Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue Screen of Death, updater wont work, now files are corrupted...


  • This topic is locked This topic is locked
16 replies to this topic

#1 jinn0z

jinn0z

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 06 May 2015 - 12:04 AM

CryptoWall 3.0, Avira Does't work and in safe mode, it didn't let me scan my computer.







Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2015
Ran by Dang (administrator) on DANG-PC on 06-05-2015 04:27:01
Running from C:\Users\Dang\Desktop
Loaded Profiles: Dang (Available profiles: Dang)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Pokki) C:\Users\Dang\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(BitTorrent Inc.) C:\Users\Dang\AppData\Roaming\uTorrent\uTorrent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Pokki) C:\Users\Dang\AppData\Local\Pokki\Engine\HostAppService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Microsoft) C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2015-01-20] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048 2015-04-10] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-26] (SUPERAntiSpyware)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [uTorrent] => C:\Users\Dang\AppData\Roaming\uTorrent\uTorrent.exe [1740880 2015-02-13] (BitTorrent Inc.)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [Afhdworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Dang\AppData\Local\Esdltion\loader_u.dll
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [Usfxmedia] => regsvr32.exe C:\Users\Dang\AppData\Local\Usfxmedia\loader_u.dll <===== ATTENTION
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\MountPoints2: {bf2676ad-36bb-11e3-a338-f80f412c6fd3} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\MountPoints2: {c7f3f46d-554e-11e2-a95d-f80f412c6fd3} - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-04-20]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2015-01-20]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2012-11-30]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000 -> DefaultScope {B566F1F9-13BF-45CD-9E24-A6DE3B32D45F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=667671&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000 -> {B566F1F9-13BF-45CD-9E24-A6DE3B32D45F} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=667671&p={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2008-09-15] (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-01-30] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-01-20] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-01-20] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\user.js [2014-07-27]
FF SearchPlugin: C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\searchplugins\avira-safesearch.xml [2015-02-26]
FF Extension: Avira Browser Safety - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\Extensions\abs@avira.com [2015-04-27]
FF Extension: Pdb based CorSymWriter - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\Extensions\{107DC554-B584-2D81-B623-ADA1E3DA6639} [2015-05-01]
FF Extension: Flashblock - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-01-20]
FF Extension: WOT - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-26]
FF Extension: TinEye Reverse Image Search - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\Extensions\tineye@ideeinc.com.xpi [2013-05-31]
FF Extension: NoScript - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-11-30]
FF Extension: Adblock Plus - C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-12-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-20]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2015-01-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=667671&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Profile: C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-04-29]
CHR Extension: (Google Docs) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-13]
CHR Extension: (Google Drive) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-13]
CHR Extension: (YouTube) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-13]
CHR Extension: (Google Search) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-13]
CHR Extension: (Bookmark Manager) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-11-02] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-11-30] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104 2015-04-10] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2015-01-20] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-07-23] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 04:26 - 2015-05-06 04:26 - 00006060 _____ () C:\Windows\SysWOW64\rsslogs.20150506042525
2015-05-06 03:41 - 2015-05-06 03:41 - 00052078 _____ () C:\Windows\SysWOW64\rsslogs.20150506034017
2015-05-06 03:39 - 2015-05-06 04:24 - 00011178 _____ () C:\Windows\PFRO.log
2015-05-06 02:52 - 2015-05-06 04:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-06 02:51 - 2015-05-06 04:21 - 00000000 ____D () C:\Users\Dang\Desktop\mbar
2015-05-06 02:50 - 2015-05-06 02:50 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Dang\Desktop\mbar-1.09.1.1004.exe
2015-05-06 02:21 - 2015-05-06 02:21 - 00095677 _____ () C:\Windows\SysWOW64\rsslogs.20150506022004
2015-05-06 01:21 - 2015-05-06 01:21 - 00069035 _____ () C:\Windows\SysWOW64\rsslogs.20150506012024
2015-05-06 01:19 - 2015-05-06 01:19 - 01700312 _____ () C:\Windows\Minidump\050615-24102-01.dmp
2015-05-06 01:15 - 2015-05-06 01:31 - 00000000 ____D () C:\Users\Dang\Desktop\SHINee - Hello (Repackage Album)
2015-05-06 01:14 - 2014-03-12 17:40 - 00000000 ____D () C:\Users\Dang\Downloads\SHINee - Hello (Repackage Album)
2015-05-06 01:13 - 2015-05-06 01:13 - 83281488 _____ () C:\Users\Dang\Desktop\SHINee - Hello (Repackage Album).rar
2015-05-06 00:55 - 2015-05-06 00:58 - 00043008 _____ () C:\Users\Dang\Desktop\Addition.txt
2015-05-06 00:50 - 2015-05-06 00:50 - 00004244 _____ () C:\Users\Dang\Documents\HELP_DECRYPT.TXT
2015-05-06 00:50 - 2015-05-06 00:50 - 00000284 _____ () C:\Users\Dang\Documents\HELP_DECRYPT.URL
2015-05-06 00:42 - 2015-05-06 04:27 - 00026626 _____ () C:\Users\Dang\Desktop\FRST.txt
2015-05-06 00:42 - 2015-05-06 04:27 - 00000000 ____D () C:\FRST
2015-05-06 00:41 - 2015-05-06 00:42 - 02101248 _____ (Farbar) C:\Users\Dang\Desktop\FRST64.exe
2015-05-06 00:26 - 2015-05-06 00:26 - 00014700 _____ () C:\Users\Dang\Desktop\hijackthis.log
2015-05-06 00:15 - 2015-05-06 00:15 - 00076315 _____ () C:\Windows\SysWOW64\rsslogs.20150506001454
2015-05-06 00:01 - 2015-05-06 00:01 - 00015751 _____ () C:\Windows\SysWOW64\rsslogs.20150506000045
2015-05-05 23:59 - 2015-05-06 00:00 - 00373048 _____ () C:\Windows\Minidump\050515-20030-01.dmp
2015-05-05 23:54 - 2015-05-05 23:55 - 03875496 _____ (foobar2000.org) C:\Users\Dang\Downloads\foobar2000_v1.3.8.exe
2015-05-05 23:53 - 2015-05-06 02:26 - 00004244 _____ () C:\Users\Dang\AppData\Roaming\HELP_DECRYPT.TXT
2015-05-05 23:53 - 2015-05-06 02:26 - 00004244 _____ () C:\Users\Dang\AppData\HELP_DECRYPT.TXT
2015-05-05 23:53 - 2015-05-06 02:26 - 00000284 _____ () C:\Users\Dang\AppData\Roaming\HELP_DECRYPT.URL
2015-05-05 23:53 - 2015-05-06 02:26 - 00000284 _____ () C:\Users\Dang\AppData\HELP_DECRYPT.URL
2015-05-05 23:50 - 2015-05-06 02:25 - 00004244 _____ () C:\Users\Dang\AppData\Local\HELP_DECRYPT.TXT
2015-05-05 23:50 - 2015-05-06 02:25 - 00000284 _____ () C:\Users\Dang\AppData\Local\HELP_DECRYPT.URL
2015-05-05 23:49 - 2015-05-06 02:24 - 00004244 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-05-05 23:49 - 2015-05-06 02:24 - 00000284 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-05-05 23:48 - 2015-05-05 23:48 - 00000000 ___HD () C:\a2b40044
2015-05-05 23:34 - 2015-05-05 23:34 - 00030280 _____ () C:\Windows\SysWOW64\rsslogs.20150505233307
2015-05-05 23:23 - 2015-05-05 23:23 - 00009693 _____ () C:\Windows\SysWOW64\rsslogs.20150505232231
2015-05-05 23:21 - 2015-05-06 01:19 - 450240977 _____ () C:\Windows\MEMORY.DMP
2015-05-05 23:21 - 2015-05-05 23:21 - 00373072 _____ () C:\Windows\Minidump\050515-20046-01.dmp
2015-05-05 22:57 - 2015-05-05 22:57 - 00021802 _____ () C:\Windows\SysWOW64\rsslogs.20150505225642
2015-05-03 22:53 - 2015-05-05 23:04 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\Local Store
2015-05-01 23:21 - 2015-05-02 03:54 - 00000000 ____D () C:\Users\Dang\AppData\Local\ysus
2015-05-01 14:16 - 2015-05-01 14:16 - 00003124 _____ () C:\Windows\System32\Tasks\{2AA35854-5E3B-4C6D-9CF3-317A8A35DF0E}
2015-05-01 14:14 - 2015-05-01 14:14 - 00003641 _____ () C:\Windows\SysWOW64\rsslogs.20150501141350
2015-05-01 14:12 - 2015-05-06 04:24 - 00000560 _____ () C:\Windows\setupact.log
2015-05-01 14:12 - 2015-05-01 14:12 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-01 14:11 - 2015-05-06 04:23 - 00067945 _____ () C:\Windows\WindowsUpdate.log
2015-05-01 13:30 - 2015-05-01 13:30 - 00029067 _____ () C:\Windows\SysWOW64\rsslogs.20150501132941
2015-05-01 13:00 - 2015-05-01 13:00 - 00003641 _____ () C:\Windows\SysWOW64\rsslogs.20150501125929
2015-05-01 12:47 - 2015-05-01 12:47 - 00006063 _____ () C:\Windows\SysWOW64\rsslogs.20150501124633
2015-05-01 12:38 - 2015-05-01 12:38 - 00008485 _____ () C:\Windows\SysWOW64\rsslogs.20150501123715
2015-05-01 08:21 - 2015-05-01 16:35 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-01 08:19 - 2015-05-05 23:51 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\Dropbox
2015-05-01 08:09 - 2015-05-05 23:51 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\AVAST Software
2015-05-01 08:05 - 2015-05-06 00:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-01 08:05 - 2015-05-01 08:05 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-01 08:04 - 2015-05-01 08:04 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Dang\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-05-01 07:02 - 2015-05-01 07:02 - 00077513 _____ () C:\Windows\SysWOW64\rsslogs.20150501070111
2015-05-01 06:33 - 2015-05-01 06:33 - 00025435 _____ () C:\Windows\SysWOW64\rsslogs.20150501063234
2015-05-01 06:30 - 2015-05-01 06:30 - 00000000 __SHD () C:\found.001
2015-04-30 21:22 - 2015-04-30 21:22 - 00001211 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-04-30 21:15 - 2015-04-30 21:15 - 00283424 _____ () C:\Windows\SysWOW64\rsslogs.20150430211408
2015-04-30 20:28 - 2015-04-30 20:28 - 00050869 _____ () C:\Windows\SysWOW64\rsslogs.20150430202756
2015-04-30 19:21 - 2015-04-30 19:21 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Dang\Downloads\avira_en_av_5653620029__ws.exe
2015-04-30 18:15 - 2015-04-30 18:15 - 00159890 _____ () C:\Windows\SysWOW64\rsslogs.20150430181424
2015-04-30 13:19 - 2015-04-30 13:19 - 00047229 _____ () C:\Windows\SysWOW64\rsslogs.20150430131842
2015-04-30 01:29 - 2015-04-30 01:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dang\Downloads\HijackThis.exe
2015-04-30 01:18 - 2015-04-30 01:18 - 00018173 _____ () C:\Windows\SysWOW64\rsslogs.20150430011749
2015-04-30 01:11 - 2015-04-30 01:11 - 00002430 _____ () C:\Windows\SysWOW64\rsslogs.20150430011058
2015-04-30 00:11 - 2013-12-14 08:08 - 00450718 _____ () C:\Windows\system32\Drivers\etc\hosts.20150430-001149.backup
2015-04-30 00:07 - 2015-04-30 00:07 - 00072704 _____ () C:\Windows\SysWOW64\rsslogs.20150430000634
2015-04-30 00:03 - 2015-05-06 01:19 - 00000000 ____D () C:\Windows\Minidump
2015-04-29 23:19 - 2015-04-29 23:19 - 00000000 ____D () C:\SUPERDelete
2015-04-29 23:13 - 2015-04-30 01:07 - 00000000 ____D () C:\Users\Dang\AppData\Local\jozehe
2015-04-29 23:12 - 2015-04-29 23:12 - 00010120 ____N () C:\bootsqm.dat
2015-04-29 22:43 - 2015-05-05 23:51 - 00000000 ____D () C:\Users\Dang\AppData\Local\Usfxmedia
2015-04-29 22:41 - 2015-05-05 23:50 - 00000000 ____D () C:\Users\Dang\AppData\Local\Esdltion
2015-04-29 13:45 - 2015-05-06 01:48 - 00000000 ____D () C:\Users\Dang\Downloads\Blood+
2015-04-29 06:34 - 2015-04-29 06:38 - 00000000 ____D () C:\Users\Dang\Downloads\Blood-C:The Last Dark
2015-04-29 06:04 - 2015-04-29 15:01 - 00000000 ____D () C:\Users\Dang\Downloads\Blood-C - 12 Complete (Dual Audio)
2015-04-22 05:12 - 2015-04-22 05:15 - 00000000 ____D () C:\Users\Dang\Downloads\Jupiter.Ascending.2015.1080p.WEB-DL.AAC2.0.H264-RARBG
2015-04-20 20:09 - 2015-04-20 20:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-15 00:40 - 2015-04-15 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-14 19:01 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 19:01 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 19:01 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 19:01 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 19:01 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 19:01 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 19:01 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 19:01 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 19:01 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 19:01 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 19:01 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 19:01 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 19:01 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 19:01 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 19:01 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 19:01 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 19:00 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 19:00 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 19:00 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 19:00 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 19:00 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 19:00 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 19:00 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 19:00 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 19:00 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 19:00 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 19:00 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 19:00 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 19:00 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 19:00 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 19:00 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 19:00 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 19:00 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 19:00 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 19:00 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 19:00 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 19:00 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 19:00 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 19:00 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 19:00 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 19:00 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 19:00 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 19:00 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 19:00 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 19:00 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 19:00 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 19:00 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 19:00 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 19:00 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 19:00 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 19:00 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 19:00 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 19:00 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 19:00 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 19:00 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 19:00 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 19:00 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 19:00 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 19:00 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 19:00 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 19:00 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 19:00 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 19:00 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 19:00 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 19:00 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 19:00 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 19:00 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 19:00 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 19:00 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 19:00 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 19:00 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 19:00 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 19:00 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 19:00 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 19:00 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 19:00 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 19:00 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 19:00 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 19:00 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 19:00 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 19:00 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 19:00 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 19:00 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 19:00 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 19:00 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 19:00 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 19:00 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 19:00 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 19:00 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 19:00 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 19:00 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 19:00 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 19:00 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 19:00 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 19:00 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 19:00 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 19:00 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 19:00 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 19:00 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 19:00 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 19:00 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 19:00 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 19:00 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 19:00 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 19:00 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 19:00 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 19:00 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 19:00 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 19:00 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 19:00 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 19:00 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 19:00 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 19:00 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 19:00 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 19:00 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 19:00 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 19:00 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 19:00 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 19:00 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 19:00 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 19:00 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 19:00 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 19:00 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 19:00 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 19:00 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 19:00 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 19:00 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 19:00 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 19:00 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 19:00 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 19:00 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 18:59 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 18:59 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 18:59 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-13 20:03 - 2015-04-13 20:03 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-13 20:03 - 2015-04-13 20:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-13 20:01 - 2015-05-06 00:18 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-13 20:01 - 2015-04-13 20:03 - 00000000 ____D () C:\Program Files\iTunes
2015-04-13 20:01 - 2015-04-13 20:01 - 00000000 ____D () C:\Program Files\iPod
2015-04-13 20:01 - 2015-04-13 20:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-12 11:18 - 2015-04-12 11:18 - 00000000 ____D () C:\Users\Dang\Downloads\The.Hunger.Games.Mockingjay.Part.1.HDRip.AC3.Legendado.CO2®
2015-04-09 22:35 - 2015-04-09 22:36 - 00000000 ____D () C:\Users\Dang\Downloads\Seventh Son (2014)
2015-04-07 20:49 - 2015-04-07 20:49 - 00001587 _____ () C:\Users\Dang\Desktop\Monster Hunter Online Benchmark.lnk
2015-04-07 20:49 - 2015-04-07 20:49 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Monster Hunter Online Benchmark
2015-04-07 20:48 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-04-07 20:48 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-04-07 20:48 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-04-07 20:48 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-04-07 20:48 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-04-07 20:48 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-04-07 20:48 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-04-07 20:48 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-04-07 20:48 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-04-07 20:48 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-04-07 20:48 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-04-07 20:48 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-04-07 20:48 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-04-07 20:48 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-04-07 20:48 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-04-07 20:48 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-04-07 20:48 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-04-07 20:48 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-04-07 20:48 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-04-07 20:48 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-04-07 20:48 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-04-07 20:48 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-04-07 20:48 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-04-07 20:48 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-04-07 20:48 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-04-07 20:48 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-04-07 20:48 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-04-07 20:48 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-04-07 20:48 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-04-07 20:48 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-04-07 20:48 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-04-07 20:48 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-04-07 20:48 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-04-07 20:48 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-04-07 20:48 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-04-07 20:48 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-04-07 20:48 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-04-07 20:48 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-04-07 20:48 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-04-07 20:48 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-04-07 20:48 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-04-07 20:48 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-04-07 20:48 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-04-07 20:48 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-04-07 20:48 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-04-07 20:48 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-04-07 20:48 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-04-07 20:48 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-04-07 20:48 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-04-07 20:48 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-04-07 20:48 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-04-07 20:48 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-04-07 20:48 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-04-07 20:48 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-04-07 20:48 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-04-07 20:48 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-04-07 20:48 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-04-07 20:48 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-04-07 20:48 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-04-07 20:48 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-04-07 20:48 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-04-07 20:48 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-04-07 20:48 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-04-07 20:48 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-04-07 20:48 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-04-07 20:48 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-04-07 20:48 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-04-07 20:48 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-04-07 20:48 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-04-07 20:48 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-04-07 20:48 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-04-07 20:48 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-04-07 20:48 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-04-07 20:48 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-04-07 20:48 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-04-07 20:48 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-04-07 20:48 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-04-07 20:48 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-04-07 20:48 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-04-07 20:48 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-04-07 20:48 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-04-07 20:48 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-04-07 20:48 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-04-07 20:48 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-04-07 20:48 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-04-07 20:48 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-04-07 20:48 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-04-07 20:48 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-04-07 20:48 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-04-07 20:48 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-04-07 20:48 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-04-07 20:48 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-04-07 20:48 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-04-07 20:48 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-04-07 20:48 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-04-07 20:48 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-04-07 20:48 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-04-07 20:48 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-04-07 20:48 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-04-07 20:48 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-04-07 20:48 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-04-07 20:48 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-04-07 20:48 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-04-07 20:48 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-04-07 20:48 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-04-07 20:48 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-04-07 20:48 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-04-07 20:48 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-04-07 20:48 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-04-07 20:48 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-04-07 20:47 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-04-07 20:47 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-04-07 20:47 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-04-07 20:47 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-04-07 20:47 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-04-07 20:47 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-04-07 20:47 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-04-07 20:47 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-04-07 20:47 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-04-07 20:47 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-04-07 20:47 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-04-07 20:47 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-04-07 20:47 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-04-07 20:47 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-04-07 20:47 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-04-07 20:47 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-04-07 20:47 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-04-07 20:47 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-04-07 20:47 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-04-07 20:47 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-04-07 20:47 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-04-07 20:47 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-04-07 20:47 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-04-07 20:47 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-04-07 20:47 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-04-07 20:47 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-04-07 20:47 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-04-07 20:47 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-04-07 20:47 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-04-07 20:47 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-04-07 20:47 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-04-07 20:47 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-04-07 20:47 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-04-07 20:47 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-04-07 20:47 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-04-07 20:47 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-04-07 20:47 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-04-07 20:47 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-04-07 20:47 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-04-07 20:47 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-04-07 20:47 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-04-07 20:47 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-04-07 20:47 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-04-07 20:47 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-04-07 20:47 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-04-07 20:47 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-04-07 20:47 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-04-07 20:47 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-04-07 20:47 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-04-07 20:47 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-04-07 20:47 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-04-07 20:47 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-04-07 20:47 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-04-07 20:47 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-04-07 20:47 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-04-07 20:47 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-04-07 20:47 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-04-07 20:47 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-04-07 20:44 - 2015-04-07 20:44 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\Tencent
2015-04-07 20:44 - 2015-04-07 20:44 - 00000000 ____D () C:\Program Files (x86)\Monster Hunter Online Benchmark
2015-04-07 20:23 - 2015-04-07 20:43 - 1074811608 _____ () C:\Users\Dang\Downloads\Monster_Hunter_Online_Benchmark.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-06 04:29 - 2012-11-30 22:07 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\foobar2000
2015-05-06 04:26 - 2013-05-04 20:52 - 00000000 ____D () C:\Users\Dang\AppData\Local\Pokki
2015-05-06 04:25 - 2013-06-11 19:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-06 04:25 - 2012-12-08 23:48 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\uTorrent
2015-05-06 04:25 - 2012-12-07 00:17 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-06 04:24 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-06 04:08 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-06 04:03 - 2012-12-07 00:17 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-06 03:58 - 2012-11-30 22:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 03:51 - 2015-02-07 22:18 - 00000104 _____ () C:\Users\Dang\Desktop\Passwords.txt
2015-05-06 03:49 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-06 03:49 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-06 03:42 - 2014-05-26 18:34 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 03:42 - 2014-05-26 18:34 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-06 02:59 - 2015-03-28 21:42 - 00000000 ____D () C:\Users\Dang\Downloads\Inuyasha - The Final Act
2015-05-06 02:59 - 2015-02-18 23:02 - 00000000 ____D () C:\Users\Dang\Downloads\Inuyasha - Season 6
2015-05-06 02:55 - 2015-02-18 23:02 - 00000000 ____D () C:\Users\Dang\Downloads\Inuyasha - Season 5
2015-05-06 02:53 - 2015-04-04 00:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-06 02:53 - 2015-02-18 23:02 - 00000000 ____D () C:\Users\Dang\Downloads\Inuyasha - Season 4
2015-05-06 02:53 - 2014-08-05 00:25 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-06 02:53 - 2014-08-05 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-06 02:53 - 2014-04-20 14:59 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-06 02:53 - 2012-12-07 00:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-06 02:53 - 2012-12-07 00:18 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-06 02:53 - 2012-12-05 00:23 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\vlc
2015-05-06 02:53 - 2011-07-22 07:25 - 00000000 ____D () C:\ProgramData\oem
2015-05-06 02:52 - 2014-08-05 00:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-05-06 02:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-05-06 02:50 - 2015-02-18 23:16 - 00000000 ____D () C:\Users\Dang\Downloads\Inuyasha - Season 3
2015-05-06 02:49 - 2015-02-18 23:00 - 00000000 ____D () C:\Users\Dang\Downloads\Inuyasha - Season 2
2015-05-06 02:45 - 2015-02-18 23:00 - 00000000 ____D () C:\Users\Dang\Downloads\Inuyasha - Season 1
2015-05-06 02:43 - 2015-02-26 01:08 - 00000000 ____D () C:\Users\Dang\Downloads\Interstellar.2014.DVDScr.XVID.AC3.HQ.Hive-CM8
2015-05-06 02:40 - 2014-02-26 20:21 - 00000000 ____D () C:\Users\Dang\Downloads\Inception (2010)
2015-05-06 02:38 - 2014-06-06 23:00 - 00000000 ____D () C:\Users\Dang\Downloads\I, Frankenstein (2014)
2015-05-06 02:36 - 2013-05-07 21:42 - 00000000 ____D () C:\Users\Dang\Downloads\Hansel and Gretel Witch Hunters (2013)
2015-05-06 02:35 - 2014-11-17 00:46 - 00000000 ____D () C:\Users\Dang\Downloads\Guardians of the Galaxy (2014)
2015-05-06 02:33 - 2015-02-08 22:22 - 00000000 ____D () C:\Users\Dang\Downloads\Gravity (2013)
2015-05-06 02:31 - 2014-12-14 01:39 - 00000000 ____D () C:\Users\Dang\Downloads\Fullmetal Alchemist Sacred Star of Milos (2011)
2015-05-06 02:31 - 2014-07-28 01:29 - 00000000 ____D () C:\Users\Dang\Downloads\Fight Club (1999) [1080p]
2015-05-06 02:27 - 2013-06-11 19:24 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\SUPERAntiSpyware.com
2015-05-06 02:27 - 2012-11-30 22:06 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\Mozilla
2015-05-06 02:24 - 2013-06-11 19:24 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-05-06 01:59 - 2015-02-17 09:27 - 00000000 ____D () C:\Users\Dang\Downloads\Dumb and Dumber To (2014)
2015-05-06 01:59 - 2014-09-20 23:14 - 00000000 ____D () C:\Users\Dang\Downloads\Edge of Tomorrow (2014)
2015-05-06 01:56 - 2015-02-05 01:25 - 00000000 ____D () C:\Users\Dang\Downloads\Dream_Dance_Vol_72-3CD-2014-VOiCE
2015-05-06 01:55 - 2015-02-05 01:31 - 00000000 ____D () C:\Users\Dang\Downloads\Dream Dance Vol.74 - 3CD (2015)
2015-05-06 01:54 - 2015-01-18 21:25 - 00000000 ____D () C:\Users\Dang\Downloads\Deadman Wonderland (Complete 1-12)
2015-05-06 01:53 - 2014-10-25 20:11 - 00000000 ____D () C:\Users\Dang\Downloads\Dawn of the Planet of the Apes (2014)
2015-05-06 01:52 - 2013-05-10 19:30 - 00000000 ____D () C:\Users\Dang\Downloads\City Of Ember (2008)
2015-05-06 01:51 - 2014-08-04 19:56 - 00000000 ____D () C:\Users\Dang\Downloads\Captain America - The Winter Soldier (2014)
2015-05-06 01:35 - 2015-01-16 21:51 - 00000000 ____D () C:\Users\Dang\Downloads\Black Hawk Down (2001)
2015-05-06 01:34 - 2015-01-27 07:52 - 00000000 ____D () C:\Users\Dang\Downloads\A Walk to Remember (2002)
2015-05-06 00:51 - 2013-05-24 21:53 - 00000000 ____D () C:\Users\Dang\Desktop\Young.Justice.S02E01-20.720p.WEB-DL.x264.AAC
2015-05-06 00:45 - 2013-05-24 21:56 - 00000000 ____D () C:\Users\Dang\Desktop\Young Justice (Season 1) 720p (techrod108)
2015-05-06 00:38 - 2013-02-25 21:07 - 00000000 ____D () C:\Users\Dang\Desktop\Shadow Hearts From The New World
2015-05-06 00:38 - 2013-02-25 21:06 - 00000000 ____D () C:\Users\Dang\Desktop\Suikoden 5
2015-05-06 00:34 - 2013-06-04 20:50 - 00000000 ____D () C:\Users\Dang\Desktop\Green.Lantern.The.Animated.Series.S01E01-26.720p.WEB-DL.x264.AAC
2015-05-06 00:24 - 2012-12-01 20:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-06 00:23 - 2015-01-20 20:43 - 00000000 ____D () C:\ProgramData\Real
2015-05-06 00:22 - 2012-11-08 18:51 - 00000000 ____D () C:\ProgramData\clear.fi
2015-05-06 00:20 - 2012-11-08 18:36 - 00000000 ____D () C:\ProgramData\OEM_E471269A730D
2015-05-06 00:18 - 2014-09-15 19:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-05-06 00:18 - 2014-08-25 01:44 - 00000000 ____D () C:\ProgramData\InstallMate
2015-05-06 00:18 - 2014-08-05 00:25 - 00000000 ____D () C:\ProgramData\Avira
2015-05-06 00:18 - 2012-11-08 18:11 - 00000000 ____D () C:\ProgramData\CyberLink
2015-05-06 00:18 - 2011-07-22 07:12 - 00000000 ___HD () C:\OEM
2015-05-06 00:18 - 2011-07-22 07:12 - 00000000 ____D () C:\ProgramData\Acer
2015-05-06 00:17 - 2015-01-20 20:45 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2649704876-1349671222-1448162478-1000
2015-05-06 00:17 - 2015-01-20 20:45 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2649704876-1349671222-1448162478-1000
2015-05-06 00:16 - 2012-12-03 18:54 - 00000000 ____D () C:\Nexon
2015-05-06 00:16 - 2012-11-08 18:04 - 00000000 ____D () C:\book
2015-05-05 23:55 - 2012-11-30 22:07 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-05-05 23:55 - 2012-11-30 22:07 - 00001039 _____ () C:\Users\Public\Desktop\foobar2000.lnk
2015-05-05 23:55 - 2012-11-30 22:07 - 00000000 ____D () C:\Program Files (x86)\foobar2000
2015-05-05 23:54 - 2014-08-26 21:55 - 00000000 ____D () C:\Users\Dang\Desktop\For Impu
2015-05-05 23:53 - 2015-01-20 20:45 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\RealNetworks
2015-05-05 23:53 - 2015-01-20 20:43 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\Real
2015-05-05 23:53 - 2014-08-25 01:45 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\WinPatrol
2015-05-05 23:53 - 2013-04-25 23:39 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\Skype
2015-05-05 23:51 - 2015-01-20 20:45 - 00000000 ____D () C:\ProgramData\RealNetworks
2015-05-05 23:51 - 2014-07-07 21:12 - 00000000 ____D () C:\Users\Dang\AppData\Local\Skype
2015-05-05 23:51 - 2012-12-06 23:04 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\Apple Computer
2015-05-05 23:51 - 2012-12-06 23:04 - 00000000 ____D () C:\Users\Dang\AppData\Local\Apple Computer
2015-05-05 23:51 - 2012-11-30 21:38 - 00000000 ____D () C:\Users\Dang\AppData\Roaming\Adobe
2015-05-05 23:51 - 2012-11-29 22:53 - 00000000 ____D () C:\Users\Dang\AppData\Local\PowerCinema
2015-05-05 23:50 - 2012-12-07 00:17 - 00000000 ____D () C:\Users\Dang\AppData\Local\Google
2015-05-05 23:50 - 2012-11-30 22:06 - 00000000 ____D () C:\Users\Dang\AppData\Local\Mozilla
2015-05-05 23:49 - 2011-07-22 07:26 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-05 23:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-05 22:55 - 2012-11-29 22:52 - 00000000 ____D () C:\Users\Dang
2015-05-01 16:35 - 2013-12-07 22:12 - 00000000 ____D () C:\Users\Dang\AppData\Local\WhiteListing
2015-04-30 20:27 - 2009-07-14 00:45 - 00000000 ____D () C:\Windows\Setup
2015-04-30 20:23 - 2013-12-08 22:53 - 00000000 ____D () C:\Users\Dang\AppData\Local\NativeMessaging
2015-04-30 19:08 - 2012-12-07 00:17 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 23:35 - 2014-05-26 18:34 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-29 23:35 - 2014-05-26 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-29 23:35 - 2014-05-26 18:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-29 23:16 - 2012-12-01 20:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2015-04-29 23:16 - 2012-11-08 18:11 - 00000000 ____D () C:\ProgramData\Temp
2015-04-27 20:34 - 2013-09-01 18:04 - 00001074 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-04-22 00:31 - 2014-12-21 10:08 - 00002076 _____ () C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-04-21 19:28 - 2015-01-16 06:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-15 09:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 09:20 - 2014-12-09 21:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 09:20 - 2014-05-06 13:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 09:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 00:42 - 2014-02-25 00:10 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 00:40 - 2014-07-07 21:12 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-15 00:40 - 2013-04-25 23:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-15 00:39 - 2013-08-14 00:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 00:39 - 2011-07-22 07:07 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 00:33 - 2012-11-30 22:29 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 20:58 - 2012-11-30 22:21 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 20:58 - 2012-11-30 22:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 20:58 - 2011-07-22 07:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 20:01 - 2012-12-06 23:02 - 00000000 ____D () C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2015-05-05 23:53 - 2015-05-06 02:26 - 0045704 _____ () C:\Users\Dang\AppData\Roaming\HELP_DECRYPT.PNG
2015-05-05 23:53 - 2015-05-06 02:26 - 0004244 _____ () C:\Users\Dang\AppData\Roaming\HELP_DECRYPT.TXT
2015-05-05 23:53 - 2015-05-06 02:26 - 0000284 _____ () C:\Users\Dang\AppData\Roaming\HELP_DECRYPT.URL
2015-05-05 23:50 - 2015-05-06 02:25 - 0045704 _____ () C:\Users\Dang\AppData\Local\HELP_DECRYPT.PNG
2015-05-05 23:50 - 2015-05-06 02:25 - 0004244 _____ () C:\Users\Dang\AppData\Local\HELP_DECRYPT.TXT
2015-05-05 23:50 - 2015-05-06 02:25 - 0000284 _____ () C:\Users\Dang\AppData\Local\HELP_DECRYPT.URL
2012-11-08 18:11 - 2014-04-17 23:59 - 0012727 _____ () C:\ProgramData\ArcadeDeluxe5.log
2015-05-05 23:49 - 2015-05-06 02:24 - 0045704 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-05-05 23:49 - 2015-05-06 02:24 - 0004244 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-05-05 23:49 - 2015-05-06 02:24 - 0000284 _____ () C:\ProgramData\HELP_DECRYPT.URL

Some content of TEMP:
====================
C:\Users\Dang\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-05-29 14:04

==================== End Of Log ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2015
Ran by Dang at 2015-05-06 00:55:22
Running from C:\Users\Dang\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2649704876-1349671222-1448162478-500 - Administrator - Disabled)
Dang (S-1-5-21-2649704876-1349671222-1448162478-1000 - Administrator - Enabled) => C:\Users\Dang
Guest (S-1-5-21-2649704876-1349671222-1448162478-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19480 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{D9B8D7C4-BE13-5877-6999-B076956AA3F9}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{d8490d5d-0f24-4000-b2e4-4b500a9a704d}) (Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2024.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dragons of Atlantis (HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Pokki_cfada041afdc4a11092a096cac66ab6a0945d92b) (Version: v1.1.7 - Pokki)
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Monster Hunter Online Benchmark (HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Monster Hunter Online Benchmark) (Version: 3.5.4.1272 - Tencent)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.15 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pokki (HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Pokki) (Version: 0.269.7.573 - Pokki)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-04-2015 19:39:34 Windows Update
14-04-2015 20:22:53 Windows Update
15-04-2015 00:29:01 Windows Update
18-04-2015 18:21:08 Windows Update
21-04-2015 19:42:11 Windows Update
24-04-2015 20:00:16 Windows Update
28-04-2015 19:03:10 Windows Update
01-05-2015 08:05:32 avast! antivirus system restore point
01-05-2015 14:16:30 Removed Adobe Reader XI (11.0.10).

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-12-14 08:08 - 00450718 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {005E7100-86EE-4FDC-BEED-67A5271E6A0B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {1084A330-0169-431B-91AC-2062A4C04044} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {1F1A1619-889B-47E3-A657-A433EF5CCB43} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {2B85AF0D-EA2F-4315-94DB-763C335FC835} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {2BBFA06E-5EBF-4E59-B803-556182357091} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {3D04C206-0D6E-4C01-A16F-FE8422C01940} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2649704876-1349671222-1448162478-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {3EFCB2FF-02CA-458A-9658-D1A285A2CB1F} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {48CAC944-7EEF-4CBC-B919-1CBAD6781C99} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {4AB27397-ED9A-41CE-BFEA-F8D981F42646} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {503420EB-5247-435C-B76D-BE9360044783} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {518B726C-F888-49A9-A803-FD5BCD25C743} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Task: {54CA73CE-1D61-4E43-B3DE-0A9387D1DF26} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6271AD51-3729-492A-8F62-66760EC096D3} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {7A03C38A-0C00-4090-8FD0-2D29F5A7B20B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {909726B2-C95F-4D61-AE47-4A28BBD1AC4A} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-24] (Acer Incorporated)
Task: {96D85619-CD0D-453D-83C9-B7D2C37DE981} - System32\Tasks\{54F9FC58-2B13-4CC1-8236-A4F413727BB3} => Firefox.exe http://ui.skype.com/ui/0/6.16.0.105/en/abandoninstall?source=lightinstaller&page=tsBing
Task: {97098503-3471-4750-9DDE-D75FDEA9C87D} - System32\Tasks\{2AA35854-5E3B-4C6D-9CF3-317A8A35DF0E} => pcalua.exe -a "C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe" -c /REMOVE
Task: {AC4AEEDD-B2CF-48DC-84BD-012CDD297AE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {AC5B6A27-749A-4EEA-A612-6054104933B3} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B289F598-BA1A-47FB-AD07-5D3788E5200F} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2649704876-1349671222-1448162478-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {BC388D77-D6FD-47F8-9586-26DABD3DF837} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {C582CC79-8DA6-4CB4-A999-6055427FFDB8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D02B1AC0-32D4-4BE2-AB31-07F1ED2BDD4D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D40C0312-EA37-48B3-90BA-D634C2800638} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2012-11-13] (Safer-Networking Ltd.)
Task: {E4EAA017-40E9-49A6-AC7D-9095C5551834} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {F7B9BD1F-BA62-4287-8535-02BA9F669AA7} - System32\Tasks\ProPCCleaner_Popup => C:\Program Files (x86)\Pro PC Cleaner\Splash.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-04-29 22:37 - 2015-04-29 22:37 - 02466304 _____ () C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll
2015-04-29 22:37 - 2015-04-29 22:37 - 02109440 _____ () C:\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-26 23:59 - 2014-10-26 23:59 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 06:41 - 2014-10-30 06:41 - 00031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2011-08-10 23:58 - 2011-08-10 23:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-10-29 20:06 - 2014-10-29 20:06 - 00560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-10-30 06:41 - 2014-10-30 06:41 - 00035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 00032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2012-12-01 20:26 - 2012-11-13 18:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2012-12-01 20:26 - 2012-11-13 18:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2012-12-01 20:26 - 2012-11-13 18:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2012-12-01 20:26 - 2012-08-23 13:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2012-12-01 20:26 - 2012-11-13 18:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2011-05-20 15:13 - 2011-05-20 15:13 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2011-08-10 23:57 - 2011-08-10 23:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2012-12-01 20:26 - 2012-11-13 18:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-10-29 20:01 - 2014-10-29 20:01 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2013-05-04 07:57 - 2013-05-04 07:57 - 00095712 _____ () C:\Program Files (x86)\foobar2000\zlib1.dll
2015-03-26 03:45 - 2015-03-26 03:45 - 00160528 _____ () C:\Program Files (x86)\foobar2000\shared.dll
2015-03-07 06:19 - 2015-03-07 06:19 - 00204800 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll
2015-03-26 03:45 - 2015-03-26 03:45 - 01401120 _____ () C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
2015-03-26 03:42 - 2015-03-26 03:42 - 00536064 _____ () C:\Program Files (x86)\foobar2000\components\foo_converter.dll
2015-03-26 03:45 - 2015-03-26 03:45 - 01087272 _____ () C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
2015-03-26 03:42 - 2015-03-26 03:42 - 00205824 _____ () C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
2015-03-26 03:43 - 2015-03-26 03:43 - 00368640 _____ () C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
2015-03-26 03:42 - 2015-03-26 03:42 - 00356864 _____ () C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
2015-03-26 03:42 - 2015-03-26 03:42 - 00310272 _____ () C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
2010-05-23 22:57 - 2010-05-23 22:57 - 00479400 _____ () C:\Users\Dang\AppData\Roaming\BtvStack.dll
2015-05-05 23:04 - 2015-05-05 23:04 - 38714368 _____ () C:\Users\Dang\AppData\Roaming\Local Store\libcef.dll
2015-05-05 23:04 - 2015-05-05 23:04 - 00873472 _____ () C:\Users\Dang\AppData\Roaming\Local Store\ffmpegsumo.dll
2015-05-05 23:04 - 2015-05-05 23:04 - 16858288 _____ () C:\Users\Dang\AppData\Roaming\Local Store\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 12683 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{60F9659F-90C9-4711-A0D2-E05F94F09D02}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BAC5A69F-B457-4DEF-A5E2-2223A39520B5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{FF85564A-B28F-4943-993C-0779FACB3805}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{5E411569-8B90-430B-A298-D72F3A29FE28}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{07D81D0C-2E40-453A-9C85-F819D6BE301F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{ED68218C-F49E-4E01-AD7D-24B0967C9BFC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{4D1FDDD3-619F-4484-85FE-A368CB6715AB}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{C7DC9273-5130-4F95-BA45-F8303F0A30B6}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{533D6B67-D383-473A-A30A-F9508569F21E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [{69B4BCE2-B3F1-4D27-BDD5-47DB774B725E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{34B18848-CD7E-49C6-B0A9-87C9454BA6AF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C72709F0-890A-468F-BB79-7A6E9292DDFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A150CF95-B3E8-4BD2-908C-7EB3E5B22842}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66B865B3-A69A-42D7-BA81-1ED68133301B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AE98E15B-9CCD-47EC-A0AC-E8E6E5DE37A3}] => (Allow) LPort=2869
FirewallRules: [{43820D21-F219-407A-9857-DC304A3F9286}] => (Allow) LPort=1900
FirewallRules: [{702CBFDB-6558-40E3-922E-3679B2CB152C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1319C5FB-77EE-4FA1-97D9-28FE3E3CA000}] => (Allow) C:\Users\Dang\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{358303EB-39DB-4B80-AA70-922AA0178E6E}] => (Allow) C:\Users\Dang\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B5B163B8-4368-4A63-8F2E-80EE6DAED589}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{8D740C4C-BBF4-4F20-9D99-2C5D67CEFB4C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{BB4C567C-A7DC-4AC0-B67E-82B3B2FCA838}] => (Allow) C:\Users\Dang\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{66F52BB1-02F4-4AA9-A92D-5A82D7423E33}] => (Allow) C:\Users\Dang\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{50C089E1-CE21-451D-B764-AC516577E5AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1D47591-627D-4FA1-90BC-6270ECBDA574}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41EAE825-B1E3-4497-BFED-220024B34960}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [TCP Query User{EAD29DC9-1774-4451-8C44-8974743FC3DA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{08FBE701-8704-4A5D-92F1-F5AAAFE5B158}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{10266D06-D66A-4139-88D8-DACBE5948389}] => (Allow) C:\Users\Dang\Downloads\Monster_Hunter_Online_Benchmark.exe
FirewallRules: [TCP Query User{271F7576-1D91-424D-AFB5-8F1F7A24D9A3}C:\program files (x86)\monster hunter online benchmark\monster hunter online benchmark\bin32\mho_benchmark.exe] => (Allow) C:\program files (x86)\monster hunter online benchmark\monster hunter online benchmark\bin32\mho_benchmark.exe
FirewallRules: [UDP Query User{2C379A26-2BA5-4115-869D-406A149F0796}C:\program files (x86)\monster hunter online benchmark\monster hunter online benchmark\bin32\mho_benchmark.exe] => (Allow) C:\program files (x86)\monster hunter online benchmark\monster hunter online benchmark\bin32\mho_benchmark.exe
FirewallRules: [{581B20B2-DCF5-4DFD-BB8B-1F48AD08E486}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4F1332AD-7D86-4912-9EC0-614B54855978}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{2304D0E0-AE6A-419D-92BA-16812AEAF45D}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{D7CFF087-5B31-49F9-9AD1-DCBCD011F827}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/06/2015 00:48:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 5.5.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5a8

Start Time: 01d087b705b9cf0d

Termination Time: 48

Application Path: C:\Users\Dang\Downloads\FRST64.exe

Report Id: ef5141ef-f3aa-11e4-8a07-f80f412c6fd3

Error: (05/06/2015 00:45:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDImmunize.exe version 2.0.12.130 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c74

Start Time: 01d087b550aca930

Termination Time: 366

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Report Id: 929c35fd-f3aa-11e4-8a07-f80f412c6fd3

Error: (05/06/2015 00:17:31 AM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].

Error: (05/06/2015 00:17:31 AM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].

Error: (05/06/2015 00:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regsvr32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca28
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00142804
Faulting process id: 0xc34
Faulting application start time: 0xregsvr32.exe0
Faulting application path: regsvr32.exe1
Faulting module path: regsvr32.exe2
Report Id: regsvr32.exe3

Error: (05/06/2015 00:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regsvr32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca28
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x001c2804
Faulting process id: 0xc78
Faulting application start time: 0xregsvr32.exe0
Faulting application path: regsvr32.exe1
Faulting module path: regsvr32.exe2
Report Id: regsvr32.exe3

Error: (05/06/2015 00:03:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (05/06/2015 00:03:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (05/06/2015 00:03:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]

Error: (05/06/2015 00:03:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied.
]


System errors:
=============
Error: (05/06/2015 00:54:18 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (05/06/2015 00:24:37 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/06/2015 00:19:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (05/06/2015 00:19:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/06/2015 00:15:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (05/06/2015 00:14:50 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Spybot-S&D 2 Security Center Service service depends on the Security Center service which failed to start because of the following error:
%%1058

Error: (05/06/2015 00:14:49 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error:
%%1058

Error: (05/06/2015 00:12:49 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/06/2015 00:10:06 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (05/06/2015 00:05:44 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.


Microsoft Office Sessions:
=========================
Error: (05/06/2015 00:48:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe5.5.2015.05a801d087b705b9cf0d48C:\Users\Dang\Downloads\FRST64.exeef5141ef-f3aa-11e4-8a07-f80f412c6fd3

Error: (05/06/2015 00:45:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDImmunize.exe2.0.12.130c7401d087b550aca930366C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe929c35fd-f3aa-11e4-8a07-f80f412c6fd3

Error: (05/06/2015 00:17:31 AM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered

Error: (05/06/2015 00:17:31 AM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered

Error: (05/06/2015 00:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.1.7600.163854a5bca28unknown0.0.0.000000000c000000500142804c3401d087b33603fa45C:\Windows\SysWOW64\regsvr32.exeunknown80fa138a-f3a6-11e4-8a07-f80f412c6fd3

Error: (05/06/2015 00:15:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.1.7600.163854a5bca28unknown0.0.0.000000000c0000005001c2804c7801d087b336d0b09cC:\Windows\SysWOW64\regsvr32.exeunknown80e70888-f3a6-11e4-8a07-f80f412c6fd3

Error: (05/06/2015 00:03:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (05/06/2015 00:03:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (05/06/2015 00:03:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.

Error: (05/06/2015 00:03:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80070005, Access is denied.


CodeIntegrity Errors:
===================================
  Date: 2014-09-16 19:34:28.250
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-16 19:34:28.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A4-3400 APU with Radeon™ HD Graphics
Percentage of memory in use: 68%
Total physical RAM: 3796.88 MB
Available physical RAM: 1182.63 MB
Total Pagefile: 7591.94 MB
Available Pagefile: 4308.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:446.13 GB) (Free:209.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F370B812)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by jinn0z, 06 May 2015 - 04:03 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 09 May 2015 - 08:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

While we clean your computer I need you to disable Teatimer.
How to:
https://forums.spybot.info/showthread.php?2827-Disabling-Teatimer

When all is well you can restore it, not before.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

(Pokki) C:\Users\Dang\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\Dang\AppData\Local\Pokki\Engine\HostAppService.exe
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [Afhdworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Dang\AppData\Local\Esdltion\loader_u.dll
HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\...\Run: [Usfxmedia] => regsvr32.exe C:\Users\Dang\AppData\Local\Usfxmedia\loader_u.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF user.js: detected! => C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\user.js [2014-07-27]
FF SearchPlugin: C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\searchplugins\avira-safesearch.xml [2015-02-26]
CHR Extension: (Avira Browser Safety) - C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
C:\Users\Dang\AppData\Roaming\HELP_DECRYPT.TXT
C:\Users\Dang\AppData\HELP_DECRYPT.TXT
C:\Users\Dang\AppData\Roaming\HELP_DECRYPT.URL
C:\Users\Dang\AppData\HELP_DECRYPT.URL
C:\Users\Dang\AppData\Local\HELP_DECRYPT.TXT
C:\Users\Dang\AppData\Local\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.TXT
C:\ProgramData\HELP_DECRYPT.URL
C:\ProgramData\HELP_DECRYPT.PNG
C:\Users\Dang\AppData\Roaming\HELP_DECRYPT.PNG
C:\Users\Dang\AppData\Local\HELP_DECRYPT.PNG
C:\ProgramData\HELP_DECRYPT.PNG
C:\Users\Dang\AppData\Local\Pokki
C:\Users\Dang\AppData\Local\Esdltion
C:\Users\Dang\AppData\Local\Usfxmedia

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 09 May 2015 - 08:33 PM

Hi nasdaq! When restarting my computer, it said

"C:\Users\Dang\AppData\Local\Esdltion\loader_u.dll" failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent /DLL files. The specified module could not be found.

Edited by jinn0z, 09 May 2015 - 08:45 PM.


#4 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 09 May 2015 - 08:45 PM

# AdwCleaner v4.203 - Logfile created 09/05/2015 at 21:20:44 # Updated 30/04/2015 by Xplode # Database : 2015-05-09.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Dang - DANG-PC # Running from : C:\Users\Dang\Downloads\adwcleaner_4.203.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk File Found : C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\invalidprefs.js File Found : C:\Users\Public\Desktop\eBay.lnk File Found : C:\Windows\Reimage.ini Folder Found : C:\Program Files (x86)\GreenTree Applications Folder Found : C:\Users\Dang\AppData\Local\NativeMessaging Folder Found : C:\Users\Dang\Documents\Updater ***** [ Scheduled tasks ] ***** Task Found : BackgroundContainer Startup Task ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki Key Found : HKCU\Software\Classes\Directory\shell\pokki Key Found : HKCU\Software\Classes\Drive\shell\pokki Key Found : HKCU\Software\Classes\lnkfile\shell\pokki Key Found : HKCU\Software\Classes\pokki Key Found : HKCU\Software\InstalledBrowserExtensions Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki Key Found : HKCU\Software\Pokki Key Found : HKCU\Software\Reimage Key Found : [x64] HKCU\Software\InstalledBrowserExtensions Key Found : [x64] HKCU\Software\Pokki Key Found : [x64] HKCU\Software\Reimage Key Found : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Key Found : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Key Found : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Found : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine Key Found : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Found : [x64] HKLM\SOFTWARE\Reimage Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki] ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Mozilla Firefox v37.0.2 (x86 en-US) [my8vugus.default] - Line Found : user_pref("avira.safe_search.installed", "[\"safesearch\"]"); [my8vugus.default] - Line Found : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"1491b58745b233-09c78a5723fdbf-41534136-0-1491b58745c25a\""); [my8vugus.default] - Line Found : user_pref("extensions.safesearch.SAUTH_expires_at", "1431052486"); [my8vugus.default] - Line Found : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"ddb7cebec9cb7734cdf54f9a1f02cdab1dc2abe2\""); [my8vugus.default] - Line Found : user_pref("extensions.safesearch.SAUTH_userid", "5627038905"); [my8vugus.default] - Line Found : user_pref("extensions.safesearch.SAUTH_utoken", "\"eab4a05039a3ebb58d97638f3aed3736c808e044\""); [my8vugus.default] - Line Found : user_pref("extensions.safesearch.install", "1413503022180"); [my8vugus.default] - Line Found : user_pref("extensions.safesearch.search_offer_disabled", "true"); -\\ Google Chrome v42.0.2311.135 [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD6DB806A-E638-4A59-8083-BBC370539D0D&SearchSource=58&CUI=&UM=6&UP=SP40D213D9-4A1E-433A-A561-74BFB50800F3&q={searchTerms}&SSPV= [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13001&tm=405&src=ds&p={searchTerms} [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD6DB806A-E638-4A59-8083-BBC370539D0D&SearchSource=58&CUI=&UM=6&UP=SP40D213D9-4A1E-433A-A561-74BFB50800F3&q={searchTerms}&SSPV= [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=667671&p={searchTerms}", "usage_count": 0 } }, "extensions": { "settings": { "ahfgeienlihckogmohjhadlkjgocpleb": { "active_permissions": { "api": [ "management", "system.display", "system.storage", "webstorePrivate", "system.cpu", "system.memory", "system.network" ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "t", "commands": { }, "content_settings": [ ], "creation_flags": 1, "events": [ ], "from_bookmark": false, "from_webstore": false, "incognito_content_settings": [ ], "incognito_preferences": { }, "install_time": "13052376303352950", "location": 5, "manifest": { "app": { "launch": { "web_url": "hxxps://chrome.google.com/webstore" }, "urls": [ "hxxps://chrome.google.com/webstore" ] }, "description": "Chrome Web Store", "icons": { "128": "webstore_icon_128.png", "16": "webstore_icon_16.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB", "name": "Store", "permissions": [ "webstorePrivate", "management" ], "version": "0.2" }, "page_ordinal": "n", "path": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\36.0.1985.125\\resources\\web_store", "preferences": { }, "regular_only_preferences": { }, "was_installed_by_default": false, "was_installed_by_oem": false }, "aohghmighlieiainnegkcijnfilokake": { "ack_external": true, "active_permissions": { "api": [ ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "w", "commands": { }, "content_settings": [ ], "creation_flags": 137, "events": [ ], "from_bookmark": false, "from_webstore": true, "granted_permissions": { "api": [ ], "manifest_permissions": [ ] }, "incognito_content_settings": [ ], "incognito_preferences": { }, "initial_keybindings_set": true, "install_time": "13067485721625120", "lastpingday": "13075369203241042", "location": 1, "manifest": { "api_console_project_id": "619683526622", "app": { "launch": { "local_path": "main.html" } }, "container": "GOOGLE_DRIVE", "current_locale": "en_US", "default_locale": "en_US", "description": "Create and edit documents ", "icons": { "128": "icon_128.png", "16": "icon_16.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB", "manifest_version": 2, "name": "Google Docs", "offline_enabled": true, "update_url": "hxxps://clients2.google.com/service/update2/crx", "version": "0.9" }, "page_ordinal": "n", "path": "aohghmighlieiainnegkcijnfilokake\\0.9_0", "preferences": { }, "regular_only_preferences": { }, "state": 1, "was_installed_by_default": true, "was_installed_by_oem": false }, "apdfllckaahabafndbhieahigkjlhalf": { "ack_external": true, "active_permissions": { "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "y", "commands": { }, "content_settings": [ ], "creation_flags": 137, "events": [ ], "from_bookmark": false, "from_webstore": true, "granted_permissions": { "api": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ], "manifest_permissions": [ ] }, "incognito_content_settings": [ ], "incognito_preferences": { }, "install_time": "13067485730032120", "lastpingday": "13075369203241042", "location": 1, "manifest": { "app": { "launch": { "web_url": "hxxps://drive.google.com/?usp=chrome_app" }, "urls": [ "hxxp://docs.google.com/", "hxxp://drive.google.com/", "hxxps://docs.google.com/", "hxxps://drive.google.com/" ] }, "background": { "allow_js_access": false }, "current_locale": "en_US", "default_locale": "en_US", "description": "Google Drive: create, share and keep all your stuff in one place.", "icons": { "128": "128.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB", "manifest_version": 2, "name": "Google Drive", "offline_enabled": true, "options_page": "hxxps://drive.google.com/settings", "permissions": [ "background", "clipboardRead", "clipboardWrite", "notifications", "unlimitedStorage" ], "update_url": "hxxps://clients2.google.com/service/update2/crx", "version": "6.4" }, "page_ordinal": "n", "path": "apdfllckaahabafndbhieahigkjlhalf\\6.4_0", "preferences": { }, "regular_only_preferences": { }, "state": 1, "was_installed_by_default": true, "was_installed_by_oem": false }, "bepbmhgboaologfdajaanbcjmnhjmhfn": { "disable_reasons": 1, "state": 0 }, "blpcfgokakmgnkcojhhkbfbldkacnbeo": { "ack_external": true, "active_permissions": { "api": [ ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "z", "commands": { }, "content_settings": [ ], "creation_flags": 153, "events": [ ], "from_bookmark": true, "from_webstore": true, "granted_permissions": { "api": [ ], "manifest_permissions": [ ] }, "incognito_content_settings": [ ], "incognito_preferences": { }, "install_time": "13067485727429120", "lastpingday": "13075369203241042", "location": 1, "manifest": { "app": { "launch": { "container": "tab", "web_url": "hxxp://www.youtube.com/?feature=ytca" }, "web_content": { "enabled": true, "origin": "hxxp://www.youtube.com" } }, "current_locale": "en_US", "default_locale": "en", "description": "The world's most popular online video community.", "icons": { "128": "128.png" }, "key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB", "manifest_version": 2, "name": "YouTube", "update_url": "hxxp://clients2.google.com/service/update2/crx", "version": "4.2.7" }, "page_ordinal": "n", "path": "blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0", "preferences": { }, "regular_only_preferences": { }, "state": 1, "was_installed_by_default": true, "was_installed_by_oem": false }, "bopakagnckmlgajfccecajhnimjiiedh": { "lastpingday": "13053510019935646" }, "coobgpohoikkiipiblmjeljniedjpjpf": { "ack_external": true, "active_permissions": { "api": [ ], "manifest_permissions": [ ] }, "app_launcher_ordinal": "yn", "commands": { }, "content_settings": [ ], "creation_flags": 153, "events": [ ], "from_bookmark": true, "from_webstore": true, "granted_permissions": { "api": [ ], "manifest_permissions": [ ] }, "incognito_content_settings": [ ], "incognito_preferences": { }, "install_time": "13072078820825161", "lastpingday": "13075369203241042", "location": 1, "manifest": { "app": { "launch": { "web_url": "hxxp://www.google.com/webhp?source=search_app" }, "urls": [ "*://www.google.com/search", "*://www.google.com/webhp", "*://www.google.com/imgres" ] }, "current_locale": "en_US", "default_locale": "en", "description": "The fastest way to search the web. ************************* AdwCleaner[R0].txt - [16507 bytes] - [09/05/2015 21:20:44] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [16567 bytes] ########## My computer worked now. Thanks for the help^_^;;

#5 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 09 May 2015 - 08:54 PM

# AdwCleaner v4.203 - Logfile created 09/05/2015 at 21:50:40 # Updated 30/04/2015 by Xplode # Database : 2015-05-09.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Dang - DANG-PC # Running from : C:\Users\Dang\Downloads\adwcleaner_4.203.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\GreenTree Applications Folder Deleted : C:\Users\Dang\AppData\Local\NativeMessaging Folder Deleted : C:\Users\Dang\Documents\Updater File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Windows\Reimage.ini File Deleted : C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk File Deleted : C:\Users\Dang\AppData\Roaming\Mozilla\Firefox\Profiles\my8vugus.default\invalidprefs.js ***** [ Scheduled tasks ] ***** Task Deleted : BackgroundContainer Startup Task ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\Classes\pokki Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki Key Deleted : HKCU\Software\Classes\Directory\shell\pokki Key Deleted : HKCU\Software\Classes\Drive\shell\pokki Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Pokki Key Deleted : HKCU\Software\Reimage Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} Key Deleted : [x64] HKLM\SOFTWARE\Reimage Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Mozilla Firefox v37.0.2 (x86 en-US) [my8vugus.default\prefs.js] - Line Deleted : user_pref("avira.safe_search.installed", "[\"safesearch\"]"); [my8vugus.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"1491b58745b233-09c78a5723fdbf-41534136-0-1491b58745c25a\""); [my8vugus.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_expires_at", "1431052486"); [my8vugus.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"ddb7cebec9cb7734cdf54f9a1f02cdab1dc2abe2\""); [my8vugus.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_userid", "5627038905"); [my8vugus.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.SAUTH_utoken", "\"eab4a05039a3ebb58d97638f3aed3736c808e044\""); [my8vugus.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.install", "1413503022180"); [my8vugus.default\prefs.js] - Line Deleted : user_pref("extensions.safesearch.search_offer_disabled", "true"); -\\ Google Chrome v42.0.2311.135 [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms} [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD6DB806A-E638-4A59-8083-BBC370539D0D&SearchSource=58&CUI=&UM=6&UP=SP40D213D9-4A1E-433A-A561-74BFB50800F3&q={searchTerms}&SSPV= [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&aid=100&itype=n&ver=13001&tm=405&src=ds&p={searchTerms} [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324774&octid=EB_ORIGINAL_CTID&ISID=MD6DB806A-E638-4A59-8083-BBC370539D0D&SearchSource=58&CUI=&UM=6&UP=SP40D213D9-4A1E-433A-A561-74BFB50800F3&q={searchTerms}&SSPV= [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : ************************* AdwCleaner[R0].txt - [16679 bytes] - [09/05/2015 21:20:44] AdwCleaner[R1].txt - [16739 bytes] - [09/05/2015 21:49:28] AdwCleaner[S0].txt - [5775 bytes] - [09/05/2015 21:50:40] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5834 bytes] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 10 May 2015 - 08:27 AM

Please run the Farbar Recovery Scan Tool. Enter loader_u.dll in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

#7 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 10 May 2015 - 06:16 PM

Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Dang at 2015-05-10 19:13:06
Running from C:\Users\Dang\Desktop
Boot Mode: Normal

================== Search Files: "loader_u.dll" =============
C:\Frst\Quarantine\C\Users\Dang\AppData\Local\Esdltion\loader_u.dll
[2015-04-29 22:22][2015-04-29 22:42] 0462848 ____A () 72566B1D497FB3AB02C0E3391FC7220A

====== End Of Search ======

Edited by jinn0z, 10 May 2015 - 07:12 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 11 May 2015 - 01:19 PM

Lets look also in the Registry.

Please run the Farbar Recovery Scan Tool. Enter loader_u.dll in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#9 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 11 May 2015 - 06:36 PM

Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Dang at 2015-05-11 19:36:00
Running from C:\Users\Dang\Desktop
Boot Mode: Normal

================== Search Registry: "loader_u.dll" ===========

[HKEY_USERS\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\3E05D42BAA531C9F7A917752D8EBFF16\1125677789ABDEFF]
"C:\Users\Dang\AppData\Local\Esdltion\loader_u.dll.txt"="720582987"

[HKEY_USERS\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\BillP Studios\Detected\Startup]
"regsvr32.exe C:\Users\Dang\AppData\Local\Usfxmedia\loader_u.dll"="04/29/2015 10:44 PM"

[HKEY_USERS\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\BillP Studios\Detected\Startup]
"C:\Windows\SysWOW64\regsvr32.exe C:\Users\Dang\AppData\Local\Esdltion\loader_u.dll"="04/29/2015 10:45 PM"

[HKEY_USERS\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\BillP Studios\WinPatrol\Run]
"C:\Windows\SysWOW64\regsvr32.exe C:\Users\Dang\AppData\Local\Esdltion\loader_u.dll"="11"

[HKEY_USERS\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Afhdworks"="C:\Windows\SysWOW64\regsvr32.exe C:\Users\Dang\AppData\Local\Esdltion\loader_u.dll"

====== End Of Search ======

Edited by jinn0z, 11 May 2015 - 06:37 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 12 May 2015 - 08:03 AM


Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00


[HKEY_USERS\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\3E05D42BAA531C9F7A917752D8EBFF16\1125677789ABDEFF]
"C:\Users\Dang\AppData\Local\Esdltion\loader_u.dll.txt"=-

[HKEY_USERS\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\BillP Studios\Detected\Startup]
"regsvr32.exe C:\Users\Dang\AppData\Local\Usfxmedia\loader_u.dll"=-

[HKEY_USERS\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\BillP Studios\Detected\Startup]
"C:\Windows\SysWOW64\regsvr32.exe C:\Users\Dang\AppData\Local\Esdltion\loader_u.dll"=-

[HKEY_USERS\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\BillP Studios\WinPatrol\Run]
"C:\Windows\SysWOW64\regsvr32.exe C:\Users\Dang\AppData\Local\Esdltion\loader_u.dll"=-

[HKEY_USERS\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Afhdworks"=-


Restart the when completed.

You can delete the fixme.reg file when done.

How is the computer running now?

#11 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 12 May 2015 - 07:07 PM

It worked now =D. Thanks!

But I have another problem. When I try to scan my computer with Avira, it mentioned YiLvcSl.jpg

I also tried it in safe mode but Avira won't boot up.

Edited by jinn0z, 12 May 2015 - 10:36 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 13 May 2015 - 07:08 AM

Re install Avira.

Keep me posted.

#13 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 13 May 2015 - 08:29 PM

Re-installation doesn't work either.

nECXan6.jpg

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:28 AM

Posted 14 May 2015 - 07:41 AM

Follow the instructions on this page.

https://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1541

#15 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 14 May 2015 - 07:30 PM

Everything worked, so thats all for now. Thanks a lot for the help nasdaq.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users