Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Farbar malware removal logs


  • Please log in to reply
6 replies to this topic

#1 Rambew

Rambew

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 20 April 2015 - 09:26 PM

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Dennis (administrator) on DENNIS-PC on 20-04-2015 19:16:19
Running from C:\Users\Dennis\Downloads
Loaded Profiles: Dennis (Available profiles: Dennis)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Echobit LLC) C:\Program Files\Echobit\LAN Bridger\LbSvc.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.pif
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.pif
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Dennis\Downloads\FRST64.pif
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [myradioplayer Tray] => "C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe"
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [847576 2015-02-03] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\...\Run: [GoogleChromeAutoLaunch_5560E485902A34F6B1CF63ACD9274ABA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\...\MountPoints2: {3ff32206-e12a-11e4-b03c-10bf48d52cc9} - Fallout 3_setup.exe
HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\...\MountPoints2: {3ff3221c-e12a-11e4-b03c-10bf48d52cc9} - Fallout 3 DLC_setup.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Fun2SavE -> {29dd3d89-4589-423e-ab64-32ddcc063276} -> C:\Program Files (x86)\Fun2SavE\c2iEDo7TpIAjIN.x64.dll [2015-03-29] ()
BHO: ExStraCooupoen -> {5c32fc14-03d5-4c0b-ae8f-b38054fa4a6c} -> C:\Program Files (x86)\ExStraCooupoen\86ejT6ECyv7fda.x64.dll [2015-04-14] ()
BHO: JoniCoupoon -> {737c3c32-65e8-43fd-b6fb-9c3e470214c7} -> C:\Program Files (x86)\JoniCoupoon\g6Q3dLjvi8yXoK.x64.dll [2015-03-29] ()
BHO: GreeatSave4eU -> {7fb03352-883d-4a58-9677-db5014ea87a3} -> C:\Program Files (x86)\GreeatSave4eU\whtfBBkHR5vaNA.x64.dll [2015-04-14] ()
BHO-x32: Fun2SavE -> {29dd3d89-4589-423e-ab64-32ddcc063276} -> C:\Program Files (x86)\Fun2SavE\c2iEDo7TpIAjIN.dll [2015-03-29] ()
BHO-x32: ExStraCooupoen -> {5c32fc14-03d5-4c0b-ae8f-b38054fa4a6c} -> C:\Program Files (x86)\ExStraCooupoen\86ejT6ECyv7fda.dll [2015-04-14] ()
BHO-x32: JoniCoupoon -> {737c3c32-65e8-43fd-b6fb-9c3e470214c7} -> C:\Program Files (x86)\JoniCoupoon\g6Q3dLjvi8yXoK.dll [2015-03-29] ()
BHO-x32: GreeatSave4eU -> {7fb03352-883d-4a58-9677-db5014ea87a3} -> C:\Program Files (x86)\GreeatSave4eU\whtfBBkHR5vaNA.dll [2015-04-14] ()
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-06] (Google Inc.)
FF Plugin HKU\S-1-5-21-1237583775-1992582428-1652045095-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dennis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2011-07-22] (Unity Technologies ApS)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.v9.com/?type=hp&ts=1402709446&from=amt&uid=ST500LT012-9WS142_S0V4VBKWXXXXS0V4VBKW&i=psd&t=3441479c3
CHR StartupUrls: Default -> "hxxp://www.v9.com/?type=hp&ts=1402709446&from=amt&uid=ST500LT012-9WS142_S0V4VBKWXXXXS0V4VBKW&i=psd&t=3441479c3", "hxxp://www.google.com/", "hxxp://www.safesear.ch/?type=20140912-165-ch", "hxxp://websearch.searchfix.info/?pid=724&r=2015/01/10&hid=8855914241969692277&lg=EN&cc=US"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-15]
CHR Extension: (Adblock Plus) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-15]
CHR Extension: (Google Search) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-15]
CHR Extension: (ZenMate Security & Privacy VPN) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2015-02-15]
CHR Extension: (Bookmark Manager) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-03-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-16]
CHR Extension: (Google Wallet) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-15]
CHR Extension: (Gmail) - C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 2e2c67c9; c:\Program Files (x86)\SegmentSystem\SegmentSystem.dll [2352128 2015-01-24] () [File not signed]
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2015-02-03] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [794328 2015-02-03] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-01-06] (EasyAntiCheat Ltd)
R2 LbSvc; C:\Program Files\Echobit\LAN Bridger\LbSvc.exe [2158744 2010-06-17] (Echobit LLC)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [36864 2009-07-10] (Realtek) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2015-02-03] (BlueStack Systems)
R3 LbAdapter; C:\Windows\System32\DRIVERS\lb.sys [21656 2010-06-07] (Echobit, LLC)
S3 P0620VID; C:\Windows\System32\DRIVERS\P0620Vid.sys [126848 2005-08-15] (Creative Technology Ltd.)
S3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-20 19:16 - 2015-04-20 19:16 - 00011263 _____ () C:\Users\Dennis\Downloads\FRST.txt
2015-04-20 19:15 - 2015-04-20 19:16 - 00000000 ____D () C:\FRST
2015-04-20 19:14 - 2015-04-20 19:14 - 02099712 _____ (Farbar) C:\Users\Dennis\Downloads\FRST64.pif
2015-04-20 19:13 - 2015-04-20 19:13 - 01139200 _____ (Farbar) C:\Users\Dennis\Downloads\FRST.pif
2015-04-19 22:58 - 2010-11-20 20:23 - 00345088 _____ (Microsoft Corporation) C:\Users\Dennis\Desktop\cmd.pif
2015-04-19 21:54 - 2015-04-19 21:54 - 00247330 _____ () C:\Users\Dennis\Desktop\FixExec.rar
2015-04-19 21:53 - 2015-04-19 21:54 - 00247330 _____ () C:\Users\Dennis\Downloads\FixExec.rar
2015-04-19 21:46 - 2015-04-19 21:47 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Dennis\Desktop\FixExec.pif
2015-04-19 21:38 - 2015-04-19 21:58 - 00001238 _____ () C:\Users\Dennis\Desktop\FixExec.txt
2015-04-19 21:32 - 2015-04-19 21:32 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Dennis\Downloads\FixExec.pif
2015-04-19 21:29 - 2015-04-19 21:29 - 00883616 _____ (Bleeping Computer, LLC) C:\Users\Dennis\Downloads\FixExec.com.exe
2015-04-19 15:15 - 2015-04-19 15:15 - 00000000 _____ () C:\Users\Dennis\AppData\Local\{5587B83B-0094-4C46-80AF-9B1E543A412F}
2015-04-18 20:09 - 2015-04-18 20:24 - 00000000 ____D () C:\Program Files (x86)\Focus Home Interactive
2015-04-18 18:06 - 2015-04-18 18:06 - 00359441 _____ () C:\Users\Dennis\Downloads\Castlemania.rar
2015-04-18 18:04 - 2015-04-18 18:04 - 00010726 _____ () C:\Users\Dennis\Downloads\MedievalMansion_schematic (1).rar
2015-04-18 18:01 - 2015-04-18 18:01 - 00010726 _____ () C:\Users\Dennis\Downloads\MedievalMansion_schematic.rar
2015-04-17 22:48 - 2015-04-17 22:48 - 00001707 _____ () C:\Users\Public\Desktop\Tradewinds Legends.lnk
2015-04-17 22:48 - 2015-04-17 22:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tradewinds Legends
2015-04-17 22:48 - 2015-04-17 22:48 - 00000000 ____D () C:\Games
2015-04-17 22:44 - 2015-04-17 22:48 - 15483376 ____R (Sandlot Games ) C:\Users\Dennis\Downloads\Tradewinds Legends_setup.exe
2015-04-17 20:01 - 2015-04-17 20:01 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Python-Eggs
2015-04-17 20:00 - 2015-04-17 20:01 - 00000000 ____D () C:\Users\Dennis\Desktop\mcedit2-win64-2.0.0alpha-168
2015-04-17 19:59 - 2015-04-17 20:00 - 29486381 _____ (Igor Pavlov) C:\Users\Dennis\Downloads\mcedit2-win64-2.0.0alpha-168.exe
2015-04-16 21:05 - 2015-04-16 21:05 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Morphopolis
2015-04-14 18:23 - 2015-04-14 18:23 - 00000000 ____D () C:\Program Files (x86)\ReegularDeAls
2015-04-14 18:23 - 2015-04-14 18:23 - 00000000 ____D () C:\Program Files (x86)\Image Hover
2015-04-14 18:23 - 2015-04-14 18:23 - 00000000 ____D () C:\Program Files (x86)\GreeatSave4eU
2015-04-14 18:21 - 2015-04-14 18:21 - 00000000 ____D () C:\Program Files (x86)\ExStraCooupoen
2015-04-14 13:45 - 2015-04-14 13:45 - 00000000 ____D () C:\Users\Dennis\AppData\Local\openvr
2015-04-14 11:54 - 2015-03-24 20:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 11:54 - 2015-03-24 20:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 11:54 - 2015-03-24 20:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 11:54 - 2015-03-24 20:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 11:54 - 2015-03-24 20:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 11:54 - 2015-03-24 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 11:54 - 2015-03-24 20:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 11:54 - 2015-03-24 20:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 11:54 - 2015-03-24 20:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 11:54 - 2015-03-24 20:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 11:54 - 2015-03-24 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 11:54 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 11:54 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 11:54 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 11:54 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 11:54 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 11:54 - 2015-03-22 20:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 11:54 - 2015-03-22 20:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 11:54 - 2015-03-22 20:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 11:54 - 2015-03-22 20:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 11:54 - 2015-03-22 20:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 11:54 - 2015-03-22 20:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 11:54 - 2015-03-22 20:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 11:54 - 2015-03-22 20:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 11:54 - 2015-03-16 22:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 11:54 - 2015-03-16 22:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 11:54 - 2015-03-16 22:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 11:54 - 2015-03-16 22:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 11:54 - 2015-03-16 22:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 11:54 - 2015-03-16 22:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 11:54 - 2015-03-16 22:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 11:54 - 2015-03-16 22:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 11:54 - 2015-03-16 22:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 11:54 - 2015-03-16 22:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 11:54 - 2015-03-16 22:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 11:54 - 2015-03-16 22:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 11:54 - 2015-03-16 22:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 11:54 - 2015-03-16 22:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 11:54 - 2015-03-16 22:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 22:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 11:54 - 2015-03-16 22:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 11:54 - 2015-03-16 21:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 11:54 - 2015-03-16 21:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 11:54 - 2015-03-16 21:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 11:54 - 2015-03-16 21:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 11:54 - 2015-03-16 21:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 11:54 - 2015-03-16 21:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 11:54 - 2015-03-16 21:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 11:54 - 2015-03-16 21:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 11:54 - 2015-03-16 21:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 11:54 - 2015-03-16 21:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 11:54 - 2015-03-16 21:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 11:54 - 2015-03-16 21:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 11:54 - 2015-03-16 21:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 11:54 - 2015-03-16 21:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 11:54 - 2015-03-16 21:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 11:54 - 2015-03-16 21:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 11:54 - 2015-03-16 21:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 11:54 - 2015-03-16 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 11:54 - 2015-03-16 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 21:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 20:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 11:54 - 2015-03-16 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 11:54 - 2015-03-16 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 11:54 - 2015-03-16 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 11:54 - 2015-03-09 20:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 11:54 - 2015-03-09 20:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 11:54 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 11:54 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 11:54 - 2015-03-04 22:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 11:54 - 2015-03-04 21:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 11:54 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 11:53 - 2015-04-01 17:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 11:53 - 2015-04-01 16:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 11:53 - 2015-03-12 21:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 11:53 - 2015-03-12 21:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 11:53 - 2015-03-12 21:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 11:53 - 2015-03-12 21:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 11:53 - 2015-03-12 21:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 11:53 - 2015-03-12 21:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 11:53 - 2015-03-12 21:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 11:53 - 2015-03-12 21:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 11:53 - 2015-03-12 21:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 11:53 - 2015-03-12 21:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 11:53 - 2015-03-12 20:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 11:53 - 2015-03-12 20:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 11:53 - 2015-03-12 20:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 11:53 - 2015-03-12 20:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 11:53 - 2015-03-12 20:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 11:53 - 2015-03-12 20:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 11:53 - 2015-03-12 20:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 11:53 - 2015-03-12 20:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 11:53 - 2015-03-12 20:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 11:53 - 2015-03-12 20:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 11:53 - 2015-03-12 20:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 11:53 - 2015-03-12 20:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 11:53 - 2015-03-12 20:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 11:53 - 2015-03-12 20:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 11:53 - 2015-03-12 20:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 11:53 - 2015-03-12 20:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 11:53 - 2015-03-12 20:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 11:53 - 2015-03-12 20:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 11:53 - 2015-03-12 20:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 11:53 - 2015-03-12 20:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 11:53 - 2015-03-12 20:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 11:53 - 2015-03-12 20:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 11:53 - 2015-03-12 20:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 11:53 - 2015-03-12 20:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 11:53 - 2015-03-12 20:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 11:53 - 2015-03-12 20:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 11:53 - 2015-03-12 20:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 11:53 - 2015-03-12 20:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 11:53 - 2015-03-12 20:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 11:53 - 2015-03-12 20:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 11:53 - 2015-03-12 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 11:53 - 2015-03-12 20:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 11:53 - 2015-03-12 19:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 11:53 - 2015-03-12 19:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 11:53 - 2015-03-12 19:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 11:53 - 2015-03-12 19:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 11:53 - 2015-03-12 19:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 11:53 - 2015-03-12 19:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 11:53 - 2015-03-12 19:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 11:53 - 2015-03-12 19:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 11:53 - 2015-03-12 19:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 11:53 - 2015-03-12 19:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 11:53 - 2015-03-12 19:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 11:53 - 2015-03-12 19:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 11:53 - 2015-03-12 19:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 11:53 - 2015-03-12 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 11:53 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 11:53 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 11:53 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-12 10:09 - 2015-04-12 11:47 - 00000000 ____D () C:\Users\Dennis\AppData\Local\Fallout3
2015-04-12 09:52 - 2015-04-12 09:52 - 00001937 _____ () C:\Users\Public\Desktop\Fallout 3.lnk
2015-04-12 09:52 - 2015-04-12 09:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout 3
2015-04-12 09:49 - 2005-08-25 02:00 - 00065536 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\P0620Hwx.dll
2015-04-12 09:49 - 2005-08-25 02:00 - 00054784 _____ (Creative Technology Ltd.) C:\Windows\system32\P0620Hwx.dll
2015-04-12 09:49 - 2005-08-17 19:29 - 00004905 _____ () C:\Windows\PD0620.uns
2015-04-12 09:49 - 2005-08-15 10:02 - 00126848 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\P0620Vid.sys
2015-04-12 09:49 - 2005-08-15 01:01 - 00126976 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\P0620Vfw.dll
2015-04-12 09:49 - 2005-07-08 19:14 - 00018432 _____ (Creative Technology Ltd.) C:\Windows\system32\P0620Sti.dll
2015-04-12 09:49 - 2005-07-08 02:00 - 00011264 _____ (Creative Technology Ltd.) C:\Windows\system32\P0620Srv.exe
2015-04-12 09:49 - 2005-06-28 15:30 - 00100352 _____ (Creative Technology Ltd.) C:\Windows\system32\P0620Ext.ax
2015-04-12 09:49 - 2005-06-22 02:00 - 00012288 _____ (Creative Technology Ltd.) C:\Windows\system32\P0620Ext.crl
2015-04-12 09:49 - 2004-07-13 01:01 - 00077824 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\P0620Ext.ax
2015-04-12 09:49 - 2004-03-18 01:00 - 00032768 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\P0620Ext.crl
2015-04-12 09:45 - 2005-08-17 02:00 - 00035328 _____ (Creative Technology Ltd.) C:\Windows\system32\P0620Pin.dll
2015-04-12 09:45 - 2005-07-07 01:07 - 00036864 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\CtCamMgr.dll
2015-04-12 09:45 - 2005-04-19 01:00 - 00005120 _____ (Creative Technology Ltd.) C:\Windows\system32\CtCamPin.crl
2015-04-12 09:38 - 2015-04-12 09:38 - 00000000 ____D () C:\Steam
2015-04-12 09:33 - 2015-04-12 09:33 - 00831496 _____ (SysProgs.org) C:\Users\Dennis\Downloads\WinCDEmu-3.6.exe
2015-04-12 09:12 - 2015-04-17 22:45 - 00001908 ____R () C:\Users\Dennis\Downloads\WDoubleYouW.nfo
2015-04-12 05:23 - 2015-04-12 09:23 - 1350346752 ____R () C:\Users\Dennis\Downloads\FO3_GOTY_DISC2.iso
2015-04-12 05:21 - 2015-04-12 09:23 - 1180147712 ____R () C:\Users\Dennis\Downloads\FO3_GOTY_DISC1.iso
2015-04-12 05:04 - 2015-04-12 05:09 - 410341746 _____ () C:\Users\Dennis\Desktop\FATE - The Traitor Soul.rar
2015-04-12 04:56 - 2015-04-12 05:00 - 00000000 ____D () C:\Users\Dennis\Desktop\FATE - The Traitor Soul
2015-04-10 19:41 - 2015-04-10 19:47 - 00000000 ____D () C:\Program Files (x86)\Quick SEO  PageRank Backlinks  Alexa Tool
2015-04-10 19:40 - 2015-04-10 19:47 - 00000000 ____D () C:\ProgramData\naliihimmmcopbjhmcbdbcdmbmbkbhii
2015-04-10 19:39 - 2015-04-10 19:47 - 00000000 ____D () C:\ProgramData\{7519e9dd-1fd0-0df7-7519-9e9dd1fda774}
2015-04-09 17:22 - 2015-04-10 19:47 - 00000000 ____D () C:\Users\Dennis\Downloads\Wondershare Video Editor 4.8.0.5 Final Incl. Crack [ATOM]
2015-04-05 22:11 - 2015-04-05 22:11 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\TeamViewer
2015-04-05 21:59 - 2015-04-18 14:16 - 00000000 ____D () C:\ProgramData\Tunngle
2015-04-05 21:59 - 2015-04-10 19:47 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Tunngle
2015-04-05 21:59 - 2015-04-10 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-04-05 21:59 - 2015-04-05 21:59 - 00000995 _____ () C:\Users\Public\Desktop\Tunngle.lnk
2015-04-05 21:59 - 2015-04-05 21:59 - 00000000 ____D () C:\Users\Public\Documents\Tunngle
2015-04-05 21:59 - 2015-04-05 21:59 - 00000000 ____D () C:\Users\Dennis\Documents\Tunngle
2015-04-05 21:58 - 2015-04-05 21:59 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2015-04-05 21:45 - 2015-04-05 21:46 - 04800816 _____ (Tunngle.net GmbH ) C:\Users\Dennis\Downloads\Tunngle_Setup_v5.2.exe
2015-04-05 17:44 - 2015-04-05 17:44 - 00000000 ____D () C:\Users\Dennis\Documents\From The Depths
2015-04-05 16:54 - 2015-04-05 17:40 - 197963652 ____R () C:\Users\Dennis\Downloads\From_The_Depths_v1.542.zip
2015-04-05 12:12 - 2015-04-05 22:08 - 3494903939 _____ () C:\Users\Dennis\Downloads\Fallout.Tactics.Brotherhood.of.Steel - RELOADED.rar
2015-04-05 12:11 - 2015-04-05 12:11 - 00018384 _____ () C:\Users\Dennis\Downloads\Fallout.Tactics.Brotherhood.of.Steel - RELOADED (1).torrent
2015-04-05 12:08 - 2015-04-05 12:09 - 00018384 _____ () C:\Users\Dennis\Downloads\Fallout.Tactics.Brotherhood.of.Steel - RELOADED.torrent
2015-04-05 00:10 - 2015-04-10 19:47 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 00:10 - 2015-04-05 00:10 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 14:28 - 2015-04-04 14:29 - 00000000 ____D () C:\Users\Dennis\Desktop\The Escapists
2015-04-04 14:25 - 2015-04-04 14:27 - 37542482 _____ () C:\Users\Dennis\Downloads\The Escapists v0.799-ALi213.7z
2015-04-04 09:28 - 2015-04-04 09:28 - 00000000 ____D () C:\Program Files (x86)\The Escapists
2015-04-04 09:20 - 2015-04-04 09:20 - 00000000 ___SH () C:\Users\Dennis\AppData\Local\LumaEmu
2015-04-04 09:16 - 2015-04-04 09:18 - 00000000 ____D () C:\Program Files (x86)\FacePunch
2015-04-04 00:21 - 2015-04-04 00:21 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\MMFApplications
2015-04-04 00:20 - 2015-04-04 00:24 - 00000000 ____D () C:\Users\Dennis\Documents\The Escapists
2015-04-04 00:20 - 2015-04-04 00:20 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\Steam
2015-04-04 00:06 - 2015-04-04 00:06 - 00555064 _____ () C:\Users\Dennis\Downloads\Unconfirmed 640761.crdownload
2015-04-04 00:05 - 2015-04-04 00:06 - 00555064 _____ () C:\Users\Dennis\Downloads\Unconfirmed 435748.crdownload
2015-03-30 19:17 - 2015-03-30 19:17 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\PACE Anti-Piracy
2015-03-30 19:17 - 2015-03-30 19:17 - 00000000 ____D () C:\Users\Dennis\AppData\Local\PACE Anti-Piracy
2015-03-30 19:17 - 2015-03-30 19:17 - 00000000 ____D () C:\ProgramData\PACE Anti-Piracy
2015-03-30 19:16 - 2015-03-30 19:16 - 00000000 ____D () C:\Users\Dennis\AppData\Local\Unity
2015-03-30 19:15 - 2015-03-30 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
2015-03-30 19:15 - 2015-03-30 19:15 - 00000000 ____D () C:\Users\Public\Documents\Unity Projects
2015-03-30 19:12 - 2015-03-30 19:16 - 00000000 ____D () C:\Program Files (x86)\Unity
2015-03-30 19:06 - 2015-03-30 19:11 - 420489056 _____ (Unity Technologies ApS) C:\Users\Dennis\Downloads\UnitySetup-3.4.0.exe
2015-03-30 18:21 - 2015-03-30 18:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2015-03-30 17:07 - 2015-03-30 17:07 - 00000000 ____D () C:\Users\Dennis\Desktop\Tor Browser
2015-03-30 17:06 - 2015-03-30 17:07 - 34391223 _____ () C:\Users\Dennis\Downloads\torbrowser-install-4.0.5_en-US.exe
2015-03-29 17:02 - 2015-03-29 17:02 - 00000000 ____D () C:\ProgramData\Red AdBlocker
2015-03-29 17:02 - 2015-03-29 17:02 - 00000000 ____D () C:\Program Files (x86)\Minimal Bookmarks Tree
2015-03-29 17:02 - 2015-03-29 17:02 - 00000000 ____D () C:\Program Files (x86)\BBitSaVERR
2015-03-29 17:00 - 2015-03-29 17:00 - 00000000 ____D () C:\Program Files (x86)\JoniCoupoon
2015-03-29 17:00 - 2015-03-29 17:00 - 00000000 ____D () C:\Program Files (x86)\Fun2SavE
2015-03-29 10:53 - 2015-03-31 02:47 - 00000000 ____D () C:\Users\Dennis\Desktop\random bleep i dont have time for
2015-03-29 10:50 - 2015-03-29 10:50 - 00000000 ____D () C:\Users\Dennis\AppData\Local\Wondershare
2015-03-29 10:50 - 2015-03-29 10:50 - 00000000 ____D () C:\ProgramData\Wondershare
2015-03-29 10:49 - 2015-04-10 19:47 - 00000000 ____D () C:\Users\Dennis\Documents\Wondershare Video Editor
2015-03-29 10:49 - 2015-04-10 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2015-03-29 10:49 - 2015-04-10 19:47 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-03-29 10:49 - 2015-03-29 10:49 - 00001206 _____ () C:\Users\Public\Desktop\Wondershare Video Editor.lnk
2015-03-29 10:49 - 2014-07-15 17:24 - 02140712 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpgvout.004
2015-03-29 10:49 - 2014-07-15 17:24 - 00531496 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpeg2mux.ax
2015-03-29 10:49 - 2014-07-15 17:24 - 00375848 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcm2ve.ax
2015-03-29 10:49 - 2014-07-15 17:24 - 00257064 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcl2ae.ax
2015-03-29 10:49 - 2014-07-15 17:24 - 00244776 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpgaout.dll
2015-03-29 10:49 - 2014-07-15 17:24 - 00020520 _____ (MainConcept GmbH) C:\Windows\SysWOW64\mcmpgvout.dll
2015-03-29 10:47 - 2015-03-29 11:55 - 00000000 ____D () C:\Users\Dennis\Downloads\Crack
2015-03-27 20:37 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-03-27 20:37 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-03-27 20:37 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-03-27 20:37 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-03-27 20:37 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-03-27 20:37 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-03-27 20:37 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-03-27 20:37 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-03-27 20:37 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-03-27 20:37 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-03-27 20:37 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-03-27 20:37 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-03-27 20:36 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-03-27 20:36 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-03-27 20:36 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-03-27 20:36 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-03-27 20:36 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-03-27 20:36 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-03-27 20:36 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-03-27 20:36 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-03-27 20:36 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-03-27 20:36 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-03-27 20:36 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-03-27 20:36 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-03-27 20:36 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-03-27 20:36 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-03-27 20:36 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-03-27 20:36 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-03-27 20:36 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-03-27 20:36 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-03-27 20:36 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-03-27 20:36 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-03-27 20:36 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-03-27 20:36 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-03-27 20:36 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-03-27 20:36 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-03-27 20:36 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-03-27 20:36 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-03-27 20:36 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-03-27 20:36 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-03-27 20:36 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-03-27 20:36 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-03-27 20:36 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-03-27 20:36 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-03-27 20:36 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-03-27 20:36 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-03-27 20:36 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-03-27 20:36 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-03-27 20:36 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-03-27 20:36 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-03-27 20:36 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-03-27 20:36 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-03-27 20:36 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-03-27 20:36 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-03-27 20:36 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-03-27 20:36 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-03-27 20:36 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-03-27 20:36 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-03-27 20:36 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-03-27 20:36 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-03-27 20:36 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-03-27 20:36 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-03-27 20:36 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-03-27 20:36 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-03-27 20:36 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-03-27 20:36 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-03-26 22:27 - 2015-03-26 22:30 - 00000000 ____D () C:\Users\Dennis\Documents\TwoWorlds Files
2015-03-25 21:07 - 2015-03-27 22:24 - 00000000 ____D () C:\Users\Dennis\AppData\Local\Two Worlds II
2015-03-25 20:24 - 2015-03-25 20:24 - 00000853 _____ () C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-03-25 20:23 - 2015-03-25 20:23 - 01744472 _____ (BitTorrent Inc.) C:\Users\Dennis\Downloads\BitTorrent.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-20 19:14 - 2015-03-06 19:09 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 17:39 - 2014-03-30 14:07 - 01949448 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 17:33 - 2015-01-05 14:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-19 21:56 - 2015-01-13 21:02 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-19 21:53 - 2015-01-08 18:00 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-04-19 21:31 - 2009-07-13 21:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-19 21:31 - 2009-07-13 21:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-19 21:27 - 2009-07-13 22:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 21:22 - 2015-03-06 19:09 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-19 21:22 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 21:22 - 2009-07-13 21:51 - 00044193 _____ () C:\Windows\setupact.log
2015-04-18 22:19 - 2014-03-30 14:07 - 00000000 __SHD () C:\Recovery
2015-04-18 20:26 - 2015-02-04 17:56 - 00000020 _____ () C:\Users\Dennis\AppData\Roaming\appdataFr3.bin
2015-04-18 20:19 - 2015-01-15 00:45 - 00000000 ____D () C:\Users\Dennis\AppData\Roaming\BitTorrent
2015-04-17 22:48 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-16 17:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 17:04 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 16:25 - 2015-01-05 20:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 16:25 - 2015-01-05 20:23 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 16:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 02:11 - 2015-01-05 17:28 - 00773912 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 02:09 - 2014-03-30 15:31 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 02:04 - 2014-03-30 15:31 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 19:03 - 2015-01-13 21:26 - 00000000 ____D () C:\Users\Dennis\Documents\Bandicam
2015-04-14 18:23 - 2015-02-01 15:34 - 00000000 ____D () C:\ProgramData\1777056734841015400
2015-04-13 14:55 - 2015-02-21 19:47 - 00812872 _____ (Google Inc.) C:\Users\Dennis\Desktop\chrome.exe
2015-04-12 10:09 - 2015-02-28 17:18 - 00000000 ____D () C:\Users\Dennis\Documents\My Games
2015-04-12 09:54 - 2015-01-05 22:04 - 00091008 _____ () C:\Windows\DirectX.log
2015-04-12 09:50 - 2009-07-13 19:34 - 00000251 _____ () C:\Windows\system.ini
2015-04-12 09:49 - 2015-01-21 14:18 - 00000000 ____D () C:\Windows\CtDrvInstall
2015-04-12 09:49 - 2015-01-16 17:39 - 00000000 ____D () C:\WCamInst
2015-04-12 09:49 - 2015-01-16 17:34 - 00002112 _____ () C:\CtDrvIns.log
2015-04-10 19:51 - 2014-01-01 15:25 - 00000000 ____D () C:\Users\Dennis
2015-04-10 19:49 - 2009-07-13 21:45 - 00270304 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-10 19:47 - 2015-01-24 15:58 - 00000000 ____D () C:\Program Files (x86)\SegmentSystem
2015-04-10 19:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-04-09 17:21 - 2014-01-01 15:53 - 00059176 _____ () C:\Users\Dennis\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-05 17:44 - 2014-10-22 21:25 - 00000000 ____D () C:\Users\Dennis\Desktop\From The Depths
2015-03-31 02:49 - 2013-11-26 17:36 - 00000000 ____D () C:\Users\Dennis\Desktop\FOnline Reloaded
2015-03-31 01:31 - 2009-07-13 22:08 - 00032618 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-30 22:49 - 2015-01-13 21:02 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-03-30 22:49 - 2015-01-13 21:02 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
 
==================== Files in the root of some directories =======
 
2015-02-04 17:56 - 2015-04-18 20:26 - 0000020 _____ () C:\Users\Dennis\AppData\Roaming\appdataFr3.bin
2015-01-11 16:16 - 2015-01-19 01:33 - 0000095 _____ () C:\Users\Dennis\AppData\Roaming\LauncherSettings_live.cfg
2015-01-11 16:17 - 2015-01-11 16:17 - 0000039 _____ () C:\Users\Dennis\AppData\Roaming\TheHunterSettings_steam_live.cfg
2015-01-16 22:06 - 2015-01-16 22:06 - 0000064 _____ () C:\Users\Dennis\AppData\Local\9bb45514f98326ff9769c622a6bf645a
2015-04-04 09:20 - 2015-04-04 09:20 - 0000000 ___SH () C:\Users\Dennis\AppData\Local\LumaEmu
2015-01-05 15:29 - 2015-01-05 15:29 - 0000017 _____ () C:\Users\Dennis\AppData\Local\resmon.resmoncfg
2015-04-19 15:15 - 2015-04-19 15:15 - 0000000 _____ () C:\Users\Dennis\AppData\Local\{5587B83B-0094-4C46-80AF-9B1E543A412F}
 
Some content of TEMP:
====================
C:\Users\Dennis\AppData\Local\Temp\ChkWin64.dll
C:\Users\Dennis\AppData\Local\Temp\setacl.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 14:18
 
==================== End Of Log ============================
 
 
Addition.txt: 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by Dennis at 2015-04-20 19:17:13
Running from C:\Users\Dennis\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.1.2.740 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
BBitSaVERR (HKLM-x32\...\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}) (Version:  - "") <==== ATTENTION
Bigger Notes ANTP (HKLM-x32\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version:  - "") <==== ATTENTION
BitTorrent (HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\...\BitTorrent) (Version: 7.9.2.39589 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{E78B4959-B348-4913-874B-FF982378E035}) (Version: 0.9.11.4119 - BlueStack Systems, Inc.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Creative WebCam Instant Driver (2.00.04.0825) (HKLM\...\Creative PD0620) (Version:  - )
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version:  - Visceral Games)
Defy Gravity (HKLM-x32\...\Steam App 96100) (Version:  - Fish Factory Games)
Dragon's Prophet (HKLM-x32\...\Steam App 229100) (Version:  - Sony Online Entertainment)
Dragons Prophet (HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\...\SOE-Dragons Prophet) (Version:  - Sony Online Entertainment)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
ExStraCooupoen (HKLM-x32\...\{98449C67-C7AF-BB53-112D-26C916814611}) (Version:  - "") <==== ATTENTION
Fallout 3 Game of the Year Edition - DLCs (HKLM-x32\...\{12CFDA5C-BDB9-460D-9E0D-F7879D9E2351}}_is1) (Version:  - Bethesda Softworks)
Fallout 3 Game of the Year Edition (HKLM-x32\...\{552F1CCF-1364-424C-85F7-46D4D006BB69}}_is1) (Version:  - Bethesda Softworks)
FATE - The Traitor Soul (HKLM-x32\...\WT079186) (Version: 2.2.0.82 - WildTangent)
Fun2SavE (HKLM-x32\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version:  - "") <==== ATTENTION
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GreeatSave4eU (HKLM-x32\...\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}) (Version:  - "") <==== ATTENTION
GTGD S1 (HKLM-x32\...\Steam App 269570) (Version:  - GTGD)
Image Hover (HKLM-x32\...\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}) (Version:  - "") <==== ATTENTION
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JoniCoupoon (HKLM-x32\...\{51417852-174C-88D4-34A0-D0FE7858BE47}) (Version:  - "") <==== ATTENTION
LAN Bridger 0.9.10b (HKLM\...\{E031F826-27C2-45CA-BB22-7E5C8488E014}) (Version: 0.9.10.0 - Echobit LLC)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lucius (HKLM-x32\...\Steam App 218640) (Version:  - Shiver Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Minimal Bookmarks Tree (HKLM-x32\...\{478472F9-9E09-492A-BDAB-42EE595EF1AD}) (Version:  - "") <==== ATTENTION
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
Morphopolis (HKLM-x32\...\Steam App 314020) (Version:  - Dan Walters)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
osu! (HKLM-x32\...\{0b75728b-1499-46ae-9602-34e0b4a5efce}) (Version: latest - ppy Pty Ltd)
osu! (HKLM-x32\...\{3f127679-6d06-452e-b29a-55db7cd2922d}) (Version: latest - ppy Pty Ltd)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0134 - REALTEK Semiconductor Corp.)
Red AdBlocker (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - Red AdBlocker) <==== ATTENTION
ReegularDeAls (HKLM-x32\...\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}) (Version:  - "") <==== ATTENTION
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
SaveLoteS (HKLM-x32\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version:  - "") <==== ATTENTION
SegmentSystem (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{2e2c67c9}) (Version:  - Software Publisher) <==== ATTENTION
Serena (HKLM-x32\...\Steam App 272060) (Version:  - Senscape)
Spore (HKLM-x32\...\Steam App 17390) (Version:  - Maxis™)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surgeon Simulator (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Tradewinds Legends (HKLM-x32\...\{F7770C5A-B3A0-43BD-9EB7-949C2B1B8762}}_is1) (Version:  - Sandlot Games)
Two Worlds II (HKLM-x32\...\Steam App 7520) (Version:  - Reality Pump Studios)
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
WinRAR 5.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Wondershare Video Editor(Build 4.8.0) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)
World of Guns: Gun Disassembly (HKLM-x32\...\Steam App 262410) (Version:  - Noble Empire Corp.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
12-04-2015 09:34:34 Device Driver Package Install: SysProgs.org Storage controllers
12-04-2015 09:52:46 Installed DirectX
15-04-2015 02:00:21 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-01-13 21:31 - 00000913 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   bandicam.com
127.0.0.1                   ssl.bandisoft.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {51D1C0D4-A794-42D3-8C3F-C775DF581544} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-06] (Google Inc.)
Task: {5F6DF4FB-B1A9-4BC1-A4ED-10AA77CF694D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6228D6D2-BA1F-4B4E-AC43-D130122136B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-06] (Google Inc.)
Task: {6E861B45-34FC-4478-A2AD-37AF8F53FC82} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {82C19FD2-7039-4229-99C2-66D9E366AAE5} - System32\Tasks\{EB05BC05-74F3-4A4B-AB14-47B43E1CA901} => pcalua.exe -a C:\Users\Dennis\Downloads\LCVU_0415_PCDRV_US_1_01_03.exe -d C:\Users\Dennis\Downloads
Task: {8B90421F-81A7-4D41-9799-63C90DD7B4AA} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {A9D1CDE4-D745-4D58-8640-CC88CF322667} - System32\Tasks\{16F680C7-E55E-4F6B-AC2F-739023A4BDE0} => C:\Users\Dennis\Desktop\ATF\ATFOEMBBC\INSTALL.EXE
Task: {CCD7EF85-FA5E-446A-902D-F4040AD154E9} - System32\Tasks\{16FE534F-50CB-4CAF-A750-FE305489643E} => pcalua.exe -a E:\sp56942.exe -d E:\
Task: {CFF5C55B-034B-4982-8770-4FCEC6B43B35} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D17D7D90-15D0-4372-9E0F-973E0B8727EC} - System32\Tasks\{0295CFE6-09D8-4DDE-AFE6-E4D6EB4F2110} => pcalua.exe -a "C:\Users\Dennis\Downloads\WCIS_PCDrv_US_2_00_04_0825 (1).EXE" -d C:\Users\Dennis\Downloads
Task: {E86B64CA-C175-406D-99A7-BDB5BDD24653} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {EECE7842-949D-4602-9C41-3B957B7C0A6E} - System32\Tasks\{5C8B8D2F-D179-43AF-8179-4B68ADFBEABE} => pcalua.exe -a D:\GATEWAY\GATEWAY.EXE -d D:\
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2010-05-30 10:23 - 2010-05-30 10:23 - 00056832 _____ () C:\Program Files\Echobit\LAN Bridger\boost_thread-vc90-mt-1_40.dll
2010-05-30 10:22 - 2010-05-30 10:22 - 00052224 _____ () C:\Program Files\Echobit\LAN Bridger\boost_date_time-vc90-mt-1_40.dll
2010-05-30 10:22 - 2010-05-30 10:22 - 00082432 _____ () C:\Program Files\Echobit\LAN Bridger\boost_filesystem-vc90-mt-1_40.dll
2010-05-30 10:22 - 2010-05-30 10:22 - 00016384 _____ () C:\Program Files\Echobit\LAN Bridger\boost_system-vc90-mt-1_40.dll
2015-01-24 15:58 - 2015-01-24 15:58 - 02352128 _____ () c:\Program Files (x86)\SegmentSystem\SegmentSystem.dll
2015-01-06 17:46 - 2009-08-28 15:38 - 00131072 _____ () C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
2015-01-05 14:55 - 2015-03-09 23:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 13:17 - 2014-12-01 17:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 13:17 - 2014-12-01 17:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 13:17 - 2014-12-01 17:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-01-05 14:55 - 2015-04-13 16:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-05 14:55 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-05 14:55 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-05 14:55 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-05 14:55 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-05 14:55 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-05 14:55 - 2015-04-13 16:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-01-05 14:55 - 2015-02-24 18:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-01-05 14:55 - 2015-02-24 18:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2015-04-16 17:17 - 2015-04-13 14:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 17:17 - 2015-04-13 14:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:C5831B98
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1237583775-1992582428-1652045095-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1237583775-1992582428-1652045095-500 - Administrator - Disabled)
Dennis (S-1-5-21-1237583775-1992582428-1652045095-1001 - Administrator - Enabled) => C:\Users\Dennis
Guest (S-1-5-21-1237583775-1992582428-1652045095-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1237583775-1992582428-1652045095-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/19/2015 10:13:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "42.0.2311.90,language="&#x2a;",type="win32",version="42.0.2311.90"1".
Dependent Assembly 42.0.2311.90,language="&#x2a;",type="win32",version="42.0.2311.90" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/19/2015 10:12:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "42.0.2311.90,language="&#x2a;",type="win32",version="42.0.2311.90"1".
Dependent Assembly 42.0.2311.90,language="&#x2a;",type="win32",version="42.0.2311.90" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/19/2015 09:24:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2015 09:22:48 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/19/2015 03:14:47 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/18/2015 11:32:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/18/2015 11:30:59 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/18/2015 11:25:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/18/2015 11:24:09 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/18/2015 10:23:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (04/19/2015 09:22:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (04/19/2015 09:22:34 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:15:32 PM on ‎4/‎19/‎2015 was unexpected.
 
Error: (04/19/2015 03:14:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (04/18/2015 11:30:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (04/18/2015 11:24:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (04/18/2015 10:22:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (04/18/2015 09:41:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (04/18/2015 09:40:10 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
 
Error: (04/18/2015 09:39:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (04/18/2015 09:32:03 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
 
 
Microsoft Office Sessions:
=========================
Error: (04/19/2015 10:13:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 42.0.2311.90,language="&#x2a;",type="win32",version="42.0.2311.90"C:\Users\Dennis\Desktop\chrome.exe
 
Error: (04/19/2015 10:12:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 42.0.2311.90,language="&#x2a;",type="win32",version="42.0.2311.90"C:\Users\Dennis\Desktop\chrome.exe
 
Error: (04/19/2015 09:24:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/19/2015 09:22:48 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/19/2015 03:14:47 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/18/2015 11:32:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/18/2015 11:30:59 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/18/2015 11:25:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/18/2015 11:24:09 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (04/18/2015 10:23:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: AMD E2-3200 APU with Radeon™ HD Graphics
Percentage of memory in use: 36%
Total physical RAM: 3561.34 MB
Available physical RAM: 2250.71 MB
Total Pagefile: 7120.86 MB
Available Pagefile: 5095.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1397.17 GB) (Free:1139.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: FCD05C46)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
I will provide the text documents for you to download and review.

 



BC AdBot (Login to Remove)

 


#2 Rambew

Rambew
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 20 April 2015 - 10:35 PM

The files didn't seem to be posted on my topic, here they are. There may or may not be multiples of this topic, simply delete or lock them.

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 PM

Posted 25 April 2015 - 09:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Chrome was compromised I suggest remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

Re-install Chrome and the Bookmarks.

If you want to save all your settings refer to this page.
Follow the instructions before removing Chrome.
http://juan2geek.com/how-to-backup-and-restore-entire-google-chrome-setting/
<<<>>>

Please run the Farbar tool and post a fresh FRST log for my review.

How is the computer running now?

#4 Rambew

Rambew
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 26 April 2015 - 08:53 PM

Malwarebytes' Anti-Malware:

Unable to run this, we changed the file format and everything, but we get this error message:  No app is associated with that file type.

 

 

AdwCleaner:

# AdwCleaner v4.202 - Logfile created 26/04/2015 at 18:36:02
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dennis - DENNIS-PC
# Running from : C:\Users\Dennis\Downloads\adwcleaner_4.202.pif
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : 2e2c67c9
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\pastaleads
Folder Deleted : C:\ProgramData\makulitsidwe
Folder Deleted : C:\ProgramData\1777056734841015400
Folder Deleted : C:\ProgramData\18a95faf61ea0c68
Folder Deleted : C:\ProgramData\{7519e9dd-1fd0-0df7-7519-9e9dd1fda774}
Folder Deleted : C:\ProgramData\{7e3d2a45-3b31-cc21-7e3d-d2a453b3a914}
Folder Deleted : C:\ProgramData\{917460bd-beaa-1d2c-9174-460bdbea82f6}
Folder Deleted : C:\ProgramData\{b24187a8-3224-df42-b241-187a83221ea0}
Folder Deleted : C:\Program Files (x86)\Open Deployment
Folder Deleted : C:\Program Files (x86)\Fun2Save
Folder Deleted : C:\Program Files (x86)\BBitSaVERR
Folder Deleted : C:\Program Files (x86)\ExStraCooupoen
Folder Deleted : C:\Program Files (x86)\GreeatSave4eU
Folder Deleted : C:\Program Files (x86)\JoniCoupoon
Folder Deleted : C:\Program Files (x86)\ReegularDeAls
Folder Deleted : C:\Users\Dennis\AppData\Local\GeniusBox
Folder Deleted : C:\Users\Dennis\AppData\Local\CrossBrowser
Folder Deleted : C:\Users\Dennis\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Probit Software
Folder Deleted : C:\ProgramData\agmafbjnhjhpjapokbnljhhkpmefjkdc
Folder Deleted : C:\ProgramData\naliihimmmcopbjhmcbdbcdmbmbkbhii
File Deleted : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\P29dd3d89_4589_423e_ab64_32ddcc063276_.P29dd3d89_4589_423e_ab64_32ddcc063276_
Key Deleted : HKLM\SOFTWARE\Classes\P29dd3d89_4589_423e_ab64_32ddcc063276_.P29dd3d89_4589_423e_ab64_32ddcc063276_.9
Key Deleted : HKLM\SOFTWARE\Classes\P5c32fc14_03d5_4c0b_ae8f_b38054fa4a6c_.P5c32fc14_03d5_4c0b_ae8f_b38054fa4a6c_
Key Deleted : HKLM\SOFTWARE\Classes\P5c32fc14_03d5_4c0b_ae8f_b38054fa4a6c_.P5c32fc14_03d5_4c0b_ae8f_b38054fa4a6c_.9
Key Deleted : HKLM\SOFTWARE\Classes\P737c3c32_65e8_43fd_b6fb_9c3e470214c7_.P737c3c32_65e8_43fd_b6fb_9c3e470214c7_
Key Deleted : HKLM\SOFTWARE\Classes\P737c3c32_65e8_43fd_b6fb_9c3e470214c7_.P737c3c32_65e8_43fd_b6fb_9c3e470214c7_.9
Key Deleted : HKLM\SOFTWARE\Classes\P7fb03352_883d_4a58_9677_db5014ea87a3_.P7fb03352_883d_4a58_9677_db5014ea87a3_
Key Deleted : HKLM\SOFTWARE\Classes\P7fb03352_883d_4a58_9677_db5014ea87a3_.P7fb03352_883d_4a58_9677_db5014ea87a3_.9
Key Deleted : HKLM\SOFTWARE\372fef05-ef6d-21e3-cf37-e41ba7f76acd
Key Deleted : HKLM\SOFTWARE\a37e2a1f-340f-be11-9d3a-a0332655a8da
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{2e2c67c9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29dd3d89-4589-423e-ab64-32ddcc063276}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5c32fc14-03d5-4c0b-ae8f-b38054fa4a6c}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{737c3c32-65e8-43fd-b6fb-9c3e470214c7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7fb03352-883d-4a58-9677-db5014ea87a3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{079E2F0F-FCA0-4163-BC82-5355B879E86E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{318C7F13-3498-459E-BF35-12865E6D005C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5D6736D5-0D77-46CE-9906-C4B2C679BF88}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4D1C553-99C0-48E5-B0A7-B1E00163715C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7405EEB-2E16-40FE-9E27-1F48CAAB15E1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29dd3d89-4589-423e-ab64-32ddcc063276}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c32fc14-03d5-4c0b-ae8f-b38054fa4a6c}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{737c3c32-65e8-43fd-b6fb-9c3e470214c7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7fb03352-883d-4a58-9677-db5014ea87a3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29dd3d89-4589-423e-ab64-32ddcc063276}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{737c3c32-65e8-43fd-b6fb-9c3e470214c7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{29dd3d89-4589-423e-ab64-32ddcc063276}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{737c3c32-65e8-43fd-b6fb-9c3e470214c7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29dd3d89-4589-423e-ab64-32ddcc063276}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5c32fc14-03d5-4c0b-ae8f-b38054fa4a6c}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{737c3c32-65e8-43fd-b6fb-9c3e470214c7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7fb03352-883d-4a58-9677-db5014ea87a3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{29dd3d89-4589-423e-ab64-32ddcc063276}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5c32fc14-03d5-4c0b-ae8f-b38054fa4a6c}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{737c3c32-65e8-43fd-b6fb-9c3e470214c7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7fb03352-883d-4a58-9677-db5014ea87a3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F97FDF1-DA2B-4579-AD3E-E46641F9DBAB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A220BAB5-C335-48BA-8A01-309FDA37446F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0416BDB0-AFB0-4464-952D-1EAB5047B8E6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{29dd3d89-4589-423e-ab64-32ddcc063276}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5c32fc14-03d5-4c0b-ae8f-b38054fa4a6c}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{737c3c32-65e8-43fd-b6fb-9c3e470214c7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7fb03352-883d-4a58-9677-db5014ea87a3}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKU\.DEFAULT\Software\Local AppWizard-Generated Applications
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3FC46A0-9B62-0EF3-B475-743B3A2762B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{51417852-174C-88D4-34A0-D0FE7858BE47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98449C67-C7AF-BB53-112D-26C916814611}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Google Chrome v42.0.2311.90
 
[C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.v9.com/?type=hp&ts=1402709446&from=amt&uid=ST500LT012-9WS142_S0V4VBKWXXXXS0V4VBKW&i=psd&t=3441479c3
[C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.v9.com/?type=hp&ts=1402709446&from=amt&uid=ST500LT012-9WS142_S0V4VBKWXXXXS0V4VBKW&i=psd&t=3441479c3
[C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : 
 
*************************
 
AdwCleaner[R0].txt - [23436 bytes] - [26/04/2015 18:34:47]
AdwCleaner[S0].txt - [9330 bytes] - [26/04/2015 18:36:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9389  bytes] ##########


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 PM

Posted 27 April 2015 - 07:25 AM

Using the MBAM uninstaller tool remove it.
https://support.malwarebytes.org/customer/portal/articles/1835311-how-do-i-uninstall-malwarebytes-anti-malware-?b_id=6438

When done restart the computer normally and re-install the application.

You should be able to run it now

How is the computer running now?

#6 Rambew

Rambew
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:18 PM

Posted 29 April 2015 - 08:03 PM

We still weren't able to run the program. No idea why.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 PM

Posted 05 May 2015 - 08:18 AM

Sorry for this long delay.

You should check with Malwarebytes if still unable to run the tool.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users