - 2016-05-13 16:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2016-08-19 01:54 - 2016-05-13 16:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2016-08-19 01:54 - 2016-05-13 15:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2016-08-19 01:54 - 2016-05-13 15:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2016-08-19 01:54 - 2016-05-13 15:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2016-08-19 01:54 - 2016-05-13 15:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2016-08-19 01:54 - 2016-05-13 15:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2016-08-19 01:54 - 2016-05-13 15:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2016-08-19 01:54 - 2016-05-13 15:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2016-08-19 01:54 - 2016-05-13 15:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2016-08-19 01:54 - 2016-05-13 15:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2016-08-19 01:54 - 2016-05-13 15:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2016-08-19 01:54 - 2016-05-13 15:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2016-08-19 01:54 - 2016-05-13 15:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2016-08-19 01:54 - 2016-05-12 11:14 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2016-08-19 01:54 - 2016-05-12 11:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll 2016-08-19 01:54 - 2016-05-12 09:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2016-08-19 01:54 - 2016-05-12 09:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2016-08-19 01:54 - 2016-05-12 09:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll 2016-08-19 01:54 - 2016-05-04 11:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2016-08-19 01:54 - 2016-05-04 11:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2016-08-19 01:54 - 2016-05-04 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2016-08-19 01:54 - 2016-05-04 11:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2016-08-19 01:54 - 2016-05-04 11:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2016-08-19 01:54 - 2016-05-04 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2016-08-19 01:54 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2016-08-19 01:54 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2016-08-19 01:54 - 2016-05-04 11:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2016-08-19 01:54 - 2016-05-04 11:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2016-08-19 01:54 - 2016-05-04 09:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2016-08-19 01:54 - 2016-05-04 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2016-08-19 01:51 - 2016-08-19 01:51 - 03319424 _____ C:\Users\Gaming\Downloads\Windows6.1-KB3138612-x64.msu 2016-08-19 01:48 - 2016-08-19 01:48 - 03328910 _____ C:\Users\Gaming\Downloads\Windows6.1-KB3102810-x64.msu 2016-08-19 01:39 - 2016-08-19 01:39 - 00000000 ____D C:\Users\Gaming\Doctor Web 2016-08-19 01:35 - 2016-08-19 01:38 - 140711960 _____ C:\Users\Gaming\Downloads\c9x60q94.exe 2016-08-19 01:32 - 2016-08-19 01:32 - 00025987 _____ C:\Users\Gaming\Downloads\Addition.txt 2016-08-19 01:31 - 2016-08-19 04:46 - 00012455 _____ C:\Users\Gaming\Downloads\FRST.txt 2016-08-19 01:31 - 2016-08-19 04:46 - 00000000 ____D C:\FRST 2016-08-19 01:31 - 2016-08-19 01:31 - 02394624 _____ (Farbar) C:\Users\Gaming\Downloads\FRST64.exe 2016-08-19 01:30 - 2016-08-19 01:30 - 03784256 _____ C:\Users\Gaming\Downloads\AdwCleaner (1).exe 2016-08-19 01:27 - 2016-08-19 01:27 - 03784256 _____ C:\Users\Gaming\Downloads\AdwCleaner.exe 2016-08-19 00:35 - 2016-08-19 01:16 - 00000000 ____D C:\Users\Gaming\Desktop\mbar 2016-08-19 00:35 - 2016-08-19 01:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-08-19 00:35 - 2016-08-19 00:35 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Gaming\Downloads\mbar-1.09.3.1001.exe 2016-08-19 00:29 - 2016-08-19 00:29 - 00000000 ____D C:\Windows\system32\appmgmt 2016-08-19 00:18 - 2016-08-19 00:18 - 00001134 _____ C:\Users\Gaming\Documents\Documents - Shortcut.lnk 2016-08-19 00:17 - 2016-08-19 00:17 - 00016096 _____ C:\Users\Gaming\Desktop\JRT.txt 2016-08-17 21:47 - 2016-08-17 21:47 - 00000000 ____D C:\6f55bc171c79d6e9777702e448941e6d 2016-08-17 21:46 - 2016-08-17 21:46 - 00000041 _____ C:\Windows\woubak-pwrscheme-temp.txt 2016-08-17 21:46 - 2016-08-17 21:46 - 00000041 _____ C:\Windows\woubak-pwrscheme-act.txt 2016-08-17 20:49 - 2016-08-17 20:49 - 00000000 ____D C:\Users\Gaming\Downloads\wsusoffline1073 2016-08-17 20:16 - 2016-08-17 20:16 - 00000000 ____D C:\02a77689c1d6e768f0b936 2016-08-17 19:34 - 2016-08-17 19:34 - 00000000 ___HD C:\$Windows.~WS 2016-08-17 19:26 - 2016-08-19 04:26 - 00000980 _____ C:\Windows\Tasks\Bing Powered Search moses.job 2016-08-17 19:26 - 2016-08-18 14:26 - 00000000 ____D C:\ProgramData\{C2DA07B9-4898-8D7F-CE5E-133D541C98F3} 2016-08-17 19:26 - 2016-08-17 19:27 - 00000000 ____D C:\Users\Gaming\AppData\Local\{8ACABC96-AE62-D02E-C3FA-F5C6E792095E} 2016-08-17 19:26 - 2016-08-17 19:27 - 00000000 ____D C:\Users\Gaming\AppData\Local\{8A97BC2C-AFC5-D15A-C4F3-F68818210BB6} 2016-08-17 19:26 - 2016-08-17 19:26 - 00004012 _____ C:\Windows\System32\Tasks\Bing Powered Search moses 2016-08-17 19:26 - 2016-08-17 19:26 - 00000344 __RSH C:\ProgramData\ntuser.pol 2016-08-17 19:26 - 2016-08-17 19:26 - 00000000 ____D C:\Users\Gaming\AppData\Local\sone 2016-08-17 19:12 - 2016-08-17 19:48 - 00000000 ____D C:\Program Files (x86)\Belarc 2016-08-17 18:50 - 2016-08-17 18:50 - 00000000 ___HD C:\$GetCurrent 2016-08-17 18:33 - 2016-08-19 00:19 - 00000000 ____D C:\Users\Gaming\Desktop\Antivirus 2016-08-17 18:33 - 2016-08-17 18:33 - 00000000 ____D C:\Users\Gaming\Desktop\Stream 2016-08-17 18:32 - 2016-08-17 18:32 - 00000000 ____D C:\Users\Gaming\Desktop\Printer 2016-08-17 11:09 - 2016-08-17 11:09 - 00000219 _____ C:\Users\Gaming\Desktop\Counter-Strike Global Offensive.url 2016-08-16 13:33 - 2016-08-16 13:33 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2016-08-16 01:06 - 2016-08-16 01:06 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2016-08-16 01:06 - 2016-08-16 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2016-08-16 01:05 - 2016-08-16 01:05 - 00000000 ____D C:\Users\Gaming\Downloads\[www.gigapurbalingga.com]_ZemAM2212465 2016-08-11 02:51 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2016-08-11 02:51 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2016-08-11 02:50 - 2016-04-08 22:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-08-11 02:50 - 2016-04-08 21:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-08-11 02:50 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2016-08-11 02:50 - 2015-02-03 21:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2016-08-11 02:50 - 2015-02-03 20:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2016-08-10 20:38 - 2016-08-19 01:56 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2016-08-10 20:38 - 2016-08-10 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings 2016-08-10 12:39 - 2016-08-10 12:39 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-10 12:39 - 2016-08-10 12:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-10 12:39 - 2016-08-10 12:39 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 12:39 - 2016-08-10 12:39 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 12:39 - 2016-08-10 12:39 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2016-08-10 12:39 - 2016-08-10 12:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2016-08-10 12:39 - 2016-08-10 12:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-10 12:39 - 2016-08-10 12:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-10 12:39 - 2016-08-10 12:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2016-08-10 12:39 - 2016-08-10 12:39 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2016-08-10 12:39 - 2016-08-10 12:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2016-08-10 12:39 - 2016-08-10 12:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2016-08-10 12:39 - 2016-08-10 12:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-10 12:38 - 2016-08-10 12:38 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2016-08-10 12:38 - 2016-08-10 12:38 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2016-08-10 12:36 - 2016-08-10 12:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2016-08-10 12:31 - 2016-08-10 12:34 - 00000000 ____D C:\Windows\system32\MRT 2016-08-10 12:31 - 2016-08-10 12:31 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-10 01:15 - 2016-08-17 19:55 - 00000000 ____D C:\Program Files\CCleaner 2016-08-10 01:15 - 2016-08-10 01:23 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-08-10 01:15 - 2016-08-10 01:15 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-08-10 01:15 - 2016-08-10 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-08-07 22:37 - 2016-08-19 04:46 - 00236637 _____ C:\Windows\ZAM.krnl.trace 2016-08-07 22:37 - 2016-08-19 04:46 - 00039121 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-08-07 22:36 - 2016-08-16 13:33 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2016-08-07 22:36 - 2016-08-07 22:36 - 00000000 ____D C:\Users\Gaming\AppData\Local\Zemana 2016-08-06 18:49 - 2016-08-07 04:36 - 00000000 ____D C:\Users\Gaming\Desktop\nhhbnn 2016-08-06 00:19 - 2016-08-06 00:19 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2016-08-04 20:35 - 2016-08-04 21:25 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\obs-studio 2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio 2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Program Files (x86)\obs-studio 2016-08-04 20:23 - 2016-08-04 20:23 - 00001065 _____ C:\Users\Public\Desktop\Logitech Vid.lnk 2016-08-04 20:23 - 2016-08-04 20:23 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Leadertech 2016-08-04 20:23 - 2016-08-04 20:23 - 00000000 ____D C:\Users\Gaming\AppData\Local\LogiShrd 2016-08-04 20:23 - 2016-08-04 20:23 - 00000000 ____D C:\Program Files (x86)\Logitech 2016-08-04 20:21 - 2009-04-30 17:02 - 00764952 _____ (Logitech Inc.) C:\Windows\system32\LVUI64.dll 2016-08-04 20:21 - 2009-04-30 17:02 - 00559640 _____ (Logitech Inc.) C:\Windows\system32\LVUIRC64.dll 2016-08-04 20:21 - 2009-04-30 17:02 - 00539160 _____ (Logitech Inc.) C:\Windows\SysWOW64\LVUI2RC.dll 2016-08-04 20:21 - 2009-04-30 17:02 - 00539160 _____ (Logitech Inc.) C:\Windows\SysWOW64\LVUI2.dll 2016-08-04 20:21 - 2009-04-30 17:01 - 00327576 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvrs64.sys 2016-08-04 20:21 - 2009-04-30 16:57 - 00416280 _____ (Logitech Inc.) C:\Windows\SysWOW64\lvcodec2.dll 2016-08-04 20:21 - 2009-04-30 16:57 - 00398360 _____ (Logitech Inc.) C:\Windows\system32\lvcod64.dll 2016-08-04 20:21 - 2009-04-30 16:57 - 00266776 _____ (Logitech Inc.) C:\Windows\system32\lvco1201278.dll 2016-08-04 20:21 - 2009-04-30 16:55 - 02755096 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LV302V64.SYS 2016-08-04 20:21 - 2009-04-30 16:55 - 00015896 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lv302a64.sys 2016-08-04 20:21 - 2009-04-30 16:39 - 00082289 _____ C:\Windows\system32\lvcoin64.ini 2016-08-04 20:21 - 2009-04-30 16:39 - 00034068 _____ C:\Windows\system32\Repository.reg 2016-08-04 20:20 - 2016-08-06 18:44 - 00000000 ____D C:\ProgramData\LogiShrd 2016-08-04 20:20 - 2016-08-04 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2016-08-04 20:20 - 2016-08-04 20:21 - 00000000 ____D C:\Program Files\Common Files\LogiShrd 2016-08-04 20:20 - 2016-08-04 20:20 - 00000000 ____D C:\Program Files\Logitech 2016-08-04 17:55 - 2016-08-04 17:55 - 00148008 _____ C:\Users\Gaming\Documents\yea.xps 2016-08-03 21:36 - 2016-08-03 21:36 - 00000000 ____D C:\Users\Gaming\Documents\My Received Files 2016-08-02 02:21 - 2016-08-02 02:21 - 00000836 _____ C:\Windows\system32\.crusader 2016-08-02 02:18 - 2016-08-02 02:21 - 00000000 ____D C:\ProgramData\HitmanPro 2016-08-02 01:47 - 2016-08-19 01:28 - 00000000 ____D C:\AdwCleaner 2016-08-01 01:35 - 2016-08-10 13:06 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Adobe 2016-08-01 01:35 - 2016-08-01 01:35 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-08-01 01:35 - 2016-08-01 01:35 - 00000000 ____D C:\Users\Gaming\AppData\LocalLow\Adobe 2016-08-01 01:34 - 2016-08-04 16:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-08-01 01:34 - 2016-08-01 01:34 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk 2016-08-01 01:34 - 2016-08-01 01:34 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-08-01 01:33 - 2016-08-01 01:39 - 00000000 ____D C:\ProgramData\Adobe 2016-08-01 01:31 - 2016-08-01 01:35 - 00000000 ____D C:\Users\Gaming\AppData\Local\Adobe 2016-08-01 00:43 - 2016-08-08 13:44 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\HpUpdate 2016-08-01 00:43 - 2016-08-01 00:43 - 00003594 _____ C:\Windows\System32\Tasks\HPCustParticipation HP DeskJet 3630 series 2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\ProgramData\Visan 2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\ProgramData\HP Photo Creations 2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\ProgramData\HP 2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\Program Files\HP 2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations 2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\Program Files (x86)\HP 2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard 2016-08-01 00:43 - 2015-04-09 02:32 - 00803848 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPME311.dll 2016-08-01 00:42 - 2016-08-01 00:45 - 00000000 ____D C:\Users\Gaming\AppData\Local\HP 2016-08-01 00:42 - 2016-08-01 00:42 - 00000057 _____ C:\ProgramData\Ament.ini 2016-07-30 21:17 - 2012-07-25 21:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2016-07-30 21:17 - 2012-07-25 21:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2016-07-30 21:17 - 2012-07-25 21:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2016-07-30 21:17 - 2012-07-25 21:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2016-07-30 21:17 - 2012-07-25 21:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2016-07-30 21:17 - 2012-07-25 20:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2016-07-30 21:17 - 2012-07-25 20:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2016-07-30 21:17 - 2012-06-02 08:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2016-07-27 04:01 - 2016-07-30 11:36 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP 2016-07-27 03:45 - 2016-07-27 03:45 - 00000000 _____ C:\autoexec.bat 2016-07-27 00:48 - 2016-08-19 01:09 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-07-27 00:48 - 2016-08-02 21:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit 2016-07-27 00:48 - 2016-08-02 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit 2016-07-27 00:04 - 2016-07-27 00:04 - 00000000 ____D C:\Users\Gaming\AppData\Local\A 2016-07-26 18:01 - 2016-07-27 00:25 - 00000000 __SHD C:\Users\Gaming\wc 2016-07-26 18:01 - 2016-07-26 18:01 - 00000000 __SHD C:\Users\Gaming\AppData\Local\ms-drivers 2016-07-26 18:01 - 2016-07-26 18:01 - 00000000 __SHD C:\Users\Gaming\AppData\Local\icsxml 2016-07-26 18:01 - 2016-07-26 18:01 - 00000000 ____D C:\Users\Gaming\AppData\Local\ns0 2016-07-26 18:00 - 2016-07-26 18:00 - 00000000 ____D C:\Users\Gaming\Downloads\New Folder 2016-07-26 17:59 - 2016-07-26 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-07-26 17:59 - 2016-07-26 17:59 - 00000000 ____D C:\Program Files\7-Zip 2016-07-26 01:44 - 2016-08-17 18:32 - 00000000 ____D C:\Users\Gaming\Desktop\BOTS 2016-07-26 01:36 - 2016-08-05 16:52 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Opera Software 2016-07-26 01:36 - 2016-08-05 16:07 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1469518577 2016-07-26 01:36 - 2016-07-26 01:36 - 00000000 ____D C:\Users\Gaming\AppData\Local\Opera Software 2016-07-26 01:35 - 2016-08-05 16:54 - 00000000 ____D C:\Program Files (x86)\Opera 2016-07-26 00:40 - 2016-07-26 00:40 - 00000000 ____D C:\Users\Gaming\AppData\LocalLow\uTorrent 2016-07-26 00:39 - 2016-07-27 00:45 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\uTorrent 2016-07-22 18:15 - 2016-07-22 18:16 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Apple Computer 2016-07-22 18:15 - 2016-07-22 18:15 - 00000000 ____D C:\Users\Gaming\AppData\Local\Apple Computer 2016-07-22 18:14 - 2016-07-22 18:14 - 00000000 ____D C:\ProgramData\Apple Computer 2016-07-22 18:13 - 2016-08-19 00:31 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-07-22 18:13 - 2016-07-22 18:13 - 00000000 ____D C:\Users\Gaming\AppData\Local\Apple 2016-07-22 18:12 - 2016-07-22 18:13 - 00000000 ____D C:\ProgramData\Apple 2016-07-20 19:09 - 2016-08-01 21:14 - 00000000 ____D C:\Users\Gaming\Downloads\PopcornTime 2016-07-20 19:09 - 2016-07-20 19:09 - 00000000 ____D C:\Users\Gaming\AppData\Local\PopcornTimeDesktop ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-19 04:37 - 2016-05-17 21:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-19 04:00 - 2016-05-17 21:16 - 00000552 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-19 03:24 - 2016-05-17 21:30 - 00000000 ____D C:\Program Files (x86)\Steam 2016-08-19 02:27 - 2009-07-13 22:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-19 02:27 - 2009-07-13 22:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-19 02:02 - 2009-07-13 23:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-19 02:02 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf 2016-08-19 01:58 - 2016-05-17 13:54 - 00000000 ____D C:\Users\Gaming 2016-08-19 01:57 - 2016-05-17 21:16 - 00000548 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-19 01:57 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-19 00:35 - 2016-05-17 21:26 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-08-19 00:26 - 2016-06-04 17:44 - 00000000 ____D C:\Program Files (x86)\Raptr Inc 2016-08-19 00:18 - 2016-05-17 21:18 - 00001160 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-19 00:18 - 2016-05-17 21:18 - 00001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-19 00:18 - 2016-05-17 13:54 - 00000282 _____ C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-08-17 20:45 - 2016-06-04 13:40 - 00000000 ____D C:\Users\Gaming\AppData\Local\ElevatedDiagnostics 2016-08-17 19:47 - 2016-05-16 15:48 - 00000000 ____D C:\Windows\Panther 2016-08-17 19:26 - 2009-07-13 21:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2016-08-17 19:26 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy 2016-08-17 18:38 - 2016-06-16 00:04 - 00000000 ____D C:\Users\Gaming\AppData\Local\Windows Live 2016-08-17 11:09 - 2016-05-17 21:37 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-08-10 20:56 - 2016-06-04 17:50 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater 2016-08-10 20:32 - 2016-06-04 17:35 - 00000000 ____D C:\AMD 2016-08-10 20:32 - 2016-05-17 14:11 - 00000000 ____D C:\Program Files\AMD 2016-08-10 13:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2016-08-09 13:02 - 2016-05-17 21:30 - 00000963 _____ C:\Users\Public\Desktop\Steam.lnk 2016-08-09 01:16 - 2009-07-13 23:08 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-08-05 16:01 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2016-08-04 23:04 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-08-02 17:35 - 2009-07-13 22:45 - 00271136 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-02 03:41 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender 2016-08-02 03:41 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-08-01 00:52 - 2016-05-17 13:57 - 00058696 _____ C:\Users\Gaming\AppData\Local\GDIPFONTCACHEV1.DAT 2016-07-30 21:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing 2016-07-30 12:35 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\DigitalLocker 2016-07-28 17:55 - 2016-05-17 21:16 - 00003548 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-28 17:55 - 2016-05-17 21:16 - 00003296 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-27 00:46 - 2016-05-17 21:18 - 00000000 ____D C:\Users\Gaming\AppData\Local\Google 2016-07-26 14:24 - 2010-11-20 21:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-07-21 23:12 - 2016-05-17 14:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT ==================== Files in the root of some directories ======= 2016-08-01 00:42 - 2016-08-01 00:42 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-05-17 14:01 - 2016-05-17 14:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Gaming\AppData\Local\Temp\HitmanPro.exe C:\Users\Gaming\AppData\Local\Temp\libeay32.dll C:\Users\Gaming\AppData\Local\Temp\msvcr120.dll C:\Users\Gaming\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-19 02:20 ==================== End of FRST.txt ============================ ---------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016 Ran by Gaming (19-08-2016 04:47:06) Running from C:\Users\Gaming\Downloads Windows 7 Ultimate Service Pack 1 (X64) (2016-05-17 19:54:34) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3243600020-3937093381-359131250-500 - Administrator - Disabled) Gaming (S-1-5-21-3243600020-3937093381-359131250-1001 - Administrator - Enabled) => C:\Users\Gaming Guest (S-1-5-21-3243600020-3937093381-359131250-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3243600020-3937093381-359131250-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.) Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.28.1 - Asmedia Technology) Bing Powered Search (HKLM-x32\...\BingPoweredSearch) (Version: - ) Catalyst Control Center Next Localization BR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HP DeskJet 3630 series Basic Device Software (HKLM\...\{82088106-8F3E-4C76-A919-607CB9BA02AE}) (Version: 35.0.61.54677 - Hewlett-Packard Co.) HP DeskJet 3630 series Help (HKLM-x32\...\{5F074370-FEB0-4477-820F-A59DF28A933E}) (Version: 35.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.) Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.) Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.2 - OBS Project) PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1050.0 - Passmark Software) Product Improvement Study for HP DeskJet 3630 series (HKLM\...\{11AF0CB4-0708-4DDF-BB66-FC8CF90E3425}) (Version: 35.0.61.54677 - Hewlett-Packard Co.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Vulkan Run Time Libraries 1.0.11.0 (HKLM\...\VulkanRT1.0.11.0) (Version: 1.0.11.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.465 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {3106ABB5-4BF2-4DAE-916E-7D5F2DF92523} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.) Task: {3DCE6C05-304F-4210-AB95-6768BEA31BC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-17] (Google Inc.) Task: {5176EE3D-73CB-410F-A321-F4608B713A48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-17] (Google Inc.) Task: {665FF05E-944E-4C14-A369-F9AE78AC4CC6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd) Task: {80626AF3-0316-4138-9527-08AF6BEB9DD8} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP) Task: {92ADA15B-A840-465A-9849-37210D6B981D} - \OEM7 -> No File <==== ATTENTION Task: {9B58DB97-D1EA-497E-8EB8-59E464474DED} - System32\Tasks\Opera scheduled Autoupdate 1469518577 => C:\Program Files (x86)\Opera\launcher.exe Task: {A8A87492-F5BE-4790-98F2-856C0953A5D6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {ABB58586-34D5-4C3A-852B-25B16B3B3B42} - System32\Tasks\Bing Powered Search moses => Wscript.exe "C:\ProgramData\{C2DA07B9-4898-8D7F-CE5E-133D541C98F3}\como.txt" "687474703a2f2f79786870612e636f6d" "433a5c50726f6772616d446174615c7b43324441303742392d343839382d384437462d434535452d3133334435343143393846337d5c6c696465736f" "433a5c50726f6772616d446174615c7b43324441303742392d343839382d384437462d434535 (the data entry has 78 more characters). Task: {AE700510-F5C6-46EF-B944-63233EFA6A21} - \OEM7Server -> No File <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Bing Powered Search moses.job => Wscript.exe C:\ProgramData\{C2DA07B9-4898-8D7F-CE5E-133D541C98F3}\como.txt <==== ATTENTION Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Gaming\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-08-10 01:17 - 2016-08-10 01:17 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll 2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe 2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe 2016-05-17 14:07 - 2016-07-18 14:39 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll 2016-05-17 21:34 - 2016-08-08 17:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-05-17 21:34 - 2015-07-01 16:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-05-17 21:34 - 2015-07-01 16:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-05-17 21:34 - 2015-07-01 16:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-05-17 21:34 - 2016-08-16 14:54 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll 2016-05-17 21:34 - 2016-01-27 01:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-05-17 21:34 - 2016-01-27 01:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-05-17 21:34 - 2016-01-27 01:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-05-17 21:34 - 2016-01-27 01:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-05-17 21:34 - 2016-01-27 01:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-05-17 21:34 - 2016-08-16 14:54 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-05-17 21:34 - 2016-07-04 16:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll 2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll 2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll 2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll 2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll 2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll 2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll 2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll 2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll 2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll 2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll 2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll 2016-05-17 21:34 - 2016-08-04 14:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2016-08-08 14:04 - 2016-08-02 18:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-08 14:04 - 2016-08-02 18:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2016-08-07 22:44 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3243600020-3937093381-359131250-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.254 - 75.153.171.122 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{392513F7-93A1-4C08-8694-BBCA36975D44}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{A14B6E27-F828-4182-A6E3-15B051541859}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{82F5DC07-1131-49B9-AD42-093F634FE946}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{420E8EE4-4391-4CC2-ACDF-66F796779C4E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{7C525D81-2B3B-41D1-9DB7-53D0C46FAE8C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{85F1C9D2-8239-46C8-9EF9-10FEED51E4B8}] => (Allow) LPort=2869 FirewallRules: [{004BEA11-9314-4F75-BA3D-55F4FFFB6700}] => (Allow) LPort=1900 FirewallRules: [{4824C2EE-E415-4446-B8B3-77D88224D291}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{73D5C34B-C7B2-4E8C-A87D-B2B9DC988619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [TCP Query User{85DBB1EA-F997-4A53-8872-A8C464403498}C:\users\gaming\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gaming\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{9F96D9E1-883E-4A41-8C48-7863D4272140}C:\users\gaming\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gaming\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{825805E9-05AC-4AFE-8A6E-92084F8644CB}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe FirewallRules: [{21F53D7C-D240-4454-8167-54AF234EA284}] => (Allow) LPort=5357 FirewallRules: [{691A65DE-FF1E-4070-89CF-FDAA36296F6C}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{0ED9A8BE-485B-494B-B88C-2ED66674D330}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{42FA3311-B431-493E-8145-7F911C71CB82}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{A81583BF-429C-424F-AEE3-4D3EBE497E6E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{BEB34F07-7490-4D3B-AAA3-EAB4E7E849A2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{D41CCE6F-664D-49E0-87B1-090E3918F4C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{5629B1CE-0E18-46E1-80E6-A96290D77CBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{74F7A2FD-8606-4E34-A101-B16D8988B4C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{CBFAC721-1D95-4201-B54D-DCCE4D012DC4}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe FirewallRules: [{D15D7C9D-05A2-4511-A85B-BF9E5A90437B}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe FirewallRules: [{EDC85100-21D5-445E-8679-6286F7772A50}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe FirewallRules: [{30F02A08-DFBC-430A-B87A-645FF26B5C52}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe ==================== Restore Points ========================= 17-08-2016 15:23:34 Installed DirectX 17-08-2016 20:35:41 Windows Update 17-08-2016 22:29:57 Windows Update 19-08-2016 00:16:36 JRT Pre-Junkware Removal 19-08-2016 00:29:05 Removed Bonjour 19-08-2016 00:31:13 Removed Apple Mobile Device Support 19-08-2016 00:32:21 Removed Apple Software Update 19-08-2016 01:54:38 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/19/2016 01:57:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2016 01:56:07 AM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (08/19/2016 01:29:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2016 01:28:44 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/19/2016 01:27:39 AM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (08/19/2016 01:12:26 AM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (08/19/2016 01:12:05 AM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (08/19/2016 01:11:00 AM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (08/19/2016 01:09:34 AM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error Error: (08/19/2016 01:09:26 AM) (Source: ATIeRecord) (EventID: 16387) (User: ) Description: ATI EEU Service event error System errors: ============= Error: (08/19/2016 04:42:46 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (08/19/2016 04:37:36 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (08/19/2016 04:32:26 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (08/19/2016 04:27:16 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (08/19/2016 04:22:06 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (08/19/2016 04:16:56 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (08/19/2016 04:11:46 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (08/19/2016 04:06:36 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (08/19/2016 04:01:25 AM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.75. The computer with the IP address 192.168.1.70 did not allow the name to be claimed by this computer. Error: (08/19/2016 04:01:25 AM) (Source: BROWSER) (EventID: 8019) (User: ) Description: The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer. ==================== Memory info =========================== Processor: AMD FX(tm)-8120 Eight-Core Processor Percentage of memory in use: 47% Total physical RAM: 8112.41 MB Available physical RAM: 4297.8 MB Total Virtual: 16223 MB Available Virtual: 11473.36 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:111.69 GB) (Free:25.07 GB) NTFS Drive d: () (Fixed) (Total:363 GB) (Free:362.9 GB) NTFS Drive e: () (Fixed) (Total:500 GB) (Free:499.9 GB) NTFS Drive f: () (Fixed) (Total:1000.01 GB) (Free:999.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7F984F8C) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1863 GB) (Disk ID: 7F984F83) Partition 1: (Not Active) - (Size=363 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=500 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1000 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted August 19, 2016 ID:1057351 Share Posted August 19, 2016 Quote Just restarted my pc and the hao thing is not on my browser anymore. Ill msg you again if i saw it again. Thanks for ur help! Appreciated much! Do you no longer need assistance..? Link to post Share on other sites More sharing options...
GerardGuce Posted August 19, 2016 Author ID:1057358 Share Posted August 19, 2016 Sorry about that, after a couple of hours, the Hao123 went back again. Link to post Share on other sites More sharing options...
kevinf80 Posted August 19, 2016 ID:1057360 Share Posted August 19, 2016 Chrome is flagged as your default browser, is that the only browser affected? Link to post Share on other sites More sharing options...
GerardGuce Posted August 19, 2016 Author ID:1057361 Share Posted August 19, 2016 Chrome and Internet Explorer. Link to post Share on other sites More sharing options...
kevinf80 Posted August 19, 2016 ID:1057363 Share Posted August 19, 2016 Go to this link: https://support.microsoft.com/en-gb/kb/923737 follow the instructions and reset IE to default settings... Next, For Chrome lets go fo clean reinstall: If your Chrome Bookmarks are important do this first: Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks..... Continue for a clean install: Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway... Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!! Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata) For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en Let me know if that helps with either browser... Link to post Share on other sites More sharing options...
GerardGuce Posted August 19, 2016 Author ID:1057364 Share Posted August 19, 2016 Thank you again! appreciated.But, right now i dont see it on my browser. Ill let you know immediately if see it again. Link to post Share on other sites More sharing options...
kevinf80 Posted August 19, 2016 ID:1057366 Share Posted August 19, 2016 What was done to remove it? I see you Have Zemana installed, have you used that... Link to post Share on other sites More sharing options...
GerardGuce Posted August 19, 2016 Author ID:1057370 Share Posted August 19, 2016 I followed your instructions first and tried the Zemana trial and it automatically detects the Hao thing but it does not help to completely remove the thing. Right now, i dont see it on my browser after i installed a new chrome. hopefully my browser is safe now.. Link to post Share on other sites More sharing options...
kevinf80 Posted August 19, 2016 ID:1057371 Share Posted August 19, 2016 Ok let me know if the issue returns... If not we will need to clean up, remove tools etc.. Zemana Premium version is available with 400 day licence at the following link: https://malwaretips.com/threads/zemana-antimalware-premium.62566/ Link to post Share on other sites More sharing options...
GerardGuce Posted August 19, 2016 Author ID:1057372 Share Posted August 19, 2016 wow thanks for that! Ill let you know sir. Thanks! Link to post Share on other sites More sharing options...
kevinf80 Posted August 19, 2016 ID:1057373 Share Posted August 19, 2016 Thanks for the update, just be aware that Zemana is antimalware and does not give antivirus protection. I did not see any AV installed on your system... Link to post Share on other sites More sharing options...
GerardGuce Posted August 20, 2016 Author ID:1057398 Share Posted August 20, 2016 so ya, its still there man. Link to post Share on other sites More sharing options...
kevinf80 Posted August 20, 2016 ID:1057428 Share Posted August 20, 2016 Yes can be a bit of a pain to shift, Open Zemana, change the scan type to "Deep scan" run that and post its log... Next, Please download Junkware Removal Tool to your desktop. Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Let me see those logs... Thank s, Kevin Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted September 6, 2016 Root Admin ID:1060379 Share Posted September 6, 2016 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts