Hao123

[GerardGuce]

I cant get rid of Hao123 infecting my browser. Tried using JRT, Adwarecleaner but after restarting my pc the virus is on my browser again. Help

Windows 7 64

[kevinf80]

Hello GerardGuce and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Change the download folder setting for your Default Browser so all tools we may use are saved to the Desktop: Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK. Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu. Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen. NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop. Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties" In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK" Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location..... Next, Follow the instructions in the following link to show hidden files: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Next, Download RKill from here: http://www.bleepingcomputer.com/download/rkill/ There are three buttons to choose from with different names on, select the first one and save it to your desktop.   Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7/8/10, right-click on it and Run As Administrator. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply. If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time. If the tool does not run from any of the links provided, please let me know. Next, Please open Malwarebytes Anti-Malware.   On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete Apply Actions to any found entries. Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. After the restart once you are back at your desktop, open MBAM once more. To get the log from Malwarebytes do the following:   Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… If Malwarebytes is not installed follow these instructions first: Download Malwarebytes Anti-Malware to your desktop. Double-click mbam-setup and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish. Follow the instructions above.... Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach those logs to your reply. Let me see those logs in your reply... Thank you, Kevin...

[GerardGuce]

Just restarted my pc and the hao thing is not on my browser anymore. Ill msg you again if i saw it again. Thanks for ur help! Appreciated much!

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/19/2016 04:35:24 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * TBS [Missing Service]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 08/19/2016 04:35:38 AM
Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
 

______________________________________________________________

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/19/2016
Scan Time: 4:37 AM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.19.04
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Gaming

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 286224
Time Elapsed: 7 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

-------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by Gaming (administrator) on GAMING-PC (19-08-2016 04:46:41)
Running from C:\Users\Gaming\Downloads
Loaded Profiles: Gaming (Available Profiles: Gaming)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-10-30] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6626696 2016-07-18] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKU\S-1-5-21-3243600020-3937093381-359131250-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-16] (Valve Corporation)
HKU\S-1-5-21-3243600020-3937093381-359131250-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-3243600020-3937093381-359131250-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd)
HKU\S-1-5-21-3243600020-3937093381-359131250-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
Startup: C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-08-10]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{0DE98107-1D0A-40B8-8FB4-E24CC83951A0}: [DhcpNameServer] 192.168.1.254 75.153.171.122

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a0650887
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a0650887
HKU\S-1-5-21-3243600020-3937093381-359131250-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-a0650887
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3243600020-3937093381-359131250-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3243600020-3937093381-359131250-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-a0650887&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3243600020-3937093381-359131250-1001: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [No File]

Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://google.com/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.ca/?gfe_rd=cr&ei=3ICYV7KPNdHe8AeYiITIDQ&gws_rd=ssl","hxxps://support.google.com/chrome/answer/95314?hl=en"
CHR Session Restore: Profile 1 -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\WidevineCdm\1.4.8.903\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Default
CHR Profile: C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (AdBlock) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-10]
CHR Extension: (Notifier for Twitter) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn [2016-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-09]
CHR Extension: (Chrome Media Router) - C:\Users\Gaming\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13924080 2016-08-11] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] ()
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2506384 2015-08-12] (MediaTek Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-08-16] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-08-16] (Zemana Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 04:35 - 2016-08-19 04:35 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Gaming\Desktop\rkill.exe
2016-08-19 04:35 - 2016-08-19 04:35 - 00002042 _____ C:\Users\Gaming\Desktop\Rkill.txt
2016-08-19 01:54 - 2016-08-19 01:54 - 30659457 _____ C:\Users\Gaming\Downloads\Windows6.1-KB3172605-x64.msu
2016-08-19 01:54 - 2016-06-10 12:51 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-19 01:54 - 2016-06-10 12:51 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-19 01:54 - 2016-06-10 12:46 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-19 01:54 - 2016-06-10 12:46 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-19 01:54 - 2016-06-10 09:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-19 01:54 - 2016-06-10 09:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-19 01:54 - 2016-06-10 08:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-19 01:54 - 2016-06-10 08:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-19 01:54 - 2016-06-10 08:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-19 01:54 - 2016-06-10 08:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-19 01:54 - 2016-06-10 08:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-19 01:54 - 2016-06-10 08:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-19 01:54 - 2016-06-06 10:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-08-19 01:54 - 2016-06-06 10:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-08-19 01:54 - 2016-06-06 10:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-08-19 01:54 - 2016-06-06 10:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-08-19 01:54 - 2016-06-06 09:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-08-19 01:54 - 2016-06-06 09:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-08-19 01:54 - 2016-06-06 09:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-08-19 01:54 - 2016-06-06 09:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-08-19 01:54 - 2016-05-16 17:22 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-08-19 01:54 - 2016-05-16 17:19 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-19 01:54 - 2016-05-16 17:19 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-08-19 01:54 - 2016-05-16 17:18 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-08-19 01:54 - 2016-05-16 17:18 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-08-19 01:54 - 2016-05-16 17:17 - 01732888 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-08-19 01:54 - 2016-05-16 17:16 - 01314136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 17:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 15:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-08-19 01:54 - 2016-05-16 15:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-08-19 01:54 - 2016-05-16 15:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-08-19 01:54 - 2016-05-16 15:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-08-19 01:54 - 2016-05-16 15:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-08-19 01:54 - 2016-05-16 15:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-08-19 01:54 - 2016-05-16 15:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-08-19 01:54 - 2016-05-16 15:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-08-19 01:54 - 2016-05-16 15:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-08-19 01:54 - 2016-05-16 15:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-08-19 01:54 - 2016-05-16 15:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 15:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 15:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-19 01:54 - 2016-05-16 15:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-19 01:54 - 2016-05-13 16:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-08-19 01:54 - 2016-05-13 16:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-08-19 01:54 - 2016-05-13 16:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-08-19 01:54 - 2016-05-13 16:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-08-19 01:54 - 2016-05-13 15:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-19 01:54 - 2016-05-13 15:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-19 01:54 - 2016-05-13 15:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-08-19 01:54 - 2016-05-13 15:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-19 01:54 - 2016-05-13 15:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-08-19 01:54 - 2016-05-13 15:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-08-19 01:54 - 2016-05-13 15:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-08-19 01:54 - 2016-05-13 15:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-08-19 01:54 - 2016-05-13 15:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-19 01:54 - 2016-05-13 15:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-08-19 01:54 - 2016-05-13 15:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-08-19 01:54 - 2016-05-13 15:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-08-19 01:54 - 2016-05-12 11:14 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-08-19 01:54 - 2016-05-12 11:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-08-19 01:54 - 2016-05-12 09:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-08-19 01:54 - 2016-05-12 09:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-08-19 01:54 - 2016-05-12 09:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-08-19 01:54 - 2016-05-04 11:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-08-19 01:54 - 2016-05-04 11:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-08-19 01:54 - 2016-05-04 11:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-08-19 01:54 - 2016-05-04 11:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-08-19 01:54 - 2016-05-04 11:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-08-19 01:54 - 2016-05-04 11:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-08-19 01:54 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-08-19 01:54 - 2016-05-04 11:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-08-19 01:54 - 2016-05-04 11:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-08-19 01:54 - 2016-05-04 11:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-08-19 01:54 - 2016-05-04 09:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-08-19 01:54 - 2016-05-04 08:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-08-19 01:51 - 2016-08-19 01:51 - 03319424 _____ C:\Users\Gaming\Downloads\Windows6.1-KB3138612-x64.msu
2016-08-19 01:48 - 2016-08-19 01:48 - 03328910 _____ C:\Users\Gaming\Downloads\Windows6.1-KB3102810-x64.msu
2016-08-19 01:39 - 2016-08-19 01:39 - 00000000 ____D C:\Users\Gaming\Doctor Web
2016-08-19 01:35 - 2016-08-19 01:38 - 140711960 _____ C:\Users\Gaming\Downloads\c9x60q94.exe
2016-08-19 01:32 - 2016-08-19 01:32 - 00025987 _____ C:\Users\Gaming\Downloads\Addition.txt
2016-08-19 01:31 - 2016-08-19 04:46 - 00012455 _____ C:\Users\Gaming\Downloads\FRST.txt
2016-08-19 01:31 - 2016-08-19 04:46 - 00000000 ____D C:\FRST
2016-08-19 01:31 - 2016-08-19 01:31 - 02394624 _____ (Farbar) C:\Users\Gaming\Downloads\FRST64.exe
2016-08-19 01:30 - 2016-08-19 01:30 - 03784256 _____ C:\Users\Gaming\Downloads\AdwCleaner (1).exe
2016-08-19 01:27 - 2016-08-19 01:27 - 03784256 _____ C:\Users\Gaming\Downloads\AdwCleaner.exe
2016-08-19 00:35 - 2016-08-19 01:16 - 00000000 ____D C:\Users\Gaming\Desktop\mbar
2016-08-19 00:35 - 2016-08-19 01:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-08-19 00:35 - 2016-08-19 00:35 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Gaming\Downloads\mbar-1.09.3.1001.exe
2016-08-19 00:29 - 2016-08-19 00:29 - 00000000 ____D C:\Windows\system32\appmgmt
2016-08-19 00:18 - 2016-08-19 00:18 - 00001134 _____ C:\Users\Gaming\Documents\Documents - Shortcut.lnk
2016-08-19 00:17 - 2016-08-19 00:17 - 00016096 _____ C:\Users\Gaming\Desktop\JRT.txt
2016-08-17 21:47 - 2016-08-17 21:47 - 00000000 ____D C:\6f55bc171c79d6e9777702e448941e6d
2016-08-17 21:46 - 2016-08-17 21:46 - 00000041 _____ C:\Windows\woubak-pwrscheme-temp.txt
2016-08-17 21:46 - 2016-08-17 21:46 - 00000041 _____ C:\Windows\woubak-pwrscheme-act.txt
2016-08-17 20:49 - 2016-08-17 20:49 - 00000000 ____D C:\Users\Gaming\Downloads\wsusoffline1073
2016-08-17 20:16 - 2016-08-17 20:16 - 00000000 ____D C:\02a77689c1d6e768f0b936
2016-08-17 19:34 - 2016-08-17 19:34 - 00000000 ___HD C:\$Windows.~WS
2016-08-17 19:26 - 2016-08-19 04:26 - 00000980 _____ C:\Windows\Tasks\Bing Powered Search moses.job
2016-08-17 19:26 - 2016-08-18 14:26 - 00000000 ____D C:\ProgramData\{C2DA07B9-4898-8D7F-CE5E-133D541C98F3}
2016-08-17 19:26 - 2016-08-17 19:27 - 00000000 ____D C:\Users\Gaming\AppData\Local\{8ACABC96-AE62-D02E-C3FA-F5C6E792095E}
2016-08-17 19:26 - 2016-08-17 19:27 - 00000000 ____D C:\Users\Gaming\AppData\Local\{8A97BC2C-AFC5-D15A-C4F3-F68818210BB6}
2016-08-17 19:26 - 2016-08-17 19:26 - 00004012 _____ C:\Windows\System32\Tasks\Bing Powered Search moses
2016-08-17 19:26 - 2016-08-17 19:26 - 00000344 __RSH C:\ProgramData\ntuser.pol
2016-08-17 19:26 - 2016-08-17 19:26 - 00000000 ____D C:\Users\Gaming\AppData\Local\sone
2016-08-17 19:12 - 2016-08-17 19:48 - 00000000 ____D C:\Program Files (x86)\Belarc
2016-08-17 18:50 - 2016-08-17 18:50 - 00000000 ___HD C:\$GetCurrent
2016-08-17 18:33 - 2016-08-19 00:19 - 00000000 ____D C:\Users\Gaming\Desktop\Antivirus
2016-08-17 18:33 - 2016-08-17 18:33 - 00000000 ____D C:\Users\Gaming\Desktop\Stream
2016-08-17 18:32 - 2016-08-17 18:32 - 00000000 ____D C:\Users\Gaming\Desktop\Printer
2016-08-17 11:09 - 2016-08-17 11:09 - 00000219 _____ C:\Users\Gaming\Desktop\Counter-Strike Global Offensive.url
2016-08-16 13:33 - 2016-08-16 13:33 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-08-16 01:06 - 2016-08-16 01:06 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-08-16 01:06 - 2016-08-16 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-08-16 01:05 - 2016-08-16 01:05 - 00000000 ____D C:\Users\Gaming\Downloads\[www.gigapurbalingga.com]_ZemAM2212465
2016-08-11 02:51 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-08-11 02:51 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-08-11 02:50 - 2016-04-08 22:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-08-11 02:50 - 2016-04-08 21:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-08-11 02:50 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-08-11 02:50 - 2015-02-03 21:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2016-08-11 02:50 - 2015-02-03 20:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2016-08-10 20:38 - 2016-08-19 01:56 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-08-10 20:38 - 2016-08-10 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2016-08-10 12:39 - 2016-08-10 12:39 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 12:39 - 2016-08-10 12:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 12:39 - 2016-08-10 12:39 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 12:39 - 2016-08-10 12:39 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 12:39 - 2016-08-10 12:39 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2016-08-10 12:39 - 2016-08-10 12:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2016-08-10 12:39 - 2016-08-10 12:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 12:39 - 2016-08-10 12:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 12:39 - 2016-08-10 12:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-08-10 12:39 - 2016-08-10 12:39 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-08-10 12:39 - 2016-08-10 12:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2016-08-10 12:39 - 2016-08-10 12:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2016-08-10 12:39 - 2016-08-10 12:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 12:38 - 2016-08-10 12:38 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-08-10 12:38 - 2016-08-10 12:38 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-08-10 12:36 - 2016-08-10 12:36 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2016-08-10 12:31 - 2016-08-10 12:34 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 12:31 - 2016-08-10 12:31 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-10 01:15 - 2016-08-17 19:55 - 00000000 ____D C:\Program Files\CCleaner
2016-08-10 01:15 - 2016-08-10 01:23 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-10 01:15 - 2016-08-10 01:15 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-08-10 01:15 - 2016-08-10 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-08-07 22:37 - 2016-08-19 04:46 - 00236637 _____ C:\Windows\ZAM.krnl.trace
2016-08-07 22:37 - 2016-08-19 04:46 - 00039121 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-08-07 22:36 - 2016-08-16 13:33 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-08-07 22:36 - 2016-08-07 22:36 - 00000000 ____D C:\Users\Gaming\AppData\Local\Zemana
2016-08-06 18:49 - 2016-08-07 04:36 - 00000000 ____D C:\Users\Gaming\Desktop\nhhbnn
2016-08-06 00:19 - 2016-08-06 00:19 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-08-04 20:35 - 2016-08-04 21:25 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\obs-studio
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-08-04 20:35 - 2016-08-04 20:35 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-08-04 20:23 - 2016-08-04 20:23 - 00001065 _____ C:\Users\Public\Desktop\Logitech Vid.lnk
2016-08-04 20:23 - 2016-08-04 20:23 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Leadertech
2016-08-04 20:23 - 2016-08-04 20:23 - 00000000 ____D C:\Users\Gaming\AppData\Local\LogiShrd
2016-08-04 20:23 - 2016-08-04 20:23 - 00000000 ____D C:\Program Files (x86)\Logitech
2016-08-04 20:21 - 2009-04-30 17:02 - 00764952 _____ (Logitech Inc.) C:\Windows\system32\LVUI64.dll
2016-08-04 20:21 - 2009-04-30 17:02 - 00559640 _____ (Logitech Inc.) C:\Windows\system32\LVUIRC64.dll
2016-08-04 20:21 - 2009-04-30 17:02 - 00539160 _____ (Logitech Inc.) C:\Windows\SysWOW64\LVUI2RC.dll
2016-08-04 20:21 - 2009-04-30 17:02 - 00539160 _____ (Logitech Inc.) C:\Windows\SysWOW64\LVUI2.dll
2016-08-04 20:21 - 2009-04-30 17:01 - 00327576 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lvrs64.sys
2016-08-04 20:21 - 2009-04-30 16:57 - 00416280 _____ (Logitech Inc.) C:\Windows\SysWOW64\lvcodec2.dll
2016-08-04 20:21 - 2009-04-30 16:57 - 00398360 _____ (Logitech Inc.) C:\Windows\system32\lvcod64.dll
2016-08-04 20:21 - 2009-04-30 16:57 - 00266776 _____ (Logitech Inc.) C:\Windows\system32\lvco1201278.dll
2016-08-04 20:21 - 2009-04-30 16:55 - 02755096 _____ (Logitech Inc.) C:\Windows\system32\Drivers\LV302V64.SYS
2016-08-04 20:21 - 2009-04-30 16:55 - 00015896 _____ (Logitech Inc.) C:\Windows\system32\Drivers\lv302a64.sys
2016-08-04 20:21 - 2009-04-30 16:39 - 00082289 _____ C:\Windows\system32\lvcoin64.ini
2016-08-04 20:21 - 2009-04-30 16:39 - 00034068 _____ C:\Windows\system32\Repository.reg
2016-08-04 20:20 - 2016-08-06 18:44 - 00000000 ____D C:\ProgramData\LogiShrd
2016-08-04 20:20 - 2016-08-04 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-08-04 20:20 - 2016-08-04 20:21 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2016-08-04 20:20 - 2016-08-04 20:20 - 00000000 ____D C:\Program Files\Logitech
2016-08-04 17:55 - 2016-08-04 17:55 - 00148008 _____ C:\Users\Gaming\Documents\yea.xps
2016-08-03 21:36 - 2016-08-03 21:36 - 00000000 ____D C:\Users\Gaming\Documents\My Received Files
2016-08-02 02:21 - 2016-08-02 02:21 - 00000836 _____ C:\Windows\system32\.crusader
2016-08-02 02:18 - 2016-08-02 02:21 - 00000000 ____D C:\ProgramData\HitmanPro
2016-08-02 01:47 - 2016-08-19 01:28 - 00000000 ____D C:\AdwCleaner
2016-08-01 01:35 - 2016-08-10 13:06 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Adobe
2016-08-01 01:35 - 2016-08-01 01:35 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-08-01 01:35 - 2016-08-01 01:35 - 00000000 ____D C:\Users\Gaming\AppData\LocalLow\Adobe
2016-08-01 01:34 - 2016-08-04 16:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-08-01 01:34 - 2016-08-01 01:34 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-08-01 01:34 - 2016-08-01 01:34 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-01 01:33 - 2016-08-01 01:39 - 00000000 ____D C:\ProgramData\Adobe
2016-08-01 01:31 - 2016-08-01 01:35 - 00000000 ____D C:\Users\Gaming\AppData\Local\Adobe
2016-08-01 00:43 - 2016-08-08 13:44 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\HpUpdate
2016-08-01 00:43 - 2016-08-01 00:43 - 00003594 _____ C:\Windows\System32\Tasks\HPCustParticipation HP DeskJet 3630 series
2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\ProgramData\Visan
2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\ProgramData\HP Photo Creations
2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\ProgramData\HP
2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\Program Files\HP
2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\Program Files (x86)\HP
2016-08-01 00:43 - 2016-08-01 00:43 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-08-01 00:43 - 2015-04-09 02:32 - 00803848 ____N (Hewlett-Packard Development Company, LP) C:\Windows\system32\HPDiscoPME311.dll
2016-08-01 00:42 - 2016-08-01 00:45 - 00000000 ____D C:\Users\Gaming\AppData\Local\HP
2016-08-01 00:42 - 2016-08-01 00:42 - 00000057 _____ C:\ProgramData\Ament.ini
2016-07-30 21:17 - 2012-07-25 21:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2016-07-30 21:17 - 2012-07-25 21:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2016-07-30 21:17 - 2012-07-25 21:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-07-30 21:17 - 2012-07-25 21:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2016-07-30 21:17 - 2012-07-25 21:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2016-07-30 21:17 - 2012-07-25 20:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2016-07-30 21:17 - 2012-07-25 20:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2016-07-30 21:17 - 2012-06-02 08:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2016-07-27 04:01 - 2016-07-30 11:36 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2016-07-27 03:45 - 2016-07-27 03:45 - 00000000 _____ C:\autoexec.bat
2016-07-27 00:48 - 2016-08-19 01:09 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-07-27 00:48 - 2016-08-02 21:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-07-27 00:48 - 2016-08-02 17:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-07-27 00:04 - 2016-07-27 00:04 - 00000000 ____D C:\Users\Gaming\AppData\Local\A
2016-07-26 18:01 - 2016-07-27 00:25 - 00000000 __SHD C:\Users\Gaming\wc
2016-07-26 18:01 - 2016-07-26 18:01 - 00000000 __SHD C:\Users\Gaming\AppData\Local\ms-drivers
2016-07-26 18:01 - 2016-07-26 18:01 - 00000000 __SHD C:\Users\Gaming\AppData\Local\icsxml
2016-07-26 18:01 - 2016-07-26 18:01 - 00000000 ____D C:\Users\Gaming\AppData\Local\ns0
2016-07-26 18:00 - 2016-07-26 18:00 - 00000000 ____D C:\Users\Gaming\Downloads\New Folder
2016-07-26 17:59 - 2016-07-26 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-07-26 17:59 - 2016-07-26 17:59 - 00000000 ____D C:\Program Files\7-Zip
2016-07-26 01:44 - 2016-08-17 18:32 - 00000000 ____D C:\Users\Gaming\Desktop\BOTS
2016-07-26 01:36 - 2016-08-05 16:52 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Opera Software
2016-07-26 01:36 - 2016-08-05 16:07 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1469518577
2016-07-26 01:36 - 2016-07-26 01:36 - 00000000 ____D C:\Users\Gaming\AppData\Local\Opera Software
2016-07-26 01:35 - 2016-08-05 16:54 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-26 00:40 - 2016-07-26 00:40 - 00000000 ____D C:\Users\Gaming\AppData\LocalLow\uTorrent
2016-07-26 00:39 - 2016-07-27 00:45 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\uTorrent
2016-07-22 18:15 - 2016-07-22 18:16 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Apple Computer
2016-07-22 18:15 - 2016-07-22 18:15 - 00000000 ____D C:\Users\Gaming\AppData\Local\Apple Computer
2016-07-22 18:14 - 2016-07-22 18:14 - 00000000 ____D C:\ProgramData\Apple Computer
2016-07-22 18:13 - 2016-08-19 00:31 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-07-22 18:13 - 2016-07-22 18:13 - 00000000 ____D C:\Users\Gaming\AppData\Local\Apple
2016-07-22 18:12 - 2016-07-22 18:13 - 00000000 ____D C:\ProgramData\Apple
2016-07-20 19:09 - 2016-08-01 21:14 - 00000000 ____D C:\Users\Gaming\Downloads\PopcornTime
2016-07-20 19:09 - 2016-07-20 19:09 - 00000000 ____D C:\Users\Gaming\AppData\Local\PopcornTimeDesktop

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-19 04:37 - 2016-05-17 21:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-19 04:00 - 2016-05-17 21:16 - 00000552 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-19 03:24 - 2016-05-17 21:30 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-19 02:27 - 2009-07-13 22:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-19 02:27 - 2009-07-13 22:45 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-19 02:02 - 2009-07-13 23:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-19 02:02 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-08-19 01:58 - 2016-05-17 13:54 - 00000000 ____D C:\Users\Gaming
2016-08-19 01:57 - 2016-05-17 21:16 - 00000548 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-19 01:57 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-19 00:35 - 2016-05-17 21:26 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-19 00:26 - 2016-06-04 17:44 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-08-19 00:18 - 2016-05-17 21:18 - 00001160 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-19 00:18 - 2016-05-17 21:18 - 00001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-19 00:18 - 2016-05-17 13:54 - 00000282 _____ C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-08-17 20:45 - 2016-06-04 13:40 - 00000000 ____D C:\Users\Gaming\AppData\Local\ElevatedDiagnostics
2016-08-17 19:47 - 2016-05-16 15:48 - 00000000 ____D C:\Windows\Panther
2016-08-17 19:26 - 2009-07-13 21:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-08-17 19:26 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-08-17 18:38 - 2016-06-16 00:04 - 00000000 ____D C:\Users\Gaming\AppData\Local\Windows Live
2016-08-17 11:09 - 2016-05-17 21:37 - 00000000 ____D C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-10 20:56 - 2016-06-04 17:50 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2016-08-10 20:32 - 2016-06-04 17:35 - 00000000 ____D C:\AMD
2016-08-10 20:32 - 2016-05-17 14:11 - 00000000 ____D C:\Program Files\AMD
2016-08-10 13:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-08-09 13:02 - 2016-05-17 21:30 - 00000963 _____ C:\Users\Public\Desktop\Steam.lnk
2016-08-09 01:16 - 2009-07-13 23:08 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-05 16:01 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-08-04 23:04 - 2009-07-13 22:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-02 17:35 - 2009-07-13 22:45 - 00271136 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-02 03:41 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-08-02 03:41 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-08-01 00:52 - 2016-05-17 13:57 - 00058696 _____ C:\Users\Gaming\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-30 21:18 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing
2016-07-30 12:35 - 2009-07-13 23:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-07-28 17:55 - 2016-05-17 21:16 - 00003548 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 17:55 - 2016-05-17 21:16 - 00003296 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 00:46 - 2016-05-17 21:18 - 00000000 ____D C:\Users\Gaming\AppData\Local\Google
2016-07-26 14:24 - 2010-11-20 21:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-21 23:12 - 2016-05-17 14:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT

==================== Files in the root of some directories =======

2016-08-01 00:42 - 2016-08-01 00:42 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-05-17 14:01 - 2016-05-17 14:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Gaming\AppData\Local\Temp\HitmanPro.exe
C:\Users\Gaming\AppData\Local\Temp\libeay32.dll
C:\Users\Gaming\AppData\Local\Temp\msvcr120.dll
C:\Users\Gaming\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-19 02:20

==================== End of FRST.txt ============================

 

----------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by Gaming (19-08-2016 04:47:06)
Running from C:\Users\Gaming\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-05-17 19:54:34)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3243600020-3937093381-359131250-500 - Administrator - Disabled)
Gaming (S-1-5-21-3243600020-3937093381-359131250-1001 - Administrator - Enabled) => C:\Users\Gaming
Guest (S-1-5-21-3243600020-3937093381-359131250-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3243600020-3937093381-359131250-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.28.1 - Asmedia Technology)
Bing Powered Search (HKLM-x32\...\BingPoweredSearch) (Version:  - )
Catalyst Control Center Next Localization BR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0718.1747.30147 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.20 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP DeskJet 3630 series Basic Device Software (HKLM\...\{82088106-8F3E-4C76-A919-607CB9BA02AE}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 3630 series Help (HKLM-x32\...\{5F074370-FEB0-4477-820F-A59DF28A933E}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.2 - OBS Project)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1050.0 - Passmark Software)
Product Improvement Study for HP DeskJet 3630 series (HKLM\...\{11AF0CB4-0708-4DDF-BB66-FC8CF90E3425}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.11.0 (HKLM\...\VulkanRT1.0.11.0) (Version: 1.0.11.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0-2) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.17.0 (Version: 1.0.17.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.21.465 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3106ABB5-4BF2-4DAE-916E-7D5F2DF92523} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-07-18] (Advanced Micro Devices, Inc.)
Task: {3DCE6C05-304F-4210-AB95-6768BEA31BC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-17] (Google Inc.)
Task: {5176EE3D-73CB-410F-A321-F4608B713A48} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-17] (Google Inc.)
Task: {665FF05E-944E-4C14-A369-F9AE78AC4CC6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-07-13] (Piriform Ltd)
Task: {80626AF3-0316-4138-9527-08AF6BEB9DD8} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {92ADA15B-A840-465A-9849-37210D6B981D} - \OEM7 -> No File <==== ATTENTION
Task: {9B58DB97-D1EA-497E-8EB8-59E464474DED} - System32\Tasks\Opera scheduled Autoupdate 1469518577 => C:\Program Files (x86)\Opera\launcher.exe
Task: {A8A87492-F5BE-4790-98F2-856C0953A5D6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {ABB58586-34D5-4C3A-852B-25B16B3B3B42} - System32\Tasks\Bing Powered Search moses => Wscript.exe "C:\ProgramData\{C2DA07B9-4898-8D7F-CE5E-133D541C98F3}\como.txt" "687474703a2f2f79786870612e636f6d" "433a5c50726f6772616d446174615c7b43324441303742392d343839382d384437462d434535452d3133334435343143393846337d5c6c696465736f" "433a5c50726f6772616d446174615c7b43324441303742392d343839382d384437462d434535 (the data entry has 78 more characters).
Task: {AE700510-F5C6-46EF-B944-63233EFA6A21} - \OEM7Server -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Bing Powered Search moses.job => Wscript.exe  C:\ProgramData\{C2DA07B9-4898-8D7F-CE5E-133D541C98F3}\como.txt <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Gaming\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-08-10 01:17 - 2016-08-10 01:17 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2016-05-17 14:07 - 2016-07-18 14:39 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2016-05-17 21:34 - 2016-08-08 17:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-05-17 21:34 - 2015-07-01 16:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-05-17 21:34 - 2015-07-01 16:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-05-17 21:34 - 2015-07-01 16:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-05-17 21:34 - 2016-08-16 14:54 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2016-05-17 21:34 - 2016-01-27 01:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-05-17 21:34 - 2016-01-27 01:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-05-17 21:34 - 2016-01-27 01:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-05-17 21:34 - 2016-01-27 01:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-05-17 21:34 - 2016-01-27 01:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-05-17 21:34 - 2016-08-16 14:54 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-05-17 21:34 - 2016-07-04 16:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2016-05-17 21:34 - 2016-08-04 14:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-08-08 14:04 - 2016-08-02 18:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 14:04 - 2016-08-02 18:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-08-07 22:44 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3243600020-3937093381-359131250-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gaming\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{392513F7-93A1-4C08-8694-BBCA36975D44}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A14B6E27-F828-4182-A6E3-15B051541859}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{82F5DC07-1131-49B9-AD42-093F634FE946}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{420E8EE4-4391-4CC2-ACDF-66F796779C4E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7C525D81-2B3B-41D1-9DB7-53D0C46FAE8C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{85F1C9D2-8239-46C8-9EF9-10FEED51E4B8}] => (Allow) LPort=2869
FirewallRules: [{004BEA11-9314-4F75-BA3D-55F4FFFB6700}] => (Allow) LPort=1900
FirewallRules: [{4824C2EE-E415-4446-B8B3-77D88224D291}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{73D5C34B-C7B2-4E8C-A87D-B2B9DC988619}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{85DBB1EA-F997-4A53-8872-A8C464403498}C:\users\gaming\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gaming\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{9F96D9E1-883E-4A41-8C48-7863D4272140}C:\users\gaming\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\gaming\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{825805E9-05AC-4AFE-8A6E-92084F8644CB}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe
FirewallRules: [{21F53D7C-D240-4454-8167-54AF234EA284}] => (Allow) LPort=5357
FirewallRules: [{691A65DE-FF1E-4070-89CF-FDAA36296F6C}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0ED9A8BE-485B-494B-B88C-2ED66674D330}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{42FA3311-B431-493E-8145-7F911C71CB82}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{A81583BF-429C-424F-AEE3-4D3EBE497E6E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{BEB34F07-7490-4D3B-AAA3-EAB4E7E849A2}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{D41CCE6F-664D-49E0-87B1-090E3918F4C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5629B1CE-0E18-46E1-80E6-A96290D77CBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{74F7A2FD-8606-4E34-A101-B16D8988B4C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CBFAC721-1D95-4201-B54D-DCCE4D012DC4}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{D15D7C9D-05A2-4511-A85B-BF9E5A90437B}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{EDC85100-21D5-445E-8679-6286F7772A50}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
FirewallRules: [{30F02A08-DFBC-430A-B87A-645FF26B5C52}] => (Allow) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe

==================== Restore Points =========================

17-08-2016 15:23:34 Installed DirectX
17-08-2016 20:35:41 Windows Update
17-08-2016 22:29:57 Windows Update
19-08-2016 00:16:36 JRT Pre-Junkware Removal
19-08-2016 00:29:05 Removed Bonjour
19-08-2016 00:31:13 Removed Apple Mobile Device Support
19-08-2016 00:32:21 Removed Apple Software Update
19-08-2016 01:54:38 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2016 01:57:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2016 01:56:07 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (08/19/2016 01:29:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2016 01:28:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2016 01:27:39 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (08/19/2016 01:12:26 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (08/19/2016 01:12:05 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (08/19/2016 01:11:00 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (08/19/2016 01:09:34 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (08/19/2016 01:09:26 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

System errors:
=============
Error: (08/19/2016 04:42:46 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.

Error: (08/19/2016 04:37:36 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.

Error: (08/19/2016 04:32:26 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.

Error: (08/19/2016 04:27:16 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.

Error: (08/19/2016 04:22:06 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.

Error: (08/19/2016 04:16:56 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.

Error: (08/19/2016 04:11:46 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.

Error: (08/19/2016 04:06:36 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.

Error: (08/19/2016 04:01:25 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.75.
The computer with the IP address 192.168.1.70 did not allow the name to be claimed by
this computer.

Error: (08/19/2016 04:01:25 AM) (Source: BROWSER) (EventID: 8019) (User: )
Description: The browser was unable to promote itself to master browser.  The browser will continue
to attempt to promote itself to the master browser, but will no longer log any events in the event log in Event Viewer.

==================== Memory info =========================== 

Processor: AMD FX(tm)-8120 Eight-Core Processor 
Percentage of memory in use: 47%
Total physical RAM: 8112.41 MB
Available physical RAM: 4297.8 MB
Total Virtual: 16223 MB
Available Virtual: 11473.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:25.07 GB) NTFS
Drive d: () (Fixed) (Total:363 GB) (Free:362.9 GB) NTFS
Drive e: () (Fixed) (Total:500 GB) (Free:499.9 GB) NTFS
Drive f: () (Fixed) (Total:1000.01 GB) (Free:999.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 7F984F8C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: 7F984F83)
Partition 1: (Not Active) - (Size=363 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=500 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1000 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

[kevinf80]

Quote

Just restarted my pc and the hao thing is not on my browser anymore. Ill msg you again if i saw it again. Thanks for ur help! Appreciated much!

Do you no longer need assistance..?

[GerardGuce]

Sorry about that, after a couple of hours, the Hao123 went back again.

[kevinf80]

Chrome is flagged as your default browser, is that the only browser affected?

[GerardGuce]

Chrome and Internet Explorer. 

[kevinf80]

Go to this link: https://support.microsoft.com/en-gb/kb/923737 follow the instructions and reset IE to default settings... Next, For Chrome lets go fo clean reinstall: If your Chrome Bookmarks are important do this first: Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks..... Continue for a clean install: Remove all synced data from Chrome go here: https://support.google.com/chrome/answer/6386691?hl=en-GB follow those instructions... It is essntial that any/all synced data is removed when the browser is hijacked or exploited in anyway... Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!! Navigate to C:\Users\Your user name\Appdata\Local from that folder delete the folder named Google (you will need to show hidden files/folders to see the folder Appdata) For XP that will be My Computer > C:\ Documents and Settings\Your User Name\Application Data\Roaming How to show hidden files and folders for windows: http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/ Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html Install Adblock Plus to Chrome: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb Install DrWeb Link Ant-virus Link Checker: https://chrome.google.com/webstore/detail/drweb-anti-virus-link-che/aleggpabliehgbeagmfhnodcijcmbonb?hl=en Let me know if that helps with either browser...

[GerardGuce]

Thank you again! appreciated.But, right now i dont see it on my browser. Ill let you know immediately if see it again.

[kevinf80]

What was done to remove it? I see you Have Zemana installed, have you used that...

 

[GerardGuce]

I followed your instructions first and tried the Zemana trial and it automatically detects the Hao thing but it does not help to completely remove the thing. Right now, i dont see it on my browser after i installed a new chrome. hopefully my browser is safe now..

[kevinf80]

Ok let me know if the issue returns... If not we will need to clean up, remove tools etc.. Zemana Premium version is available with 400 day licence at the following link:

https://malwaretips.com/threads/zemana-antimalware-premium.62566/

[GerardGuce]

wow thanks for that! Ill let you know sir. Thanks!

[kevinf80]

Thanks for the update, just be aware that Zemana is antimalware and does not give antivirus protection. I did not see any AV installed on your system...

[GerardGuce]

so ya,  its still there man. 

[kevinf80]

Yes can be a bit of a pain to shift, Open Zemana, change the scan type to "Deep scan" run that and post its log...

Next,

Please download Junkware Removal Tool to your desktop.   Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download AdwCleaner by Xplode onto your Desktop.   Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Let me see those logs... Thank s, Kevin

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!