Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware


  • This topic is locked This topic is locked
32 replies to this topic

#1 KiMO112

KiMO112

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 11 April 2015 - 11:47 AM

Hello, I need some help with this issue that I've been having for quite a while now and I would really appreciate it.
While I'm surfing on the internet i get redirected to ads. This is happening extremely often, no matter on what I click. I tried several anti-viruses, malware removal programs and rootkit removal programs and neither made this go away. This has been affecting the performance of my computer severly and it's extremely annoying.
I'll post some screenshots of the ads that I get below, any help will be highly appreciated!
http://gyazo.com/42c0fe51713dcbe20a6c45e04daa471f
http://gyazo.com/1016e2e0e40ac2fe948685a27dbbc17e



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:42 AM

Posted 11 April 2015 - 12:44 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 KiMO112

KiMO112
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 11 April 2015 - 04:25 PM

Thank you for answering!
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-04-2015
Ran by Alex (administrator) on ALEX-PC on 12-04-2015 00:26:25
Running from C:\Users\Alex\Desktop
Loaded Profiles: Alex (Available profiles: Alex)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) D:\Steam\Steam.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Farbar) C:\Users\Alex\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => E:\trf\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe [9566192 2015-03-10] ()
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1018056 2015-03-07] (Adobe Systems Incorporated)
HKU\S-1-5-21-3278407220-4277461161-628739332-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3278407220-4277461161-628739332-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd)
HKU\S-1-5-21-3278407220-4277461161-628739332-1000\...\MountPoints2: {b77c8c53-017d-11e2-9e8a-bc5ff432aa31} - H:\AutoRun.exe
HKU\S-1-5-21-3278407220-4277461161-628739332-1000\...\MountPoints2: {b77c8e48-017d-11e2-9e8a-bc5ff432aa31} - H:\AutoRun.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3278407220-4277461161-628739332-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3278407220-4277461161-628739332-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3278407220-4277461161-628739332-1000 -> 0FD320235AC24EF1A689A292DD0FAA48 URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3278407220-4277461161-628739332-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-09-24] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-09-24] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.6.1
Tcpip\..\Interfaces\{4290AAD6-610C-49C5-A660-D02922568795}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\auxskzcn.default
FF NewTab: about:blank
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-09] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll [2013-09-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-09-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-09] ()
FF Plugin-x32: @Bitdefender.com/PasswordManager;version=17.8 -> E:\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppluginrichmediaplayer.dll [2013-02-28] ()
FF Extension: Avira Browser Safety - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\auxskzcn.default\Extensions\abs@avira.com [2015-02-21]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\auxskzcn.default\Extensions\iobitascsurfingprotection@iobit.com [2015-04-02]
FF Extension: NoScript - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\auxskzcn.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-22]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF Extension: No Name - D:\Bitdefender\Bitdefender 2015\antispam32\bdwteff [Not Found]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.771\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\pepflashplayer32_17_0_0_134.dll No File
CHR Plugin: (PluginRichmediaplayer) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Deployment Toolkit 8.0.310.13) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 8 U31) - C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll ()
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]
CHR Extension: (YouTube) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (Bookmark Manager) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-07]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-04-11]
CHR Extension: (Gmail) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-01-16] (NVIDIA Corporation)
S4 HiPatchService; D:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-01-05] (Hi-Rez Studios) [File not signed]
S2 LavasoftAdAwareService11; E:\trf\Ad-Aware Antivirus\11.6.306.7947\AdAwareService.exe [720760 2015-03-10] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2724128 2015-01-16] (IObit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-01-16] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2099000 2013-10-30] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-10-30] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2013-10-30] (AVG)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-09-18] (DT Soft Ltd)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-03-22] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-02] (REALiX™)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 TuneUpUtilitiesDrv; No ImagePath
S3 WinRing0_1_2_0; No ImagePath
U4 BDVEDISK; system32\DRIVERS\bdvedisk.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 ESEADriver2; \??\C:\Users\Alex\AppData\Local\Temp\ESEADriver2.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
U3 kxldrpog; \??\C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 00:26 - 2015-04-12 00:26 - 00020704 _____ () C:\Users\Alex\Desktop\FRST.txt
2015-04-12 00:16 - 2015-04-12 00:15 - 02095616 _____ (Farbar) C:\Users\Alex\Desktop\FRST64 (1).exe
2015-04-12 00:15 - 2015-04-12 00:16 - 02095616 _____ (Farbar) C:\Users\Alex\Downloads\FRST64 (2).exe
2015-04-12 00:15 - 2015-04-12 00:15 - 02095616 _____ (Farbar) C:\Users\Alex\Downloads\FRST64 (1).exe
2015-04-12 00:12 - 2015-04-12 00:26 - 00000000 ____D () C:\FRST
2015-04-12 00:12 - 2015-04-12 00:12 - 00266551 _____ () C:\ProgramData\1428786532.bdinstall.bin
2015-04-12 00:09 - 2015-04-12 00:09 - 02095616 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2015-04-11 19:27 - 2015-04-11 19:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Alex\Downloads\HijackThis.exe
2015-04-11 19:25 - 2015-04-11 19:25 - 00000880 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-04-11 19:25 - 2015-04-11 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-04-11 19:23 - 2015-04-11 19:23 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Lavasoft
2015-04-11 19:22 - 2015-04-11 19:22 - 02057008 _____ () C:\Users\Alex\Downloads\Adaware_Installer.exe
2015-04-11 19:22 - 2015-04-11 19:22 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-04-11 19:16 - 2015-04-11 19:17 - 46148328 _____ () C:\Users\Alex\Downloads\spybot-2.4 (2).exe
2015-04-11 19:15 - 2015-04-11 19:16 - 46283688 _____ () C:\Users\Alex\Downloads\spybot-2.4 (1).exe
2015-04-11 19:13 - 2015-04-11 19:15 - 46054728 _____ (Safer-Networking Ltd. ) C:\Users\Alex\Downloads\spybot-2.4.exe
2015-04-11 19:13 - 2014-07-16 06:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-04-11 19:13 - 2014-07-16 05:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-04-11 19:04 - 2015-04-11 19:05 - 00380416 _____ () C:\Users\Alex\Downloads\8ugljmvg.exe
2015-04-11 19:04 - 2015-04-11 19:04 - 00184192 _____ () C:\Users\Alex\Downloads\qsinstaller.exe
2015-04-11 14:28 - 2015-04-11 14:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-11 14:27 - 2015-04-11 14:27 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Alex\Downloads\mbar-1.09.1.1004 (2).exe
2015-04-11 14:16 - 2015-04-11 14:17 - 116640000 _____ (Sophos Limited) C:\Users\Alex\Downloads\Sophos Virus Removal Tool (1).exe
2015-04-11 14:16 - 2015-04-11 14:16 - 04194304 _____ (Sophos Limited) C:\Users\Alex\Downloads\Sophos Virus Removal Tool.exe
2015-04-11 14:11 - 2015-04-11 14:11 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-11 14:09 - 2015-04-11 14:09 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Alex\Downloads\tdsskiller.exe
2015-04-11 14:04 - 2015-04-11 14:05 - 00002112 _____ () C:\Windows\PFRO.log
2015-04-11 01:12 - 2015-04-11 01:12 - 11427128 _____ (Bitdefender LLC) C:\Users\Alex\Downloads\BootkitRemoval_x64.exe
2015-04-11 01:11 - 2015-04-11 01:11 - 15460168 _____ () C:\Users\Alex\Downloads\mbar-1.09.1.1004 (1).exe
2015-04-11 01:10 - 2015-04-11 01:11 - 15693448 _____ () C:\Users\Alex\Downloads\mbar-1.09.1.1004.exe
2015-04-11 01:10 - 2015-04-11 01:10 - 00783120 _____ () C:\Users\Alex\Downloads\rootkitremover (3).exe
2015-04-11 01:09 - 2015-04-11 01:09 - 00783120 _____ () C:\Users\Alex\Downloads\rootkitremover (2).exe
2015-04-11 01:09 - 2015-04-11 01:09 - 00783120 _____ () C:\Users\Alex\Downloads\rootkitremover (1).exe
2015-04-11 01:05 - 2015-04-11 01:05 - 05200384 _____ (AVAST Software) C:\Users\Alex\Downloads\aswmbr.exe
2015-04-11 01:02 - 2015-04-11 01:02 - 00783120 _____ (McAfee, Inc.) C:\Users\Alex\Downloads\rootkitremover.exe
2015-04-10 16:16 - 2015-04-10 16:16 - 00000558 _____ () C:\Windows\Tasks\Adobe Acrobat Update Task.job
2015-04-10 16:15 - 2015-04-10 16:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-04-10 16:15 - 2015-04-10 16:15 - 00002007 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-04-10 13:45 - 2015-04-11 14:41 - 00000392 _____ () C:\Windows\setupact.log
2015-04-10 13:45 - 2015-04-10 13:45 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-10 01:32 - 2015-04-10 01:32 - 00000000 _____ () C:\Users\Alex\Desktop\FOTO.txt
2015-04-09 13:45 - 2015-04-11 15:54 - 00000000 ____D () C:\Users\Alex\AppData\Local\Adobe
2015-04-08 23:27 - 2015-04-08 23:27 - 00000420 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3983757d-4e09-43a4-aab3-d83c3724c964.job
2015-04-08 23:27 - 2015-04-08 23:27 - 00000420 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0b3bfb9f-2c36-4fb5-bbc8-503266e6cf81.job
2015-04-08 23:27 - 2015-04-08 23:27 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2015-04-08 23:26 - 2015-04-08 23:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-08 23:25 - 2015-04-08 23:25 - 00014185 _____ () C:\Users\Alex\Downloads\[kickass.to]superantispyware.professional.6.0.1186.with.crack.lifetime.key.karanpc.torrent
2015-04-08 23:23 - 2015-04-08 23:24 - 21302280 _____ () C:\Users\Alex\Downloads\SUPERAntiSpyware (1).exe
2015-04-08 23:23 - 2015-04-08 23:23 - 21172680 _____ () C:\Users\Alex\Downloads\SUPERAntiSpyware.exe
2015-04-08 21:30 - 2015-04-08 21:30 - 00050688 _____ (Atribune.org) C:\Users\Alex\Downloads\ATF-Cleaner.exe
2015-04-08 21:28 - 2015-04-10 16:22 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-08 21:28 - 2015-04-10 16:21 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-08 21:28 - 2015-04-10 16:21 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-08 21:26 - 2015-04-08 21:27 - 00927408 _____ (Adobe Systems Incorporated) C:\Users\Alex\Downloads\flashplayer17_uninstall_win.exe
2015-04-08 21:11 - 2015-04-08 21:11 - 41840320 _____ (Microsoft Corporation) C:\Users\Alex\Downloads\Windows-KB890830-x64-V5.22 (1).exe
2015-04-08 14:03 - 2015-04-08 14:03 - 41840320 _____ (Microsoft Corporation) C:\Users\Alex\Downloads\Windows-KB890830-x64-V5.22.exe
2015-04-07 19:03 - 2015-04-07 19:03 - 17237168 _____ (Adobe Systems Incorporated) C:\Users\Alex\Downloads\flashplayer17_install_win_ppapi.exe
2015-04-07 18:50 - 2015-04-07 18:50 - 17721040 _____ (Adobe Systems Inc.) C:\Users\Alex\Downloads\AdobeAIRInstaller.exe
2015-04-07 00:36 - 2015-04-07 00:36 - 00061796 _____ () C:\Users\Alex\Downloads\devils.advocate.(1997).eng.1cd.(6087856).zip
2015-04-07 00:34 - 2015-04-07 00:34 - 00057418 _____ () C:\Users\Alex\Downloads\the-devils-advocate-english-yify-22460.zip
2015-04-07 00:33 - 2015-04-07 00:33 - 00059006 _____ () C:\Users\Alex\Downloads\the-devils-advocate-english-yify-676.zip
2015-04-07 00:17 - 2015-04-08 21:30 - 00000000 ____D () C:\Users\Alex\AppData\Temp
2015-04-07 00:08 - 2015-04-07 00:08 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-04-07 00:08 - 2015-04-07 00:08 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-04-07 00:08 - 2015-04-07 00:08 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-04-06 23:59 - 2015-04-07 00:08 - 00262544 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-04-06 23:59 - 2015-04-07 00:08 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-04-06 23:55 - 2015-04-06 23:55 - 00000000 ____D () C:\Program Files\Bitdefender
2015-04-06 22:53 - 2015-04-06 22:53 - 00000000 ____D () C:\ProgramData\BlueSprig
2015-04-06 21:46 - 2015-04-09 19:48 - 00001605 _____ () C:\Users\Alex\Desktop\The Chronicles of Domy.txt
2015-04-04 22:59 - 2015-04-04 22:59 - 00000000 ____D () C:\FS2Log
2015-04-03 01:16 - 2015-04-04 11:52 - 00000000 ____D () C:\ProgramData\AVG2015
2015-04-02 23:56 - 2015-04-03 01:11 - 00000000 ____D () C:\KVRT_Data
2015-04-02 23:46 - 2015-04-02 23:46 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-02 23:46 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2015-04-02 23:46 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-04-02 23:44 - 2015-04-02 23:45 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-04-02 23:44 - 2015-04-02 23:44 - 00000246 _____ () C:\Windows\Tasks\Driver Booster SkipUAC (Alex).job
2015-04-02 23:23 - 2015-04-02 23:23 - 00000000 _____ () C:\autoexec.bat
2015-04-02 23:05 - 2015-04-02 23:05 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieUserList
2015-04-02 23:05 - 2015-04-02 23:05 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieSiteList
2015-04-02 23:05 - 2015-04-02 23:05 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieBrowserModeList
2015-04-02 22:23 - 2015-04-02 22:24 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\DarkSoulsII
2015-04-01 22:01 - 2015-04-01 22:01 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\NVIDIA
2015-04-01 11:22 - 2015-04-01 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-01 11:22 - 2015-01-16 09:40 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-04-01 11:22 - 2015-01-16 09:40 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-04-01 11:22 - 2015-01-16 09:39 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-04-01 11:22 - 2015-01-16 09:39 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-04-01 11:21 - 2015-02-04 05:21 - 06782152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-01 11:21 - 2015-02-04 05:21 - 03522376 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-01 11:21 - 2015-02-04 05:21 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-01 11:21 - 2015-02-04 05:21 - 00932040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-01 11:21 - 2015-02-04 05:21 - 00384200 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-01 11:21 - 2015-02-04 05:21 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-01 11:21 - 2015-02-04 03:00 - 00608072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-01 11:21 - 2015-02-03 19:18 - 04229086 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-01 11:20 - 2015-02-11 13:38 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-04-01 11:20 - 2015-02-11 13:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-04-01 11:20 - 2015-02-11 13:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 31515280 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 22993224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 13916280 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 13828032 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 12894024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-01 11:20 - 2015-02-04 06:56 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 04244680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 03209736 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 00902344 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-01 11:20 - 2015-02-04 06:56 - 00026155 _____ () C:\Windows\system32\nvinfo.pb
2015-04-01 11:20 - 2014-11-22 13:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-04-01 11:20 - 2014-11-22 13:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-04-01 11:20 - 2014-11-22 13:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-04-01 11:01 - 2015-02-04 06:56 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434144.dll
2015-04-01 11:01 - 2015-02-04 06:56 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434144.dll
2015-03-29 02:42 - 2014-07-01 01:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-03-29 02:42 - 2014-07-01 01:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-03-29 02:42 - 2014-06-06 09:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-03-29 02:42 - 2014-06-06 09:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-03-29 02:42 - 2014-03-10 00:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-03-29 02:42 - 2014-03-10 00:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-03-29 02:42 - 2014-03-10 00:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-03-29 02:42 - 2014-03-10 00:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-03-29 02:39 - 2014-10-14 05:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-29 02:39 - 2014-06-19 01:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-29 02:39 - 2014-06-19 01:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-03-29 02:39 - 2014-06-19 01:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-03-29 02:39 - 2014-06-19 01:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-29 02:39 - 2014-06-19 01:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-03-29 02:39 - 2014-06-19 01:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-29 02:38 - 2015-02-03 06:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-29 02:38 - 2015-02-03 06:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-29 02:38 - 2015-02-03 06:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-29 02:38 - 2015-02-03 06:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-29 02:38 - 2015-02-03 06:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-29 02:38 - 2015-02-03 06:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-29 02:38 - 2015-02-03 06:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-29 02:38 - 2015-02-03 06:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-29 02:38 - 2015-02-03 06:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-29 02:38 - 2015-02-03 06:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-29 02:38 - 2015-02-03 06:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-29 02:38 - 2015-02-03 06:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-29 02:38 - 2015-02-03 06:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-29 02:38 - 2015-02-03 06:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-29 02:38 - 2015-02-03 06:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-29 02:38 - 2015-02-03 06:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-29 02:38 - 2015-02-03 06:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-29 02:38 - 2015-02-03 06:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-29 02:38 - 2015-02-03 06:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-29 02:38 - 2015-02-03 06:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-29 02:38 - 2015-02-03 06:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-29 02:38 - 2015-02-03 06:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-29 02:38 - 2015-02-03 06:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-29 02:38 - 2015-02-03 06:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-29 02:38 - 2015-02-03 06:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-29 02:38 - 2015-02-03 06:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-29 02:38 - 2015-02-03 06:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-29 02:38 - 2015-02-03 06:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-29 02:38 - 2015-02-03 06:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-29 02:38 - 2015-02-03 06:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-29 02:38 - 2015-02-03 06:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-29 02:38 - 2015-02-03 05:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-29 02:38 - 2014-11-01 01:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-29 02:38 - 2014-07-17 05:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-29 02:38 - 2014-07-17 05:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-29 02:38 - 2014-07-17 05:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-03-29 02:38 - 2014-07-17 05:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-03-29 02:38 - 2014-07-17 05:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-03-29 02:38 - 2014-07-17 04:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-03-29 02:38 - 2014-07-17 04:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-03-29 02:38 - 2014-07-17 04:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-03-29 02:38 - 2014-07-17 04:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-03-29 02:38 - 2014-07-17 04:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-03-29 02:38 - 2014-07-17 04:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-03-29 02:38 - 2014-06-28 03:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-29 02:38 - 2014-06-28 03:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-29 02:38 - 2014-04-25 05:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-03-29 02:38 - 2014-04-25 05:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-03-29 02:38 - 2014-04-05 05:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-03-29 02:38 - 2014-04-05 05:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-03-29 02:38 - 2014-03-04 12:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-03-29 02:38 - 2014-03-04 12:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-03-29 02:38 - 2014-03-04 12:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-03-29 02:38 - 2014-03-04 12:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-03-29 02:38 - 2014-03-04 12:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-03-29 02:38 - 2014-03-04 12:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-03-29 02:38 - 2014-03-04 12:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-03-29 02:38 - 2014-03-04 12:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-03-29 02:38 - 2014-03-04 12:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-03-29 02:38 - 2014-03-04 12:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-03-29 02:38 - 2014-03-04 12:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-03-29 02:38 - 2014-03-04 12:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-03-29 02:38 - 2014-03-04 12:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-03-29 02:38 - 2014-03-04 12:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-03-29 02:38 - 2014-03-04 12:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-03-29 02:38 - 2014-03-04 12:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-03-29 02:37 - 2015-03-06 08:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-29 02:37 - 2015-03-06 08:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-29 02:37 - 2015-03-06 08:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-29 02:37 - 2015-03-06 08:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-29 02:37 - 2015-03-06 08:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-29 02:37 - 2015-03-06 08:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-29 02:37 - 2015-03-06 08:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-29 02:37 - 2015-03-06 08:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-29 02:37 - 2015-03-06 08:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-29 02:37 - 2015-03-06 08:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-29 02:37 - 2015-03-06 08:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-29 02:37 - 2015-03-06 08:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-29 02:37 - 2015-03-06 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-29 02:37 - 2015-03-06 08:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-29 02:37 - 2015-03-06 08:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-29 02:37 - 2015-03-06 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-29 02:37 - 2015-03-06 08:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-29 02:37 - 2015-03-06 08:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-29 02:37 - 2015-03-06 08:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-29 02:37 - 2015-03-06 08:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-29 02:37 - 2015-03-06 08:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-29 02:37 - 2015-03-06 08:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-29 02:37 - 2015-03-06 08:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-29 02:37 - 2015-03-06 08:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-29 02:37 - 2015-03-06 08:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-29 02:37 - 2015-03-06 08:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-29 02:37 - 2015-03-06 08:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-29 02:37 - 2015-03-06 08:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-29 02:37 - 2015-03-06 08:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-29 02:37 - 2015-03-06 08:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-29 02:37 - 2015-03-06 08:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-29 02:37 - 2015-02-13 08:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-29 02:37 - 2015-02-13 08:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-29 02:37 - 2015-01-31 02:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-29 02:37 - 2014-12-08 06:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-29 02:37 - 2014-12-08 05:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-29 02:37 - 2014-11-11 06:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-03-29 02:37 - 2014-11-11 05:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-03-29 02:37 - 2014-03-04 12:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-03-29 02:37 - 2014-03-04 12:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-03-29 02:37 - 2014-03-04 12:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-03-29 02:37 - 2014-03-04 12:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-03-29 02:37 - 2014-03-04 12:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-03-29 02:37 - 2014-03-04 12:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-03-29 02:37 - 2014-03-04 12:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-03-29 02:37 - 2014-03-04 12:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-03-29 02:37 - 2014-03-04 12:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-03-29 02:37 - 2014-03-04 11:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-03-29 02:37 - 2014-03-04 11:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-03-29 02:36 - 2015-02-26 06:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-29 02:36 - 2015-02-20 07:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-29 02:36 - 2015-02-20 07:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-29 02:36 - 2015-02-20 07:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-29 02:36 - 2015-02-20 07:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-29 02:36 - 2015-02-20 07:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-29 02:36 - 2015-02-20 07:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-29 02:36 - 2015-02-20 07:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-29 02:36 - 2015-02-20 07:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-29 02:36 - 2015-02-20 06:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-29 02:36 - 2015-02-20 06:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-29 02:36 - 2015-02-03 06:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-29 02:36 - 2015-02-03 06:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-29 02:36 - 2015-02-03 06:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-29 02:36 - 2015-02-03 06:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-29 02:36 - 2015-01-31 06:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-29 02:36 - 2015-01-31 06:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-29 02:36 - 2015-01-31 06:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-03-29 02:36 - 2015-01-17 05:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-29 02:36 - 2015-01-17 05:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-29 02:36 - 2014-12-19 06:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-29 02:36 - 2014-12-19 04:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-29 02:36 - 2014-12-11 20:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-29 02:36 - 2014-12-06 07:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-29 02:36 - 2014-12-06 06:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-03-29 02:36 - 2014-12-06 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-03-29 02:36 - 2014-10-25 04:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-29 02:36 - 2014-10-25 04:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-03-29 02:36 - 2014-10-18 05:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-29 02:36 - 2014-10-18 04:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-03-29 02:36 - 2014-09-04 08:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-03-29 02:36 - 2014-09-04 08:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-03-29 02:36 - 2014-08-23 05:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-03-29 02:36 - 2014-08-23 04:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-03-29 02:36 - 2014-08-21 09:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-29 02:36 - 2014-08-21 09:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-29 02:36 - 2014-08-21 09:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-03-29 02:36 - 2014-08-21 09:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-03-29 02:36 - 2014-08-12 05:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-29 02:36 - 2014-08-12 04:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-03-29 02:36 - 2014-06-18 05:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-03-29 02:36 - 2014-06-18 04:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-03-29 02:36 - 2014-06-16 05:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-03-29 02:36 - 2014-06-06 13:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-03-29 02:36 - 2014-06-06 12:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-03-29 02:36 - 2014-06-03 13:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-29 02:36 - 2014-06-03 13:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-29 02:36 - 2014-06-03 13:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-03-29 02:36 - 2014-06-03 13:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-03-29 02:36 - 2014-06-03 12:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-03-29 02:36 - 2014-06-03 12:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-29 02:36 - 2014-06-03 12:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-03-29 02:36 - 2014-05-30 09:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-03-29 02:36 - 2014-03-26 17:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-03-29 02:36 - 2014-03-26 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-03-29 02:36 - 2014-03-26 17:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-03-29 02:36 - 2014-03-26 17:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-03-29 02:35 - 2015-02-24 06:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-29 02:35 - 2015-02-24 05:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-29 02:35 - 2015-02-21 04:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-29 02:35 - 2015-02-21 03:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-29 02:35 - 2015-02-21 03:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-29 02:35 - 2015-02-21 03:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-29 02:35 - 2015-02-21 03:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-29 02:35 - 2015-02-21 02:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-29 02:35 - 2015-02-21 02:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-29 02:35 - 2015-02-20 06:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-29 02:35 - 2015-02-20 06:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-29 02:35 - 2015-02-20 05:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-29 02:35 - 2015-02-20 05:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-29 02:35 - 2015-02-20 05:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-29 02:35 - 2015-02-20 05:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-29 02:35 - 2015-02-20 05:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-29 02:35 - 2015-02-20 05:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-29 02:35 - 2015-02-20 05:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-29 02:35 - 2015-02-20 05:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-29 02:35 - 2015-02-20 05:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-29 02:35 - 2015-02-20 05:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-29 02:35 - 2015-02-20 05:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-29 02:35 - 2015-02-20 05:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-29 02:35 - 2015-02-20 05:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-29 02:35 - 2015-02-20 05:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-29 02:35 - 2015-02-20 05:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-29 02:35 - 2015-02-20 05:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-29 02:35 - 2015-02-20 05:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-29 02:35 - 2015-02-20 05:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-29 02:35 - 2015-02-20 05:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-29 02:35 - 2015-02-20 05:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-29 02:35 - 2015-02-20 05:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-29 02:35 - 2015-02-20 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-29 02:35 - 2015-02-20 05:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-29 02:35 - 2015-02-20 05:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-29 02:35 - 2015-02-20 05:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-29 02:35 - 2015-02-20 04:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-29 02:35 - 2015-02-20 04:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-29 02:35 - 2015-02-20 04:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-29 02:35 - 2015-02-20 04:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-29 02:35 - 2015-02-20 04:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-29 02:35 - 2015-02-20 04:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-29 02:35 - 2015-02-20 04:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-29 02:35 - 2015-02-20 04:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-29 02:35 - 2015-02-20 04:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-29 02:35 - 2015-02-20 04:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-29 02:35 - 2015-02-20 04:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-29 02:35 - 2015-02-20 04:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-29 02:35 - 2015-02-20 04:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-29 02:35 - 2015-02-20 04:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-29 02:35 - 2015-02-20 04:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-29 02:35 - 2015-02-20 04:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-29 02:35 - 2015-02-20 04:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-29 02:35 - 2015-02-20 04:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-29 02:35 - 2015-02-20 03:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-29 02:35 - 2015-02-20 03:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-29 02:24 - 2015-02-04 06:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-29 02:24 - 2015-02-04 05:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-29 02:24 - 2014-07-14 05:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-03-29 02:24 - 2014-07-14 04:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-03-29 02:06 - 2014-05-14 19:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-29 02:06 - 2014-05-14 19:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-03-29 02:06 - 2014-05-14 19:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-03-29 02:06 - 2014-05-14 19:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-29 02:06 - 2014-05-14 19:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-03-29 02:06 - 2014-05-14 19:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-03-29 02:06 - 2014-05-14 19:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-03-29 02:06 - 2014-05-14 19:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-29 02:06 - 2014-05-14 19:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-03-29 02:06 - 2014-05-14 19:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-03-29 02:05 - 2014-05-14 10:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-03-29 02:05 - 2014-05-14 10:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-03-29 02:05 - 2014-05-14 10:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-29 02:05 - 2014-05-14 10:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-03-29 01:46 - 2015-04-03 12:48 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-03-29 01:46 - 2015-04-02 23:46 - 00000000 ____D () C:\ProgramData\IObit
2015-03-29 01:46 - 2015-03-29 01:46 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\ProductData
2015-03-29 01:45 - 2015-04-02 23:46 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\IObit
2015-03-26 20:32 - 2015-03-26 20:32 - 00001039 _____ () C:\Users\Public\Desktop\REDRAGON GAMING MOUSE.lnk
2015-03-26 20:32 - 2015-03-26 20:32 - 00000000 ____D () C:\Users\Alex\Documents\Gaming Mouse Mammoth
2015-03-26 20:32 - 2015-03-26 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REDRAGON GAMING MOUSE
2015-03-26 20:32 - 2015-03-26 20:32 - 00000000 ____D () C:\Program Files (x86)\REDRAGON GAMING MOUSE
2015-03-26 13:09 - 2015-03-26 13:09 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d067acf91a218b.job
2015-03-26 12:41 - 2015-03-26 12:42 - 00000000 ____D () C:\Users\TEMP
2015-03-26 12:41 - 2015-03-26 12:41 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2015-03-26 12:41 - 2013-02-17 20:22 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2015-03-26 12:41 - 2012-09-21 09:18 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\TuneUp Software
2015-03-26 12:41 - 2012-09-19 11:15 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\Macromedia
2015-03-26 12:41 - 2009-07-14 07:54 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-26 12:41 - 2009-07-14 07:49 - 00000000 ___RD () C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-26 12:04 - 2015-03-26 12:04 - 00000203 _____ () C:\Windows\uruninstaller.ini
2015-03-26 10:56 - 2015-03-26 10:56 - 00000000 ____D () C:\Users\Alex\AppData\Local\ESET
2015-03-25 23:38 - 2015-04-02 23:21 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-25 23:38 - 2015-03-29 01:52 - 00000000 ____D () C:\Program Files\ESET
2015-03-25 23:38 - 2015-03-25 23:38 - 00000000 ____D () C:\ProgramData\ESET
2015-03-25 23:31 - 2015-03-25 23:31 - 00000000 ____D () C:\ProgramData\Licenses
2015-03-22 02:51 - 2015-03-22 02:51 - 00000000 ____D () C:\Users\Alex\Desktop\en_viii_limba_romana_subiect_si_barem_23_iunie_2014
2015-03-22 01:19 - 2015-03-22 01:19 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-03-15 13:55 - 2015-03-15 13:55 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\LavasoftStatistics
2015-03-15 13:54 - 2015-04-11 21:06 - 00326288 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-03-15 13:54 - 2015-03-15 13:54 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2015-03-15 13:54 - 2015-03-12 12:59 - 00373864 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-03-15 13:51 - 2015-03-15 13:51 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-12 00:26 - 2012-09-18 13:41 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\uTorrent
2015-04-12 00:18 - 2012-09-19 02:21 - 01932936 _____ () C:\Windows\WindowsUpdate.log
2015-04-12 00:12 - 2015-02-23 15:02 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-04-12 00:12 - 2015-02-23 14:58 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-04-12 00:08 - 2012-09-18 19:40 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-11 19:15 - 2009-07-14 07:45 - 00023680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 19:15 - 2009-07-14 07:45 - 00023680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 19:04 - 2015-02-23 15:01 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\QuickScan
2015-04-11 18:39 - 2015-02-17 19:09 - 00000020 _____ () C:\Users\Alex\AppData\Roaming\appdataFr3.bin
2015-04-11 16:12 - 2012-09-18 13:54 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Adobe
2015-04-11 14:41 - 2012-11-22 18:16 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-11 14:41 - 2012-09-18 13:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-11 03:54 - 2012-09-19 11:28 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\vlc
2015-04-11 01:10 - 2013-01-20 16:03 - 00000000 ____D () C:\Users\Alex\AppData\Local\CrashDumps
2015-04-10 16:15 - 2012-09-18 13:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-10 16:15 - 2012-09-18 13:42 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-10 14:15 - 2012-09-18 19:34 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
2015-04-10 13:52 - 2009-07-14 08:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 20:38 - 2014-09-02 20:15 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\TS3Client
2015-04-09 17:11 - 2012-09-18 20:23 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\DAEMON Tools Lite
2015-04-07 00:15 - 2012-11-02 11:14 - 00000000 ____D () C:\Windows\Minidump
2015-04-07 00:15 - 2009-07-14 08:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-04-07 00:12 - 2015-02-23 15:06 - 00000000 ____D () C:\ProgramData\BDLogging
2015-04-05 12:33 - 2014-01-12 13:44 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-04 11:52 - 2012-11-22 16:55 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-04-04 11:52 - 2012-09-18 13:55 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-03 20:40 - 2012-09-18 14:02 - 00000000 ___HD () C:\$AVG
2015-04-02 21:43 - 2012-09-18 13:02 - 00000000 ____D () C:\Users\Alex
2015-04-01 11:22 - 2014-01-13 22:32 - 00000000 ____D () C:\Temp
2015-04-01 11:22 - 2012-09-18 13:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-01 11:22 - 2012-09-18 13:37 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-01 11:22 - 2012-09-18 13:36 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-01 11:21 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\Help
2015-03-29 15:10 - 2013-07-10 13:37 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-03-29 15:10 - 2013-07-10 13:37 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-29 15:10 - 2009-07-14 07:45 - 05056016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-29 05:01 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-29 05:01 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-29 05:01 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-29 03:44 - 2012-09-18 13:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-29 03:13 - 2012-09-25 22:54 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-29 03:07 - 2013-07-14 02:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-29 02:55 - 2013-07-10 13:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-29 01:53 - 2012-09-18 13:41 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-03-26 13:09 - 2014-06-22 13:21 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e03bd9231ff.job
2015-03-26 13:09 - 2013-07-05 23:23 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-26 12:27 - 2009-07-14 06:20 - 00000000 ____D () C:\Windows\registration
2015-03-26 11:33 - 2015-03-09 21:19 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-22 01:08 - 2015-03-10 21:11 - 00000340 _____ () C:\Windows\system32\.crusader
2015-03-15 21:24 - 2015-02-28 23:29 - 00000000 ____D () C:\AdwCleaner
2015-03-15 13:28 - 2013-08-22 15:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-14 23:20 - 2015-02-23 18:38 - 00000000 ____D () C:\OETemp
 
==================== Files in the root of some directories =======
 
2012-11-21 00:31 - 2012-11-21 00:31 - 0000369 _____ () C:\Users\Alex\AppData\Roaming\13F9.exe
2012-11-22 11:51 - 2012-11-22 11:51 - 0015424 _____ () C:\Users\Alex\AppData\Roaming\63B0.exe
2012-11-22 17:59 - 2012-11-22 17:59 - 0015424 _____ () C:\Users\Alex\AppData\Roaming\6CDF.exe
2012-11-22 14:51 - 2012-11-22 14:51 - 0015424 _____ () C:\Users\Alex\AppData\Roaming\993D.exe
2012-11-22 13:51 - 2012-11-22 13:51 - 0015424 _____ () C:\Users\Alex\AppData\Roaming\AA2F.exe
2012-11-22 17:51 - 2012-11-22 17:51 - 0015424 _____ () C:\Users\Alex\AppData\Roaming\ABD3.exe
2013-03-12 22:40 - 2013-03-13 11:06 - 0000132 _____ () C:\Users\Alex\AppData\Roaming\Adobe BMP Format CS5 Prefs
2013-03-12 22:39 - 2015-02-19 20:59 - 0000132 _____ () C:\Users\Alex\AppData\Roaming\Adobe PNG Format CS5 Prefs
2005-04-08 05:16 - 2012-11-22 18:11 - 2632796 ____H () C:\Users\Alex\AppData\Roaming\Alexlog.dat
2015-02-17 19:09 - 2015-04-11 18:39 - 0000020 _____ () C:\Users\Alex\AppData\Roaming\appdataFr3.bin
2012-11-22 12:51 - 2012-11-22 12:51 - 0015424 _____ () C:\Users\Alex\AppData\Roaming\BCD7.exe
2012-11-22 11:14 - 2012-11-22 11:14 - 0015424 _____ () C:\Users\Alex\AppData\Roaming\BF0.exe
2012-11-22 16:50 - 2012-11-22 16:50 - 0015424 _____ () C:\Users\Alex\AppData\Roaming\F57B.exe
2012-10-20 21:02 - 2012-10-20 21:02 - 0059070 _____ () C:\Users\Alex\AppData\Roaming\icarus-dxdiag.xml
2012-10-25 21:12 - 2012-10-25 21:12 - 0582661 _____ () C:\Users\Alex\AppData\Roaming\technic-launcher.jar
2014-06-19 11:49 - 2014-06-19 11:49 - 0000024 _____ () C:\Users\Alex\AppData\Roaming\temp.ini
2014-01-14 20:49 - 2014-01-14 20:49 - 0000000 ___SH () C:\Users\Alex\AppData\Local\LumaEmu
2013-06-16 14:10 - 2014-05-18 00:14 - 0007608 _____ () C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
2015-04-12 00:12 - 2015-04-12 00:12 - 0266551 _____ () C:\ProgramData\1428786532.bdinstall.bin
2013-01-28 23:52 - 2012-11-29 23:52 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-01-30 19:30
 
==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-04-2015
Ran by Alex at 2015-04-12 00:27:11
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.0 - )
Ad-Aware Antivirus (HKLM\...\{FF054A8C-C0A4-4C78-8910-E2A459BEFF05}_AdAwareUpdater) (Version: 11.6.306.7947 - Lavasoft)
AdAwareInstaller (Version: 11.6.306.7947 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.6.306.7947 - Lavasoft) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.3.0 - Auslogics Labs Pty Ltd)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
CodeBlocks (HKU\S-1-5-21-3278407220-4277461161-628739332-1000\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0316 - DT Soft Ltd)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - )
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Gyazo 1.2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc. & Toshiyuki Masui)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
OF: Red River (x32 Version: 1.0.0003.129 - Codemasters) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
REDRAGON GAMING MOUSE version 1.1 (HKLM-x32\...\{15A1060D-A8DA-4EEB-B0F5-783507BE2042}_is1) (Version: 1.1 - redragonzone)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - Team Meat)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
System Requirements Lab (HKLM-x32\...\{8DCAB1D8-F20C-4733-9B5F-646DDFEB59C9}) (Version: 6.1.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version:  - Nicalis, Inc.)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
Tidalis (HKLM-x32\...\Steam App 40420) (Version:  - Arcen Games, LLC)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3278407220-4277461161-628739332-1000\...\WinDirStat) (Version:  - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Yet Another Zombie Defense (HKLM-x32\...\Steam App 270550) (Version:  - Awesome Games Studio)
Your Uninstaller! 2010 (HKLM-x32\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
12-04-2015 00:13:55 Before uninstalling Malwarebytes Anti-Malware version 2.1.4.1018
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-04-02 22:11 - 2013-09-03 17:19 - 00000833 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00FA3C65-A267-491C-AD1A-61D24DF750BF} - System32\Tasks\{EF0BEFA6-2A84-47C7-99C2-C89B4AA6AFB2} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.59.119&amp;LastError=404
Task: {1B4B3961-7A39-4FAE-90DB-672625F095DD} - System32\Tasks\Razer_Game_Booster_AutoUpdate => E:\GB\AutoUpdate.exe
Task: {23CFEAC2-8A7D-4DF9-9B8A-571F3859A516} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {27F9B544-50BE-4AE1-82B6-AAB4FD791FA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {2AD845E1-D6B0-46CD-B909-44ECFFD1D8B2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-10] (Adobe Systems Incorporated)
Task: {3A61D194-E4B3-4509-9A6F-024FE9637289} - System32\Tasks\ASC5_AutoClean => F:\Advanced SystemCare 5\AutoSweep.exe
Task: {6A71D997-1D14-4CCB-B2B3-2ECE8C74F5BF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {6C911C39-A8E6-44C8-B18F-51F09CEA922B} - System32\Tasks\ASC7_SkipUac_Alex => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe
Task: {7986BFD3-5D05-473C-A5E9-165658755CAB} - System32\Tasks\AdobeAAMUpdater-1.0-Alex-PC-Alex => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {8D6544D1-481A-4BA8-94ED-1498B8A59E6A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {8F4CCA4C-E71A-4907-B0B4-04E3C121D2CC} - System32\Tasks\{CC6BDB01-443F-47DA-A66F-CE40CAFC1C53} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=6.7.0.102&amp;LastError=2
Task: {8F6FE06D-6D3A-4FBF-BC5C-434366D4DF86} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {B5115D55-BA9C-4737-B174-FB8B9B3C0237} - System32\Tasks\ASC5_AutoUpdate => F:\Advanced SystemCare 5\AutoUpdate.exe
Task: C:\Windows\Tasks\0414bUpdateInfo.job => C:\ProgramData\Avg_Update_0414b\0414b_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdobeAAMUpdater-1.0-Alex-PC-Alex.job => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\Windows\Tasks\Driver Booster SkipUAC (Alex).job => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: C:\Windows\Tasks\DriverDocRunAtStartup.job => C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3278407220-4277461161-628739332-1000Core.job => C:\Users\Alex\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf8e03bd9231ff.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d067acf91a218b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 0b3bfb9f-2c36-4fb5-bbc8-503266e6cf81.job => D:\antitrfl\SASTask.exeND:\antitrfl\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 3983757d-4e09-43a4-aab3-d83c3724c964.job => D:\antitrfl\SASTask.exeND:\antitrfl\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-01 11:21 - 2015-02-04 05:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-30 13:27 - 2013-10-30 13:27 - 00757048 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2015-04-06 23:59 - 2014-08-27 16:31 - 00265080 ____N () D:\Bitdefender\Bitdefender 2015\txmlutil.dll
2012-09-18 13:46 - 2010-03-15 11:28 - 00052224 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 02756616 _____ () E:\trf\Ad-Aware Antivirus\11.6.306.7947\AdAwareShellExtension.dll
2015-03-10 18:50 - 2015-03-10 18:50 - 03396064 _____ () E:\trf\Ad-Aware Antivirus\11.6.306.7947\RCF.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00125464 _____ () E:\trf\Ad-Aware Antivirus\11.6.306.7947\boost_filesystem-vc100-mt-1_57.dll
2015-03-10 18:51 - 2015-03-10 18:51 - 00024080 _____ () E:\trf\Ad-Aware Antivirus\11.6.306.7947\boost_system-vc100-mt-1_57.dll
2014-03-26 00:04 - 2015-03-10 09:37 - 00775680 _____ () D:\Steam\SDL2.dll
2015-01-20 10:52 - 2014-12-02 03:29 - 05002752 _____ () D:\Steam\v8.dll
2015-01-20 10:52 - 2014-12-02 03:29 - 01612800 _____ () D:\Steam\icui18n.dll
2015-01-20 10:52 - 2014-12-02 03:29 - 01210368 _____ () D:\Steam\icuuc.dll
2014-05-22 19:23 - 2015-04-09 21:38 - 02371776 _____ () D:\Steam\video.dll
2014-08-29 13:32 - 2014-12-02 00:31 - 02396672 _____ () D:\Steam\libavcodec-56.dll
2014-08-29 13:32 - 2014-12-02 00:31 - 00442880 _____ () D:\Steam\libavutil-54.dll
2014-08-29 13:32 - 2014-12-02 00:31 - 00479744 _____ () D:\Steam\libavformat-56.dll
2014-08-29 13:32 - 2014-12-02 00:31 - 00332800 _____ () D:\Steam\libavresample-2.dll
2014-08-29 13:32 - 2014-12-02 00:31 - 00485888 _____ () D:\Steam\libswscale-3.dll
2014-03-26 00:04 - 2015-04-09 21:38 - 00702656 _____ () D:\Steam\bin\chromehtml.DLL
2014-03-26 00:04 - 2015-02-25 04:58 - 34641288 _____ () D:\Steam\bin\libcef.dll
2014-08-15 01:20 - 2015-02-25 04:58 - 01709960 _____ () D:\Steam\bin\ffmpegsumo.dll
2015-04-02 10:50 - 2015-03-31 00:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-02 10:50 - 2015-03-31 00:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-02 10:50 - 2015-03-31 00:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\LavasoftTcpService.dll:BDU
AlternateDataStreams: C:\Users\Alex\Cookies:Xix9e5mDttUtEFmSVT4u9o
AlternateDataStreams: C:\Users\Alex\Downloads\8ugljmvg.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\Adaware_Installer.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\AdobeAIRInstaller.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\aswmbr.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\ATF-Cleaner.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\BootkitRemoval_x64.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\flashplayer17_install_win_ppapi.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\flashplayer17_uninstall_win.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\HijackThis.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\mbar-1.09.1.1004 (1).exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\mbar-1.09.1.1004.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\qsinstaller.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\rootkitremover (1).exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\rootkitremover (2).exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\rootkitremover (3).exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\rootkitremover.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\spybot-2.4 (1).exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\spybot-2.4 (2).exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\spybot-2.4.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\SUPERAntiSpyware (1).exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\SUPERAntiSpyware.exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\Windows-KB890830-x64-V5.22 (1).exe:BDU
AlternateDataStreams: C:\Users\Alex\Downloads\Windows-KB890830-x64-V5.22.exe:BDU
AlternateDataStreams: C:\Users\Alex\AppData\Local\Temporary Internet Files:YC8cTPKAcwRy1m5ynBu
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3278407220-4277461161-628739332-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TunngleService => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Advanced SystemCare 5 => 
MSCONFIG\startupreg: Advanced SystemCare 6 => 
MSCONFIG\startupreg: Bdagent => 
MSCONFIG\startupreg: Bitdefender Wallet => 
MSCONFIG\startupreg: Bitdefender Wallet Agent => 
MSCONFIG\startupreg: Bitdefender Wallet Application Agent => 
MSCONFIG\startupreg: Clownfish => 
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: egui => 
MSCONFIG\startupreg: Google Update => 
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: Gyazo => C:\Program Files (x86)\Gyazo\GyStation.exe
MSCONFIG\startupreg: InstallerLauncher => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\Installer.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => 
MSCONFIG\startupreg: MammothgmmouseRun => "C:\Program Files (x86)\REDRAGON GAMING MOUSE\mmmon.exe" -runauto
MSCONFIG\startupreg: NvBackend => 
MSCONFIG\startupreg: ROC_ROC_NT => 
MSCONFIG\startupreg: SearchSettings => 
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Web Companion => 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3278407220-4277461161-628739332-500 - Administrator - Enabled)
Alex (S-1-5-21-3278407220-4277461161-628739332-1000 - Administrator - Enabled) => C:\Users\Alex
Guest (S-1-5-21-3278407220-4277461161-628739332-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: TuneUpUtilitiesDrv
Description: TuneUpUtilitiesDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: TuneUpUtilitiesDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/12/2015 00:14:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/12/2015 00:08:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/11/2015 07:36:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/11/2015 07:22:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.
 
System Error:
The system cannot find the file specified.
.
 
Error: (02/04/2014 02:44:07 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3278407220-4277461161-628739332-500.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {e22be581-cbb8-4192-82b8-9ef836ed0a7d}
 
Error: (02/03/2014 06:14:04 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
 
Error: (02/03/2014 06:13:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/03/2014 03:24:03 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to poke open firewall
 
Error: (02/03/2014 03:22:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/02/2014 06:57:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3278407220-4277461161-628739332-500.bak).  hr = 0x80070539, The security ID structure is invalid.
.
 
 
Operation:
   OnIdentify event
   Gathering Writer Data
 
Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {408fcaed-10fd-4cb5-823b-4407668cf586}
 
 
System errors:
=============
Error: (04/12/2015 00:10:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/11/2015 02:44:47 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: 
%%0
 
Error: (04/11/2015 02:43:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: 
%%0
 
Error: (04/11/2015 02:43:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: 
%%0
 
Error: (04/11/2015 02:43:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: 
%%0
 
Error: (04/11/2015 02:43:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: 
%%0
 
Error: (04/11/2015 02:43:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The TuneUpUtilitiesDrv service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 02:43:10 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Skype Click to Call PNR Service service hung on starting.
 
Error: (04/11/2015 02:41:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ESET Service service failed to start due to the following error: 
%%2
 
Error: (04/11/2015 02:41:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 52%
Total physical RAM: 3263.3 MB
Available physical RAM: 1561.86 MB
Total Pagefile: 16314.71 MB
Available Pagefile: 14065.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:44.08 GB) (Free:1.82 GB) NTFS
Drive d: (MULTIMEDIA) (Fixed) (Total:97.65 GB) (Free:42.81 GB) NTFS
Drive e: (ALTELE) (Fixed) (Total:97.65 GB) (Free:53.65 GB) NTFS
Drive f: (KITT-uri) (Fixed) (Total:58.59 GB) (Free:48.37 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FBA1FBA1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=44.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=253.9 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:42 AM

Posted 12 April 2015 - 03:58 AM

Hi there,

warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 KiMO112

KiMO112
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 12 April 2015 - 07:32 AM

Hello Ive done those steps but i cant send you the logs because everytime i try to access bleepingcomp.com i get a message : Sorry you dont have permission for that Help

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:42 AM

Posted 12 April 2015 - 07:35 AM

Hi there,

please paste the content of the logs here and post the link.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 KiMO112

KiMO112
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 12 April 2015 - 07:53 AM

pastebin.com/P5trwk1C

#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:42 AM

Posted 12 April 2015 - 08:05 AM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/12/2015
Scan Time: 3:17:08 PM
Logfile: mwbytes.txt
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.03.09.05
Rootkit Database: v2015.03.31.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alex
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 418619
Time Elapsed: 11 min, 52 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v4.201 - Logfile created 12/04/2015 at 15:11:25
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Alex - ALEX-PC
# Running from : C:\Users\Alex\Desktop\adwcleaner_4.201 (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\ExpressFiles
File Deleted : C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mciekghplkkgcmofonmkmlomhkamochd
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Search The Web.url
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\324852ed-35d3-468b-87c9-16c105e703cc
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKU\.DEFAULT\Software\AVG Nation toolbar
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17689
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[auxskzcn.default\prefs.js] - Line Deleted : user_pref("CT2192277.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
 
-\\ Google Chrome v41.0.2272.118
 
 
-\\ Chromium v
 
 
-\\ Comodo Dragon v
 
 
-\\ Chrome Canary v
 
 
*************************
 
AdwCleaner[R0].txt - [12606 bytes] - [28/02/2015 23:30:07]
AdwCleaner[R1].txt - [587 bytes] - [04/03/2015 13:07:29]
AdwCleaner[R2].txt - [587 bytes] - [04/03/2015 20:38:36]
AdwCleaner[R3].txt - [2797 bytes] - [15/03/2015 21:21:55]
AdwCleaner[R4].txt - [2248 bytes] - [12/04/2015 15:09:39]
AdwCleaner[S0].txt - [12180 bytes] - [28/02/2015 23:37:38]
AdwCleaner[S1].txt - [2903 bytes] - [15/03/2015 21:24:26]
AdwCleaner[S2].txt - [2204 bytes] - [12/04/2015 15:11:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2263  bytes] ##########

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:42 AM

Posted 12 April 2015 - 08:08 AM

 

Malware Database: v2015.03.09.05

 

Please update the Database, enable rootkit-detection and re-run the tool.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 KiMO112

KiMO112
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 12 April 2015 - 08:53 AM

Can i reply to you by email? I wont be able to use my phone in a while

Pastebin.com/EQZjn0LH




Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/12/2015
Scan Time: 4:31:02 PM
Logfile: mwbytes maddafaka.txt
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.12.02
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Alex

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 415583
Time Elapsed: 19 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Edited by deeprybka, 12 April 2015 - 08:55 AM.


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:42 AM

Posted 12 April 2015 - 08:57 AM

Can i reply to you by email?


No!

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 KiMO112

KiMO112
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 12 April 2015 - 11:32 AM

Pastebin.com/yNmBYPi9
Some shady apps werent removed




ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=df84b494f35a9b41a39892cf3bfe25be
# engine=23334
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-04-12 04:26:34
# local_time=2015-04-12 07:26:34 (+0200, GTB Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 20332 180485844 0 0
# scanned=311386
# found=67
# cleaned=56
# scan_time=5748
# nod_component=V3 Build:0x30000000
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=911B340E2B90F733B55E3DB5AC2A5608562CC624 ft=1 fh=9e429147e5439cb5 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=7C6DC930CB1039A405C1B0C21F2F5B09B084F15C ft=1 fh=34ace4b3721c9f2e vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\ProgramData\IObit\ASCDownloader\IMF3\Driver Booster.exe"
sh=7C6DC930CB1039A405C1B0C21F2F5B09B084F15C ft=1 fh=34ace4b3721c9f2e vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\All Users\IObit\ASCDownloader\IMF3\Driver Booster.exe"
sh=DEDD8F0F9D5A4010092A2F3638C2E8AFB12BDD41 ft=1 fh=a2211db89c5209d0 vn="a variant of Win32/Komodia.A potentially unsafe application" ac=I fn="C:\Windows\System32\LavasoftTcpService.dll"
sh=DEDD8F0F9D5A4010092A2F3638C2E8AFB12BDD41 ft=1 fh=a2211db89c5209d0 vn="a variant of Win32/Komodia.A potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\LavasoftTcpService.dll"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=48F6B89C999D462EEA1B53B3031FCC80C43CE9C5 ft=1 fh=ab63e62deb57162e vn="a variant of Win32/YourFileDownloader.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExpressFiles\EFUpdater.exe.vir"
sh=735D0A08FF6C3463B366DBD2D5461C30AF210987 ft=1 fh=c71c0011e1aafe46 vn="a variant of Win32/ExpressFiles.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExpressFiles\ExpressFiles.exe.vir"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\torch\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\torch\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\torch\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Local\torch\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=BC8EC613BE50B2E4E408CB7A77B09EBA4FFED926 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\auxskzcn.default\Extensions\pfqjfiauy@qjiuau.com\content\bg.js.vir"
sh=E7ADD7C361A2A1EA6AE9911502C346919FDC9CED ft=0 fh=0000000000000000 vn="JS/Kryptik.ATL trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\auxskzcn.default\Extensions\uv3y3i@zoogcbs.com\content\bg.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"
sh=405BFE5B821E42D5F24EEE5E8EED97B5293674F5 ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.L trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\content.js.vir"
sh=131DCC1C22B7EBAEF95FBBE9D3398057CA9EE307 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\lsdb.js.vir"
sh=41BB2D8D9DF31DB6FE23F20811BD036AB5288C09 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hfjnnpehflcfmkffakbcoabndamfpfeg\1.0\z2.js.vir"
sh=2F0CE36FA22F149C79A009AE1D60DF4FC66C8E8B ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ljoplnklmeenogbflkjijmcenmcppjcn\3.9\C6Gjo4uG.js.vir"

Edited by deeprybka, 12 April 2015 - 11:33 AM.


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:42 AM

Posted 12 April 2015 - 11:35 AM

lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 KiMO112

KiMO112
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 12 April 2015 - 12:02 PM

I get the same pop ups and redirects

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:42 AM

Posted 12 April 2015 - 12:05 PM

Step 1

revouninstaller.pngRevo Uninstaller Free
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), to remove it:
    Google Chrome 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Reinstall Google Chrome. Download
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users