Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection with Google Chrome and Malware keeps regenerating


  • This topic is locked This topic is locked
10 replies to this topic

#1 holyvin

holyvin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 27 August 2015 - 11:43 PM

Hello Malware Experts,

 

I have did several scans and removal process for my computer such as bootscan with Avast and using Hitmanpro, Adwcleaner and safemode scan with malwarebytes. I kept getting redirected from feed.snapdo.com to search.sidecubes.com when I opened my browser!!!! The malware called Damfese.exe is stucked in the local files and is renamed/re-downloaded back by another malware. I've deleted a lot of viruses and it comes back in a different name as SurfRight, theres some rootkit stuck i need get it out!!! 

 

This is the scan result from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-08-2015
Ran by User (administrator) on BIP_KPPK_I_N2 (28-08-2015 12:30:04)
Running from C:\Users\User\Downloads\Antivirus Remover  Tools
Loaded Profiles: User (Available Profiles: User & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Users\User\AppData\Local\Damfase.exe
(Medialand, Inc) C:\TCOstream\client\tsrvctlEx.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Medialand, Inc.) C:\TCOstream\client\TClient.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Medialand, Inc.) C:\TCOstream\client\TAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() D:\Garena Plus\ggdllhost.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast Business\AvastUI.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Medialand, Inc.) C:\TCOstream\client\TPmsAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7173632 2012-08-30] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast Business\avastUI.exe [4769352 2014-01-14] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [304696 2011-10-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [20131121] => C:\Program Files\AVAST Software\Avast Business\setup\emupdate\6bbee30f-91cc-494e-9124-02158d17a945.exe [180184 2013-11-26] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119360 2015-06-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-26] (Spotify Ltd)
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [7389752 2015-08-26] (Spotify Ltd)
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1693024 2015-08-01] (BitTorrent Inc.)
AppInit_DLLs: C:\ProgramData\Saophase\Quadtouch.dll => C:\ProgramData\Saophase\Quadtouch.dll [135680 2015-08-25] ()
AppInit_DLLs-x32: C:\ProgramData\Saophase\Medtam.dll => C:\ProgramData\Saophase\Medtam.dll [121344 2015-08-25] ()
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast Business\ashShA64.dll [2014-01-14] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzYBJ4AGpa_W99kYJ0tArMVlKOwLBEwiz_P0odpDmxeDsGhZpkaw5hx9cs5MZyevrJx15uETF2Lx2PE5&q={searchTerms}
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzrdufAYgtmy0RWDH8dxm_DEo2jv3FoAL1p8zZKy5mfIHaFYvVJ-0OvERDYp2IaLEu8rwHK5JEtyD-n_
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://malaysia.msn.com/
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzYBJ4AGpa_W99kYJ0tArMVlKOwLBEwiz_P0odpDmxeDsGhZpkaw5hx9cs5MZyevrJx15uETF2Lx2PE5&q={searchTerms}
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzYBJ4AGpa_W99kYJ0tArMVlKOwLBEwiz_P0odpDmxeDsGhZpkaw5hx9cs5MZyevrJx15uETF2Lx2PE5&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKU\S-1-5-21-2113409481-3126677837-678746780-1004 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzYBJ4AGpa_W99kYJ0tArMVlKOwLBEwiz_P0odpDmxeDsGhZpkaw5hx9cs5MZyevrJx15uETF2Lx2PE5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2113409481-3126677837-678746780-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzYBJ4AGpa_W99kYJ0tArMVlKOwLBEwiz_P0odpDmxeDsGhZpkaw5hx9cs5MZyevrJx15uETF2Lx2PE5&q={searchTerms}
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast Business\aswWebRepIE64.dll [2014-01-14] (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll [2014-01-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE64.dll [2014-01-14] (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll [2014-01-14] (AVAST Software)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {41861299-EAB2-4DCC-986C-802AE12AC499} hxxp://reporting.eghrmis.gov.my/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=qddxh545qj2adw45berzjrj5&ControlID=621c3e5e947248dd8075325517790a77&Culture=2057&UICulture=9&ReportStack=1&OpType=PrintCab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5FC8216E-F739-4B1E-A917-100E8BAB4306}: [NameServer] 8.8.4.4,8.8.8.8
Tcpip\..\Interfaces\{5FC8216E-F739-4B1E-A917-100E8BAB4306}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.3.0066\npplugin2.dll [2014-07-02] (PPLive Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-30] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast Business\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast Business\WebRep\FF [2012-09-25]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-23]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-23]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-23]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-23]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-23]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-23]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-23]
CHR Extension: (avast! WebRep) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2015-08-23]
CHR Extension: (Facebook Unseen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2015-08-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-23]
CHR Extension: (Skype Click to Call) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-23]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-23]
CHR HKLM\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast Business\WebRep\Chrome\aswWebRepChrome.crx [2012-09-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [45248 2014-01-14] (AVAST Software)
R2 avast! Net Client Service; C:\Program Files\AVAST Software\Avast Business\AvastNet.exe [201296 2014-01-14] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-17] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-17] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164352 2011-08-04] (HP) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2024864 2010-08-17] (Microsoft Corp.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-05] (Electronic Arts)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-06] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 rbupdctweudnwnload; C:\Users\User\AppData\Local\Damfase.exe [47616 2015-08-22] () [File not signed]
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [536848 2012-03-20] ()
S2 SystemLoader; C:\Windows\SysWOW64\SysLoader.exe [206128 2011-02-25] (Medialand, Inc)
R2 TControlService; C:\TCOstream\client\tsrvctlEx.exe [173448 2010-10-13] (Medialand, Inc)
R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-02-03] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5858304 2012-08-30] (Broadcom Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2014-01-14] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2014-01-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2014-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2014-01-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2014-01-14] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1034464 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2014-01-14] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2014-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2014-01-14] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-17] (BlueStack Systems)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-02-10] (DT Soft Ltd)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [179368 2012-03-29] (ESET)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2891512 2012-03-26] (Sunplus Technology)
S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X]
S4 IObitUnlocker; \??\C:\Users\User\AppData\Local\Temp\APR\IObitUnlocker.sys [X]
S3 johci; system32\DRIVERS\johci.sys [X]
S3 sjcst; \??\D:\Eden Eternal\EdenEternal\avital\sjcsu64.sys [X]
U3 twfd; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 00:26 - 2015-08-28 00:26 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-08-27 12:05 - 2015-08-27 12:05 - 00002596 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-08-26 18:30 - 2015-08-26 18:30 - 00003156 _____ C:\Windows\System32\Tasks\ltg0dwpc
2015-08-26 18:30 - 2015-08-26 18:30 - 00000000 ____D C:\Program Files\Common Files\k2ae1vii
2015-08-26 16:09 - 2015-08-27 22:12 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-08-25 00:45 - 2015-08-28 01:11 - 00000000 ____D C:\ProgramData\Saophase
2015-08-25 00:45 - 2015-08-25 00:45 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
2015-08-25 00:45 - 2015-08-25 00:45 - 00000000 ____D C:\ProgramData\Saophases
2015-08-25 00:29 - 2015-08-25 00:29 - 00003156 _____ C:\Windows\System32\Tasks\y30ns1mp
2015-08-25 00:29 - 2015-08-25 00:29 - 00000000 ____D C:\Program Files\Common Files\4chqkyjx
2015-08-25 00:06 - 2015-08-28 12:29 - 00000000 ____D C:\Users\User\Downloads\Antivirus Remover  Tools
2015-08-24 23:56 - 2015-08-28 12:30 - 00000000 ____D C:\FRST
2015-08-24 15:28 - 2015-08-24 15:28 - 00003156 _____ C:\Windows\System32\Tasks\goloqyn1
2015-08-24 15:28 - 2015-08-24 15:28 - 00000000 ____D C:\Program Files\Common Files\vpy03unq
2015-08-24 10:52 - 2015-08-24 10:52 - 00000000 ____D C:\Users\User\Downloads\Napoleon_Total_War-Razor1911
2015-08-24 10:36 - 2015-08-25 03:28 - 00000000 ____D C:\Users\User\Downloads\Pharaoh + Cleopatra (GOG)
2015-08-24 10:32 - 2015-08-24 10:32 - 00012284 _____ C:\Users\User\Downloads\[kat.cr]pharaoh.cleopatra.torrent
2015-08-23 23:34 - 2015-08-23 23:34 - 00057304 _____ C:\Users\User\Downloads\[kat.cr]age.of.empires.ii.hd.torrent
2015-08-23 23:26 - 2015-08-26 11:18 - 00014480 _____ C:\Windows\system32\.crusader
2015-08-23 22:51 - 2015-08-23 22:51 - 00003238 _____ C:\Windows\System32\Tasks\comwedatey
2015-08-23 14:41 - 2015-08-23 14:41 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-23 07:02 - 2015-08-23 07:02 - 00000000 ____D C:\Users\User\AppData\Local\Chromium
2015-08-23 06:21 - 2015-08-23 06:21 - 00003086 _____ C:\Windows\System32\Tasks\{68A79D7C-2772-4F9B-A25F-DD1CD93828F5}
2015-08-23 06:18 - 2015-08-26 11:11 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-23 05:46 - 2015-08-23 05:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-23 05:23 - 2015-08-23 05:23 - 00931408 _____ (Google Inc.) C:\Users\User\Downloads\ChromeSetup.exe
2015-08-23 05:09 - 2015-08-26 11:11 - 00000000 ____D C:\AdwCleaner
2015-08-22 23:55 - 2015-08-23 02:07 - 00000000 ____D C:\Users\User\AppData\Local\gmsd_ra_005010067
2015-08-22 23:52 - 2015-08-22 23:52 - 00000000 ____D C:\ProgramData\5WinManPro5
2015-08-22 23:48 - 2015-08-22 23:59 - 00000000 ____D C:\ProgramData\FWinManProF
2015-08-22 23:48 - 2015-08-22 23:48 - 00003152 _____ C:\Windows\System32\Tasks\{DD5D47F8-DEFD-47D3-B05C-B8C72F32537F}
2015-08-22 23:48 - 2015-08-22 23:48 - 00000000 _____ C:\Windows\prleth.sys
2015-08-22 23:48 - 2015-08-22 23:48 - 00000000 _____ C:\Windows\hgfs.sys
2015-08-22 23:47 - 2015-08-22 23:47 - 00260876 _____ (VuuPC Limited) C:\Users\User\AppData\Local\nsvFDCE.tmp
2015-08-22 23:45 - 2015-08-22 23:45 - 00000217 _____ C:\task.vbs
2015-08-22 23:41 - 2015-08-28 12:10 - 00001000 _____ C:\Windows\Tasks\mRRbeI1lfivfs9D4.job
2015-08-22 23:41 - 2015-08-28 12:10 - 00001000 _____ C:\Windows\Tasks\fihPRdcCX2hFkuqI.job
2015-08-22 23:41 - 2015-08-22 23:41 - 00004034 _____ C:\Windows\System32\Tasks\mRRbeI1lfivfs9D4
2015-08-22 23:41 - 2015-08-22 23:41 - 00004034 _____ C:\Windows\System32\Tasks\fihPRdcCX2hFkuqI
2015-08-22 23:40 - 2015-08-23 04:59 - 00005180 _____ C:\Windows\Tasks\74dccc0e-268c-4e2b-b0da-0ea07ca037a6-7.job
2015-08-22 23:40 - 2015-08-23 04:59 - 00003472 _____ C:\Windows\Tasks\74dccc0e-268c-4e2b-b0da-0ea07ca037a6-1-7.job
2015-08-22 23:40 - 2015-08-23 04:59 - 00002110 _____ C:\Windows\Tasks\74dccc0e-268c-4e2b-b0da-0ea07ca037a6-10_user.job
2015-08-22 23:40 - 2015-08-22 23:40 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-22 23:37 - 2015-08-23 04:58 - 00000000 ____D C:\ProgramData\pWinManProp
2015-08-22 23:37 - 2015-08-22 23:55 - 00000000 ____D C:\ProgramData\update
2015-08-22 23:36 - 2009-06-11 05:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-22 23:35 - 2015-08-28 01:10 - 00000000 ____D C:\Program Files (x86)\8B197BD9-1440257727-11E1-952D-C888BF0C4036
2015-08-22 23:35 - 2015-08-22 23:35 - 00047616 _____ C:\Users\User\AppData\Local\Damfase.exe
2015-08-22 23:35 - 2015-08-22 23:35 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-22 23:34 - 2015-08-23 04:58 - 00000000 ____D C:\ProgramData\GuluxMecch
2015-08-20 19:48 - 2015-08-20 19:56 - 02915796 _____ C:\Users\User\Downloads\Deity Challenge Lineup Finisherss.xlsx
2015-08-20 03:00 - 2015-08-11 09:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 03:00 - 2015-08-11 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 03:00 - 2015-08-11 08:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 03:00 - 2015-08-11 08:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-16 01:12 - 2015-08-24 04:19 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-08-16 01:12 - 2015-08-16 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-08-16 01:12 - 2015-08-16 01:12 - 00000000 ____D C:\ProgramData\BlueStacks
2015-08-16 01:08 - 2015-08-16 01:08 - 00000000 ____D C:\Users\User\AppData\Local\Bluestacks
2015-08-14 20:05 - 2015-08-14 20:05 - 00000000 ____D C:\Windows\SysWOW64\1420523216
2015-08-13 03:27 - 2015-07-30 21:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:27 - 2015-07-30 21:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 21:57 - 2015-07-21 08:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 21:57 - 2015-07-21 08:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 21:57 - 2015-07-17 04:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 21:57 - 2015-07-17 04:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 21:57 - 2015-07-17 04:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 21:57 - 2015-07-17 04:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 21:57 - 2015-07-17 04:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 21:57 - 2015-07-17 04:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 21:57 - 2015-07-17 04:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 21:57 - 2015-07-17 04:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 21:57 - 2015-07-17 04:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 21:57 - 2015-07-17 04:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 21:57 - 2015-07-17 04:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 21:57 - 2015-07-17 04:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 21:57 - 2015-07-17 04:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 21:57 - 2015-07-17 04:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 21:57 - 2015-07-17 04:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 21:57 - 2015-07-17 04:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 21:57 - 2015-07-17 04:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 21:57 - 2015-07-17 04:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 21:57 - 2015-07-17 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 21:57 - 2015-07-17 03:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 21:57 - 2015-07-17 03:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 21:57 - 2015-07-17 03:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 21:57 - 2015-07-17 03:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 21:57 - 2015-07-17 03:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 21:57 - 2015-07-17 03:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 21:57 - 2015-07-17 03:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 21:57 - 2015-07-17 03:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 21:57 - 2015-07-17 03:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 21:57 - 2015-07-17 03:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 21:57 - 2015-07-17 03:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 21:57 - 2015-07-17 03:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 21:57 - 2015-07-17 03:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 21:57 - 2015-07-17 03:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 21:57 - 2015-07-17 03:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 21:57 - 2015-07-17 03:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 21:57 - 2015-07-17 03:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 21:57 - 2015-07-17 03:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 21:57 - 2015-07-17 03:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 21:57 - 2015-07-17 03:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 21:57 - 2015-07-17 03:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 21:57 - 2015-07-17 03:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 21:57 - 2015-07-17 03:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 21:57 - 2015-07-17 03:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 21:57 - 2015-07-17 03:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 21:57 - 2015-07-17 03:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 21:57 - 2015-07-17 03:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 21:57 - 2015-07-17 03:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 21:57 - 2015-07-17 03:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 21:57 - 2015-07-17 03:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 21:57 - 2015-07-17 03:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 21:57 - 2015-07-17 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 21:57 - 2015-07-17 02:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 21:57 - 2015-07-17 02:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 21:57 - 2015-07-17 02:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 21:56 - 2015-07-29 04:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 21:56 - 2015-07-29 04:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 21:56 - 2015-07-29 04:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 21:56 - 2015-07-29 04:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 21:56 - 2015-07-29 04:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 21:56 - 2015-07-29 04:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 21:56 - 2015-07-29 04:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 21:56 - 2015-07-29 03:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 21:56 - 2015-07-16 02:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 21:56 - 2015-07-16 02:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 21:56 - 2015-07-16 02:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 21:56 - 2015-07-16 02:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 21:56 - 2015-07-16 02:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 21:56 - 2015-07-16 02:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 21:56 - 2015-07-16 02:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 21:56 - 2015-07-16 02:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 21:56 - 2015-07-16 02:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 21:56 - 2015-07-16 02:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 21:56 - 2015-07-16 02:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 21:56 - 2015-07-16 02:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 21:56 - 2015-07-16 02:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 21:56 - 2015-07-16 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 21:56 - 2015-07-16 02:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 21:56 - 2015-07-16 02:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 21:56 - 2015-07-16 02:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 21:56 - 2015-07-16 01:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 21:56 - 2015-07-16 01:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 21:56 - 2015-07-16 01:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 21:56 - 2015-07-16 01:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 21:56 - 2015-07-16 01:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 21:56 - 2015-07-16 01:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 21:56 - 2015-07-16 01:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 21:56 - 2015-07-16 01:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 21:56 - 2015-07-16 01:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 21:56 - 2015-07-16 01:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 21:56 - 2015-07-16 01:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 21:56 - 2015-07-16 01:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 21:56 - 2015-07-16 01:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 21:56 - 2015-07-16 01:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 21:56 - 2015-07-16 01:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 21:56 - 2015-07-16 01:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 00:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 21:56 - 2015-07-16 00:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 21:56 - 2015-07-16 00:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 21:56 - 2015-07-16 00:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 21:56 - 2015-07-16 00:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 21:56 - 2015-07-16 00:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 00:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 00:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 00:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 21:55 - 2015-07-15 11:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 21:55 - 2015-07-11 01:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 21:55 - 2015-07-11 01:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 21:55 - 2015-07-11 01:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 21:55 - 2015-07-11 01:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 21:55 - 2015-07-11 01:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 21:55 - 2015-07-11 01:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 21:50 - 2015-07-02 04:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 21:50 - 2015-07-02 04:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 21:50 - 2015-07-02 04:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 21:50 - 2015-07-02 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 21:49 - 2015-07-31 01:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 21:49 - 2015-07-31 01:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 21:49 - 2015-07-31 01:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 21:49 - 2015-07-31 01:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 21:49 - 2015-07-31 01:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 21:49 - 2015-07-31 01:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 21:49 - 2015-07-31 00:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 21:49 - 2015-07-31 00:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 21:49 - 2015-07-31 00:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 21:49 - 2015-07-21 02:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 21:49 - 2015-07-21 02:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 21:49 - 2015-07-21 01:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 21:49 - 2015-07-21 01:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 21:49 - 2015-07-21 01:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 21:49 - 2015-07-21 01:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 21:49 - 2015-07-21 01:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 21:49 - 2015-07-15 11:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 21:49 - 2015-07-15 11:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 21:49 - 2015-07-15 11:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 21:49 - 2015-07-15 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 21:49 - 2015-07-15 10:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 21:49 - 2015-07-15 10:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 21:49 - 2015-07-15 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 21:49 - 2015-07-15 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 21:49 - 2015-07-11 01:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 21:49 - 2015-07-11 01:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 21:49 - 2015-07-10 01:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 21:49 - 2015-07-10 01:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 21:49 - 2015-07-10 01:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 21:49 - 2015-05-10 02:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 14:37 - 2015-08-17 17:49 - 00000000 ____D C:\Users\User\AppData\Roaming\Network Software
2015-08-09 11:56 - 2015-08-09 11:56 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2015-08-09 11:56 - 2015-08-09 11:56 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2015-08-09 11:49 - 2015-08-09 11:55 - 00431752 _____ () C:\Users\User\Downloads\setup.exe
2015-08-09 10:15 - 2015-08-09 10:15 - 00000085 _____ C:\Windows\EmperorEdit.INI
2015-08-09 07:32 - 2015-08-24 19:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 07:32 - 2015-08-09 07:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-09 07:32 - 2015-08-09 07:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-09 07:32 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 07:32 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-09 07:32 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-09 06:39 - 2015-08-09 07:28 - 00000000 ____D C:\Users\User\Downloads\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF
2015-08-08 00:05 - 2015-08-08 00:05 - 00000000 ____D C:\Users\User\AppData\Local\CEF
2015-07-31 01:01 - 2015-07-31 01:01 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-07-31 01:01 - 2015-07-31 01:01 - 00000000 ____D C:\Program Files\Common Files\AV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 12:30 - 2014-05-23 22:35 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-08-28 12:25 - 2014-03-04 22:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
2015-08-28 12:15 - 2009-07-14 12:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-28 12:15 - 2009-07-14 12:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-28 12:10 - 2014-03-04 22:50 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
2015-08-28 12:10 - 2014-03-04 00:05 - 00000000 ____D C:\Users\User\Tracing
2015-08-28 12:10 - 2012-10-15 17:45 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 11:54 - 2012-08-30 05:47 - 02041421 _____ C:\Windows\WindowsUpdate.log
2015-08-28 11:53 - 2012-08-30 07:14 - 00002603 _____ C:\Windows\SysWOW64\sysloader.log
2015-08-28 11:50 - 2012-08-30 06:40 - 00000000 ____D C:\ProgramData\PDFC
2015-08-28 11:49 - 2015-03-23 00:44 - 00019845 _____ C:\Windows\setupact.log
2015-08-28 11:49 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-28 05:55 - 2012-10-15 17:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-28 05:55 - 2012-08-30 06:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-28 01:13 - 2012-09-25 10:08 - 00004200 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-28 01:12 - 2009-07-14 12:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-26 16:09 - 2015-03-29 11:05 - 00037232 _____ C:\Windows\PFRO.log
2015-08-26 12:50 - 2012-10-04 15:45 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2015-08-25 17:47 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-25 17:45 - 2015-03-31 16:36 - 00191395 _____ C:\Windows\DirectX.log
2015-08-25 15:02 - 2012-08-30 06:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-25 14:53 - 2015-01-25 00:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-08-25 00:45 - 2014-03-04 00:05 - 00000975 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-25 00:06 - 2012-10-15 17:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-23 09:44 - 2014-09-11 23:13 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-08-23 08:51 - 2014-03-08 17:40 - 00045270 _____ C:\Users\User\AppData\Roaming\room_v3.dat
2015-08-23 08:49 - 2014-03-04 06:06 - 00000000 ____D C:\Users\User\AppData\Roaming\GarenaPlus
2015-08-23 08:49 - 2014-03-04 06:06 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-08-23 05:46 - 2014-03-04 00:07 - 00000000 ____D C:\Users\User\AppData\Local\Google
2015-08-23 05:33 - 2012-10-15 17:45 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-23 05:33 - 2012-10-15 17:45 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-23 05:31 - 2012-08-30 07:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-23 05:28 - 2014-12-16 06:07 - 00000000 __SHD C:\Users\User\AppData\Local\EmieBrowserModeList
2015-08-23 05:28 - 2014-04-14 13:16 - 00000000 __SHD C:\Users\User\AppData\Local\EmieUserList
2015-08-23 05:28 - 2014-04-14 13:16 - 00000000 __SHD C:\Users\User\AppData\Local\EmieSiteList
2015-08-23 05:25 - 2014-04-01 19:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2015-08-23 05:01 - 2012-08-30 07:07 - 00000000 ____D C:\Users\Administrator.SWK_PPK_ICT\Tracing
2015-08-23 04:59 - 2014-03-13 05:55 - 00003356 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Administrator
2015-08-23 02:08 - 2015-04-19 20:20 - 00000626 _____ C:\Users\User\AppData\Roaming\fihPRdcCX2hFkuqI
2015-08-23 00:32 - 2012-09-11 09:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-22 23:59 - 2009-07-14 12:45 - 00000000 ____D C:\Windows\Setup
2015-08-22 23:49 - 2012-08-30 06:31 - 00000000 ____D C:\Program Files (x86)\JMicron
2015-08-16 01:12 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-14 01:20 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 03:51 - 2009-07-14 12:45 - 00521488 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 03:50 - 2012-09-25 10:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:50 - 2012-09-25 10:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:47 - 2014-12-12 03:48 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 03:47 - 2014-05-06 20:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 03:27 - 2012-09-25 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:22 - 2012-08-30 07:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 03:10 - 2009-07-14 10:34 - 00000580 _____ C:\Windows\win.ini
2015-08-13 03:06 - 2012-08-30 07:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2015-08-13 03:06 - 2012-08-30 07:07 - 00000000 ____D C:\Program Files\Microsoft Lync
2015-08-13 03:06 - 2012-08-30 07:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2015-08-12 18:37 - 2012-08-30 06:39 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 18:37 - 2012-08-30 06:39 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 18:37 - 2012-08-30 06:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-09 09:41 - 2013-11-12 12:33 - 00000000 ____D C:\Windows\Minidump
2015-08-09 06:04 - 2015-03-15 02:15 - 00073728 _____ C:\Windows\SysWOW64\tasks.dll
2015-08-06 00:42 - 2014-11-01 23:43 - 00000000 ____D C:\Users\User\Downloads\[R.G. Mechanics] Civilization 5 GOTY
2015-08-02 10:16 - 2015-07-10 21:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-02 08:22 - 2012-08-30 21:41 - 00000000 ____D C:\Windows\Panther
2015-07-29 22:25 - 2015-04-09 02:18 - 00003618 _____ C:\Windows\System32\Tasks\Audio Updater Cleaner
 
==================== Files in the root of some directories =======
 
2015-03-14 02:15 - 2015-03-14 02:15 - 0000000 _____ () C:\Users\User\AppData\Roaming\21B8.tmp
2015-03-14 02:15 - 2015-03-14 02:16 - 0702906 _____ () C:\Users\User\AppData\Roaming\21B8.tmp.exe
2015-03-29 02:17 - 2015-03-29 02:17 - 0009662 _____ () C:\Users\User\AppData\Roaming\em_64x64.ico
2015-04-19 20:20 - 2015-08-23 02:08 - 0000626 _____ () C:\Users\User\AppData\Roaming\fihPRdcCX2hFkuqI
2015-04-15 00:28 - 2015-04-15 00:28 - 0004387 _____ () C:\Users\User\AppData\Roaming\mRRbeI1lfivfs9D4
2014-03-08 17:40 - 2015-08-23 08:51 - 0045270 _____ () C:\Users\User\AppData\Roaming\room_v3.dat
2015-08-22 23:35 - 2015-08-22 23:35 - 0047616 _____ () C:\Users\User\AppData\Local\Damfase.exe
2015-08-22 23:35 - 2015-08-22 23:35 - 0000187 _____ () C:\Users\User\AppData\Local\Damfase.exe.config
2015-08-22 23:47 - 2015-08-22 23:47 - 0260876 _____ (VuuPC Limited) C:\Users\User\AppData\Local\nsvFDCE.tmp
2015-03-23 07:07 - 2015-06-02 18:38 - 0007609 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-07-23 01:08 - 2014-07-23 01:08 - 0000000 _____ () C:\Users\User\AppData\Local\{A5184575-43A5-45D1-A96F-F95C13362E6D}
 
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\aoe3-112-english.exe
C:\Users\User\AppData\Local\Temp\aoe3-114-english.exe
C:\Users\User\AppData\Local\Temp\aoe3x-104-english.exe
C:\Users\User\AppData\Local\Temp\aoe3x-106-english.exe
C:\Users\User\AppData\Local\Temp\aoe3y-101a-english.exe
C:\Users\User\AppData\Local\Temp\aoe3y-103-english.exe
C:\Users\User\AppData\Local\Temp\chromeupdate.exe
C:\Users\User\AppData\Local\Temp\IQIYIsetup_l_huayukeji@kb006.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\standalonepatcher.exe
C:\Users\User\AppData\Local\Temp\standalonepatcherX.exe
C:\Users\User\AppData\Local\Temp\standalonepatcherY.exe
C:\Users\User\AppData\Local\Temp\Uninstall.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll
C:\Windows\SysWOW64\ssprs.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-22 00:19
 
==================== End of FRST.txt ============================

Attached Files


Edited by holyvin, 28 August 2015 - 05:11 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:56 PM

Posted 29 August 2015 - 08:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

If not already done please run the AdwCleaner tool and clean everything that will be found.

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Users\User\AppData\Local\Damfase.exe
HKLM-x32\...\Run: [] => [X]
AppInit_DLLs: C:\ProgramData\Saophase\Quadtouch.dll => C:\ProgramData\Saophase\Quadtouch.dll [135680 2015-08-25] ()
AppInit_DLLs-x32: C:\ProgramData\Saophase\Medtam.dll => C:\ProgramData\Saophase\Medtam.dll [121344 2015-08-25] ()
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzYBJ4AGpa_W99kYJ0tArMVlKOwLBEwiz_P0odpDmxeDsGhZpkaw5hx9cs5MZyevrJx15uETF2Lx2PE5&q={searchTerms}
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzrdufAYgtmy0RWDH8dxm_DEo2jv3FoAL1p8zZKy5mfIHaFYvVJ-0OvERDYp2IaLEu8rwHK5JEtyD-n_
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzYBJ4AGpa_W99kYJ0tArMVlKOwLBEwiz_P0odpDmxeDsGhZpkaw5hx9cs5MZyevrJx15uETF2Lx2PE5&q={searchTerms}
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzYBJ4AGpa_W99kYJ0tArMVlKOwLBEwiz_P0odpDmxeDsGhZpkaw5hx9cs5MZyevrJx15uETF2Lx2PE5&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKU\S-1-5-21-2113409481-3126677837-678746780-1004 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzYBJ4AGpa_W99kYJ0tArMVlKOwLBEwiz_P0odpDmxeDsGhZpkaw5hx9cs5MZyevrJx15uETF2Lx2PE5&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2113409481-3126677837-678746780-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_Bw4YeuCco2Nrfu5pjopD3OUCoCPEGCT_pTY9vVUO0h2YSBagWnhNo4G-cDQkNQzNjOe4xJuVAFfPhyzYBJ4AGpa_W99kYJ0tArMVlKOwLBEwiz_P0odpDmxeDsGhZpkaw5hx9cs5MZyevrJx15uETF2Lx2PE5&q={searchTerms}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dnligehkhogpcngalffdoomehjcbecna] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gehmndecgbcffhmfjkenpamdgechcgpe] - https://clients2.google.com/service/update2/crx
R2 rbupdctweudnwnload; C:\Users\User\AppData\Local\Damfase.exe [47616 2015-08-22] () [File not signed]
S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X]
S4 IObitUnlocker; \??\C:\Users\User\AppData\Local\Temp\APR\IObitUnlocker.sys [X]
S3 johci; system32\DRIVERS\johci.sys [X]
S3 sjcst; \??\D:\Eden Eternal\EdenEternal\avital\sjcsu64.sys [X]
U3 twfd; no ImagePath
Task: {22E6EFC7-66F2-48C2-BE7F-9D4FD67044E9} - System32\Tasks\mRRbeI1lfivfs9D4 => C:\Users\User\AppData\Roaming\mRRbeI1lfivfs9D4.exe <==== ATTENTION
C:\Users\User\AppData\Roaming\mRRbeI1lfivfs9D4.exe
Task: {2C152305-BB4A-44D8-BC6F-BC09F0FF1AC1} - \Gamma Task Menager Cleaner -> No File <==== ATTENTION
Task: {5ED1C851-0CB6-4C5F-BBA7-D6A340ADD983} - System32\Tasks\{15D3D8FF-32C0-4FA8-81AD-12BD40C1D7FA} => pcalua.exe -a C:\Users\User\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=obw <==== ATTENTION
C:\Users\User\AppData\Roaming\omiga-plus
Task: {64E11ADE-97EF-4DCF-8280-82D6F0BB7D6C} - \Get Plus Uplifter -> No File <==== ATTENTION
Task: {E0373517-7E8E-43E7-A52D-E0E6732C8D54} - System32\Tasks\fihPRdcCX2hFkuqI => C:\Users\User\AppData\Roaming\fihPRdcCX2hFkuqI.exe <==== ATTENTION
C:\Users\User\AppData\Roaming\fihPRdcCX2hFkuqI.exe
Task: C:\Windows\Tasks\74dccc0e-268c-4e2b-b0da-0ea07ca037a6-1-7.job => C:\Program Files (x86)\Cinem Plus 2.4cV22.08\74dccc0e-268c-4e2b-b0da-0ea07ca037a6-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\74dccc0e-268c-4e2b-b0da-0ea07ca037a6-10_user.job => C:\Program Files (x86)\Cinem Plus 2.4cV22.08\74dccc0e-268c-4e2b-b0da-0ea07ca037a6-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\74dccc0e-268c-4e2b-b0da-0ea07ca037a6-7.job => C:\Program Files (x86)\Cinem Plus 2.4cV22.08\74dccc0e-268c-4e2b-b0da-0ea07ca037a6-7.exe <==== ATTENTION
C:\Program Files (x86)\Cinem Plus 2.4cV22.08
Task: C:\Windows\Tasks\fihPRdcCX2hFkuqI.job => C:\Users\User\AppData\Roaming\fihPRdcCX2hFkuqI.exe <==== ATTENTION
Task: C:\Windows\Tasks\mRRbeI1lfivfs9D4.job => C:\Users\User\AppData\Roaming\mRRbeI1lfivfs9D4.exe <==== ATTENTION
C:\ProgramData\Saophase
C:\Users\User\AppData\Local\Damfase.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#3 holyvin

holyvin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 30 August 2015 - 10:28 AM

Sorry for my slow response. I had been busy for this few days and wasn't able to get on the computer to do it. I had did everything you said and it seems its all cleared but my avast still detected a virus from the temp folders when i restarted after fixing from FRST. I am not sure now whether the virus is still inside my system?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:56 PM

Posted 30 August 2015 - 01:19 PM

all cleared but my avast still detected a virus from the temp folders


Files in any \Temp folders can be deleted.

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

#5 holyvin

holyvin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 31 August 2015 - 04:19 AM

I don't see any problems now after the restart. Thank you for all the help. 

 

Regards,

 

Vincent



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:56 PM

Posted 31 August 2015 - 07:47 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 holyvin

holyvin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 02 September 2015 - 05:58 AM

Oh no, pardon me but the virus is back and is called Freshfax.exe. It was just like that day after I deleted my temp files with your TFC but my Avast has been moving it to chest everytime i restart. I havent seen any side effects of the virus but its replicating and I have no idea what to do.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:56 PM

Posted 02 September 2015 - 08:21 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===


Please run the Farbar tool one more time and post a fresh FRST log for my review.

#9 holyvin

holyvin
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 AM

Posted 05 September 2015 - 02:53 PM

There doesn't seemed to have any virus anymore for this few days.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by User (administrator) on BIP_KPPK_I_N2 (06-09-2015 03:42:30)
Running from C:\Users\User\Downloads\Antivirus Remover  Tools\FRST
Loaded Profiles: User (Available Profiles: User & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Medialand, Inc) C:\TCOstream\client\tsrvctlEx.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Medialand, Inc.) C:\TCOstream\client\TClient.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Medialand, Inc.) C:\TCOstream\client\TAgent.exe
() D:\Garena Plus\ggdllhost.exe
(Secure Updater) C:\Program Files (x86)\Audio Updater\AudioUpdater.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BitTorrent Inc.) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast Business\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Medialand, Inc.) C:\TCOstream\client\TPmsAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7173632 2012-08-30] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-03-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast Business\avastUI.exe [4769352 2014-01-14] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [304696 2011-10-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [20131121] => C:\Program Files\AVAST Software\Avast Business\setup\emupdate\6bbee30f-91cc-494e-9124-02158d17a945.exe [180184 2013-11-26] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119360 2015-06-30] (Microsoft Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3108480 2012-10-23] (DT Soft Ltd)
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-08-28] (BitTorrent Inc.)
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\...\Run: [Spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-04] (Spotify Ltd)
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\...\Run: [Spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [7535672 2015-09-04] (Spotify Ltd)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast Business\ashShA64.dll [2014-01-14] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-2113409481-3126677837-678746780-1004] => 127.0.0.1:8118
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5FC8216E-F739-4B1E-A917-100E8BAB4306}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2113409481-3126677837-678746780-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://malaysia.msn.com/
SearchScopes: HKU\S-1-5-21-2113409481-3126677837-678746780-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast Business\aswWebRepIE64.dll [2014-01-14] (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll [2014-01-14] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE64.dll [2014-01-14] (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll [2014-01-14] (AVAST Software)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {41861299-EAB2-4DCC-986C-802AE12AC499} hxxp://reporting.eghrmis.gov.my/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=qddxh545qj2adw45berzjrj5&ControlID=621c3e5e947248dd8075325517790a77&Culture=2057&UICulture=9&ReportStack=1&OpType=PrintCab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.3.0066\npplugin2.dll [2014-07-02] (PPLive Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-01-16] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-30] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast Business\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast Business\WebRep\FF [2012-09-25]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-31]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-31]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-31]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-31]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-31]
CHR Extension: (Google Sheets) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-31]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-08-31]
CHR Extension: (avast! WebRep) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2015-08-31]
CHR Extension: (Facebook Unseen) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicapmagmhahddefgokbabbgieiogjop [2015-08-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-31]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-31]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast Business\WebRep\Chrome\aswWebRepChrome.crx [2012-09-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [45248 2014-01-14] (AVAST Software)
R2 avast! Net Client Service; C:\Program Files\AVAST Software\Avast Business\AvastNet.exe [201296 2014-01-14] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-17] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-17] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164352 2011-08-04] (HP) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165144 2012-03-29] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2024864 2010-08-17] (Microsoft Corp.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-05] (Electronic Arts)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-06] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 RoxioBurnLauncher; C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [536848 2012-03-20] ()
S2 SystemLoader; C:\Windows\SysWOW64\SysLoader.exe [206128 2011-02-25] (Medialand, Inc)
R2 TControlService; C:\TCOstream\client\tsrvctlEx.exe [173448 2010-10-13] (Medialand, Inc)
R2 uArcCapture; C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2012-02-03] (ArcSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5858304 2012-08-30] (Broadcom Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2012-02-03] (ArcSoft, Inc.)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2014-01-14] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2014-01-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2014-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [70992 2014-01-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2014-01-14] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1034464 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377920 2014-01-14] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68920 2014-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2014-01-14] ()
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-02] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-17] (BlueStack Systems)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-02] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-02-10] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [179368 2012-03-29] (ESET)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [2891512 2012-03-26] (Sunplus Technology)
S3 GGSAFERDriver; \??\D:\Garena Plus\Room\safedrv.sys [X]
U3 twfd; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-05 16:48 - 2015-09-05 16:48 - 00000000 ____D C:\Windows\SysWOW64\5164856876
2015-09-03 22:52 - 2015-09-03 22:55 - 00001228 _____ C:\zoek-results.log
2015-09-03 22:49 - 2015-09-03 22:59 - 00001607 _____ C:\runcheck.txt
2015-09-03 22:49 - 2015-09-03 22:49 - 00000000 ____D C:\zoek_backup
2015-09-03 22:45 - 2015-09-03 22:46 - 01308672 _____ C:\Users\User\Desktop\zoek.exe
2015-08-31 23:41 - 2015-08-31 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-31 23:35 - 2015-09-06 02:46 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 23:35 - 2015-09-06 00:46 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-31 23:35 - 2015-09-01 00:41 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-31 23:35 - 2015-09-01 00:41 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-30 12:19 - 2015-09-04 00:05 - 00001318 _____ C:\Windows\PFRO.log
2015-08-28 19:29 - 2015-09-05 22:27 - 00000000 ____D C:\Users\User\AppData\Local\Spotify
2015-08-28 19:29 - 2015-08-28 19:29 - 00001748 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-08-28 19:11 - 2015-09-06 01:02 - 00000000 ____D C:\Users\User\AppData\Roaming\Spotify
2015-08-28 19:05 - 2015-09-05 22:25 - 00001456 _____ C:\Windows\setupact.log
2015-08-28 19:05 - 2015-08-28 19:05 - 00000000 _____ C:\Windows\setuperr.log
2015-08-28 12:50 - 2015-08-28 12:50 - 00066161 _____ C:\Users\User\Downloads\Addition.txt
2015-08-28 00:26 - 2015-08-28 00:26 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-08-27 12:05 - 2015-08-27 12:05 - 00002596 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-08-26 18:30 - 2015-08-26 18:30 - 00003156 _____ C:\Windows\System32\Tasks\ltg0dwpc
2015-08-26 18:30 - 2015-08-26 18:30 - 00000000 ____D C:\Program Files\Common Files\k2ae1vii
2015-08-26 16:09 - 2015-08-27 22:12 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2015-08-25 00:45 - 2015-08-25 00:45 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
2015-08-25 00:45 - 2015-08-25 00:45 - 00000000 ____D C:\ProgramData\Saophases
2015-08-25 00:29 - 2015-08-25 00:29 - 00003156 _____ C:\Windows\System32\Tasks\y30ns1mp
2015-08-25 00:29 - 2015-08-25 00:29 - 00000000 ____D C:\Program Files\Common Files\4chqkyjx
2015-08-25 00:06 - 2015-08-31 17:02 - 00000000 ____D C:\Users\User\Downloads\Antivirus Remover  Tools
2015-08-24 23:56 - 2015-09-06 03:42 - 00000000 ____D C:\FRST
2015-08-24 15:28 - 2015-08-24 15:28 - 00003156 _____ C:\Windows\System32\Tasks\goloqyn1
2015-08-24 15:28 - 2015-08-24 15:28 - 00000000 ____D C:\Program Files\Common Files\vpy03unq
2015-08-24 10:52 - 2015-08-30 15:55 - 00000000 ____D C:\Users\User\Downloads\Napoleon_Total_War-Razor1911
2015-08-23 23:34 - 2015-08-23 23:34 - 00057304 _____ C:\Users\User\Downloads\[kat.cr]age.of.empires.ii.hd.torrent
2015-08-23 23:26 - 2015-08-26 11:18 - 00014480 _____ C:\Windows\system32\.crusader
2015-08-23 14:41 - 2015-08-23 14:41 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-23 07:02 - 2015-08-23 07:02 - 00000000 ____D C:\Users\User\AppData\Local\Chromium
2015-08-23 06:21 - 2015-08-23 06:21 - 00003086 _____ C:\Windows\System32\Tasks\{68A79D7C-2772-4F9B-A25F-DD1CD93828F5}
2015-08-23 06:18 - 2015-08-26 11:11 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-23 05:23 - 2015-08-23 05:23 - 00931408 _____ (Google Inc.) C:\Users\User\Downloads\ChromeSetup.exe
2015-08-23 05:09 - 2015-08-30 20:15 - 00000000 ____D C:\AdwCleaner
2015-08-22 23:55 - 2015-08-23 02:07 - 00000000 ____D C:\Users\User\AppData\Local\gmsd_ra_005010067
2015-08-22 23:48 - 2015-08-22 23:48 - 00003152 _____ C:\Windows\System32\Tasks\{DD5D47F8-DEFD-47D3-B05C-B8C72F32537F}
2015-08-22 23:48 - 2015-08-22 23:48 - 00000000 _____ C:\Windows\prleth.sys
2015-08-22 23:48 - 2015-08-22 23:48 - 00000000 _____ C:\Windows\hgfs.sys
2015-08-22 23:47 - 2015-08-22 23:47 - 00260876 _____ (VuuPC Limited) C:\Users\User\AppData\Local\nsvFDCE.tmp
2015-08-22 23:45 - 2015-08-22 23:45 - 00000217 _____ C:\task.vbs
2015-08-22 23:40 - 2015-08-22 23:40 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-22 23:37 - 2015-08-23 04:58 - 00000000 ____D C:\ProgramData\pWinManProp
2015-08-22 23:37 - 2015-08-22 23:55 - 00000000 ____D C:\ProgramData\update
2015-08-22 23:36 - 2009-06-11 05:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-20 03:00 - 2015-08-11 09:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-20 03:00 - 2015-08-11 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-20 03:00 - 2015-08-11 08:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-20 03:00 - 2015-08-11 08:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-16 01:12 - 2015-08-24 04:19 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-08-16 01:12 - 2015-08-16 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-08-16 01:08 - 2015-08-16 01:08 - 00000000 ____D C:\Users\User\AppData\Local\Bluestacks
2015-08-14 20:05 - 2015-08-14 20:05 - 00000000 ____D C:\Windows\SysWOW64\1420523216
2015-08-13 03:27 - 2015-07-30 21:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:27 - 2015-07-30 21:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 21:57 - 2015-07-21 08:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 21:57 - 2015-07-21 08:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 21:57 - 2015-07-17 04:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 21:57 - 2015-07-17 04:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 21:57 - 2015-07-17 04:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 21:57 - 2015-07-17 04:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 21:57 - 2015-07-17 04:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 21:57 - 2015-07-17 04:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 21:57 - 2015-07-17 04:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 21:57 - 2015-07-17 04:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 21:57 - 2015-07-17 04:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 21:57 - 2015-07-17 04:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 21:57 - 2015-07-17 04:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 21:57 - 2015-07-17 04:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 21:57 - 2015-07-17 04:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 21:57 - 2015-07-17 04:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 21:57 - 2015-07-17 04:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 21:57 - 2015-07-17 04:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 21:57 - 2015-07-17 04:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 21:57 - 2015-07-17 04:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 21:57 - 2015-07-17 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 21:57 - 2015-07-17 03:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 21:57 - 2015-07-17 03:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 21:57 - 2015-07-17 03:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 21:57 - 2015-07-17 03:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 21:57 - 2015-07-17 03:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 21:57 - 2015-07-17 03:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 21:57 - 2015-07-17 03:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 21:57 - 2015-07-17 03:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 21:57 - 2015-07-17 03:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 21:57 - 2015-07-17 03:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 21:57 - 2015-07-17 03:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 21:57 - 2015-07-17 03:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 21:57 - 2015-07-17 03:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 21:57 - 2015-07-17 03:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 21:57 - 2015-07-17 03:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 21:57 - 2015-07-17 03:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 21:57 - 2015-07-17 03:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 21:57 - 2015-07-17 03:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 21:57 - 2015-07-17 03:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 21:57 - 2015-07-17 03:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 21:57 - 2015-07-17 03:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 21:57 - 2015-07-17 03:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 21:57 - 2015-07-17 03:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 21:57 - 2015-07-17 03:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 21:57 - 2015-07-17 03:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 21:57 - 2015-07-17 03:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 21:57 - 2015-07-17 03:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 21:57 - 2015-07-17 03:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 21:57 - 2015-07-17 03:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 21:57 - 2015-07-17 03:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 21:57 - 2015-07-17 03:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 21:57 - 2015-07-17 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 21:57 - 2015-07-17 02:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 21:57 - 2015-07-17 02:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 21:57 - 2015-07-17 02:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 21:56 - 2015-07-29 04:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-12 21:56 - 2015-07-29 04:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-12 21:56 - 2015-07-29 04:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-12 21:56 - 2015-07-29 04:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-12 21:56 - 2015-07-29 04:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-12 21:56 - 2015-07-29 04:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-12 21:56 - 2015-07-29 04:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-12 21:56 - 2015-07-29 03:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-12 21:56 - 2015-07-16 02:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 21:56 - 2015-07-16 02:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 21:56 - 2015-07-16 02:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 21:56 - 2015-07-16 02:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 21:56 - 2015-07-16 02:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 21:56 - 2015-07-16 02:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 21:56 - 2015-07-16 02:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 21:56 - 2015-07-16 02:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 21:56 - 2015-07-16 02:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 21:56 - 2015-07-16 02:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 21:56 - 2015-07-16 02:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 21:56 - 2015-07-16 02:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 21:56 - 2015-07-16 02:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 21:56 - 2015-07-16 02:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 21:56 - 2015-07-16 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 21:56 - 2015-07-16 02:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 21:56 - 2015-07-16 02:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 21:56 - 2015-07-16 02:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 02:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 21:56 - 2015-07-16 01:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 21:56 - 2015-07-16 01:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 21:56 - 2015-07-16 01:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 21:56 - 2015-07-16 01:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 21:56 - 2015-07-16 01:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 21:56 - 2015-07-16 01:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 21:56 - 2015-07-16 01:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 21:56 - 2015-07-16 01:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 21:56 - 2015-07-16 01:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 21:56 - 2015-07-16 01:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 21:56 - 2015-07-16 01:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 21:56 - 2015-07-16 01:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 21:56 - 2015-07-16 01:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 21:56 - 2015-07-16 01:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 21:56 - 2015-07-16 01:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 21:56 - 2015-07-16 01:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 21:56 - 2015-07-16 01:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 01:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 00:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 21:56 - 2015-07-16 00:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 21:56 - 2015-07-16 00:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 21:56 - 2015-07-16 00:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 21:56 - 2015-07-16 00:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 21:56 - 2015-07-16 00:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 00:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 00:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 21:56 - 2015-07-16 00:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 21:55 - 2015-07-15 11:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 21:55 - 2015-07-11 01:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 21:55 - 2015-07-11 01:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-12 21:55 - 2015-07-11 01:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 21:55 - 2015-07-11 01:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 21:55 - 2015-07-11 01:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 21:55 - 2015-07-11 01:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-12 21:50 - 2015-07-02 04:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 21:50 - 2015-07-02 04:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 21:50 - 2015-07-02 04:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 21:50 - 2015-07-02 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 21:49 - 2015-07-31 02:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 21:49 - 2015-07-31 01:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 21:49 - 2015-07-31 01:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 21:49 - 2015-07-31 01:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 21:49 - 2015-07-31 01:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 21:49 - 2015-07-31 01:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 21:49 - 2015-07-31 01:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 21:49 - 2015-07-31 00:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 21:49 - 2015-07-31 00:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 21:49 - 2015-07-31 00:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-12 21:49 - 2015-07-21 02:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-12 21:49 - 2015-07-21 02:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-12 21:49 - 2015-07-21 02:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-12 21:49 - 2015-07-21 01:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-12 21:49 - 2015-07-21 01:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-12 21:49 - 2015-07-21 01:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-12 21:49 - 2015-07-21 01:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-12 21:49 - 2015-07-21 01:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-12 21:49 - 2015-07-15 11:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 21:49 - 2015-07-15 11:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 21:49 - 2015-07-15 11:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 21:49 - 2015-07-15 11:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 21:49 - 2015-07-15 10:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 21:49 - 2015-07-15 10:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 21:49 - 2015-07-15 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 21:49 - 2015-07-15 10:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 21:49 - 2015-07-11 01:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 21:49 - 2015-07-11 01:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 21:49 - 2015-07-10 01:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 21:49 - 2015-07-10 01:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 21:49 - 2015-07-10 01:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 21:49 - 2015-05-10 02:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 11:56 - 2015-08-09 11:56 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2015-08-09 11:56 - 2015-08-09 11:56 - 00000000 ____D C:\Users\User\AppData\Local\Apps\2.0
2015-08-09 11:49 - 2015-08-09 11:55 - 00431752 _____ () C:\Users\User\Downloads\setup.exe
2015-08-09 10:15 - 2015-08-09 10:15 - 00000085 _____ C:\Windows\EmperorEdit.INI
2015-08-09 07:32 - 2015-08-24 19:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-09 07:32 - 2015-08-09 07:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-09 07:32 - 2015-08-09 07:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-09 07:32 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-09 07:32 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-09 07:32 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-09 06:39 - 2015-08-09 07:28 - 00000000 ____D C:\Users\User\Downloads\Malwarebytes Anti-Malware Premium 2.1.8.1057 Multilingual + KeyGen by FFF
2015-08-08 00:05 - 2015-08-08 00:05 - 00000000 ____D C:\Users\User\AppData\Local\CEF
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-06 03:43 - 2014-05-23 22:35 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-09-06 03:36 - 2012-08-30 06:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-05 22:37 - 2009-07-14 12:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-05 22:37 - 2009-07-14 12:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-05 22:32 - 2012-09-25 10:08 - 00004200 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-09-05 22:31 - 2012-08-30 05:47 - 01540224 _____ C:\Windows\WindowsUpdate.log
2015-09-05 22:29 - 2012-08-30 07:14 - 00003978 _____ C:\Windows\SysWOW64\sysloader.log
2015-09-05 22:27 - 2014-03-04 00:05 - 00000000 ____D C:\Users\User\Tracing
2015-09-05 22:25 - 2012-08-30 06:40 - 00000000 ____D C:\ProgramData\PDFC
2015-09-05 22:25 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-04 10:06 - 2014-03-04 06:06 - 00000000 ____D C:\ProgramData\GarenaMessenger
2015-09-04 05:06 - 2014-03-08 17:40 - 00045270 _____ C:\Users\User\AppData\Roaming\room_v3.dat
2015-09-04 00:25 - 2014-03-04 06:06 - 00000000 ____D C:\Users\User\AppData\Roaming\GarenaPlus
2015-09-03 22:17 - 2014-04-22 01:46 - 00000000 ____D C:\Users\User\Downloads\eeeeuuuugghh
2015-09-02 22:24 - 2012-10-04 15:45 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2015-08-31 23:41 - 2014-03-04 00:07 - 00000000 ____D C:\Users\User\AppData\Local\Google
2015-08-31 23:41 - 2012-10-15 17:44 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-30 22:26 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-29 14:01 - 2015-01-25 00:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-08-28 01:12 - 2009-07-14 12:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-25 17:47 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-25 15:02 - 2012-08-30 06:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-25 00:45 - 2014-03-04 00:05 - 00000975 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-23 09:44 - 2014-09-11 23:13 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-08-23 05:31 - 2012-08-30 07:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-23 05:25 - 2014-04-01 19:39 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2015-08-23 05:01 - 2012-08-30 07:07 - 00000000 ____D C:\Users\Administrator.SWK_PPK_ICT\Tracing
2015-08-23 04:59 - 2014-03-13 05:55 - 00003356 _____ C:\Windows\System32\Tasks\gg_uac_daemon_Administrator
2015-08-23 02:08 - 2015-04-19 20:20 - 00000626 _____ C:\Users\User\AppData\Roaming\fihPRdcCX2hFkuqI
2015-08-23 00:32 - 2012-09-11 09:02 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-22 23:59 - 2009-07-14 12:45 - 00000000 ____D C:\Windows\Setup
2015-08-22 23:49 - 2012-08-30 06:31 - 00000000 ____D C:\Program Files (x86)\JMicron
2015-08-16 01:12 - 2009-07-14 11:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-14 01:20 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2015-08-13 03:51 - 2009-07-14 12:45 - 00521488 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 03:50 - 2012-09-25 10:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 03:50 - 2012-09-25 10:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 03:47 - 2014-12-12 03:48 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-13 03:47 - 2014-05-06 20:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-13 03:27 - 2012-09-25 10:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:22 - 2012-08-30 07:01 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 03:10 - 2009-07-14 10:34 - 00000580 _____ C:\Windows\win.ini
2015-08-13 03:06 - 2012-08-30 07:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
2015-08-13 03:06 - 2012-08-30 07:07 - 00000000 ____D C:\Program Files\Microsoft Lync
2015-08-13 03:06 - 2012-08-30 07:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
2015-08-12 18:37 - 2012-08-30 06:39 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 18:37 - 2012-08-30 06:39 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 18:37 - 2012-08-30 06:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-09 09:41 - 2013-11-12 12:33 - 00000000 ____D C:\Windows\Minidump
2015-08-09 06:04 - 2015-03-15 02:15 - 00073728 _____ C:\Windows\SysWOW64\tasks.dll
 
==================== Files in the root of some directories =======
 
2015-03-14 02:15 - 2015-03-14 02:15 - 0000000 _____ () C:\Users\User\AppData\Roaming\21B8.tmp
2015-03-14 02:15 - 2015-03-14 02:16 - 0702906 _____ () C:\Users\User\AppData\Roaming\21B8.tmp.exe
2015-03-29 02:17 - 2015-03-29 02:17 - 0009662 _____ () C:\Users\User\AppData\Roaming\em_64x64.ico
2015-04-19 20:20 - 2015-08-23 02:08 - 0000626 _____ () C:\Users\User\AppData\Roaming\fihPRdcCX2hFkuqI
2015-04-15 00:28 - 2015-04-15 00:28 - 0004387 _____ () C:\Users\User\AppData\Roaming\mRRbeI1lfivfs9D4
2014-03-08 17:40 - 2015-09-04 05:06 - 0045270 _____ () C:\Users\User\AppData\Roaming\room_v3.dat
2015-08-22 23:35 - 2015-08-22 23:35 - 0000187 _____ () C:\Users\User\AppData\Local\Damfase.exe.config
2015-08-22 23:47 - 2015-08-22 23:47 - 0260876 _____ (VuuPC Limited) C:\Users\User\AppData\Local\nsvFDCE.tmp
2015-03-23 07:07 - 2015-06-02 18:38 - 0007609 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-07-23 01:08 - 2014-07-23 01:08 - 0000000 _____ () C:\Users\User\AppData\Local\{A5184575-43A5-45D1-A96F-F95C13362E6D}
 
Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\7za.exe
C:\Users\User\AppData\Local\Temp\DaS_21.exe
C:\Users\User\AppData\Local\Temp\hijackthis.exe
C:\Users\User\AppData\Local\Temp\NirCmd.exe
C:\Users\User\AppData\Local\Temp\PEVZ.EXE
C:\Users\User\AppData\Local\Temp\remove.exe
C:\Users\User\AppData\Local\Temp\sed.exe
C:\Users\User\AppData\Local\Temp\shortcut.exe
C:\Users\User\AppData\Local\Temp\swreg.exe
C:\Users\User\AppData\Local\Temp\swxcacls.exe
C:\Users\User\AppData\Local\Temp\wget.exe
C:\Users\User\AppData\Local\Temp\zoek-delete.exe
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\nsprs.dll
C:\Windows\SysWOW64\serauth1.dll
C:\Windows\SysWOW64\serauth2.dll
C:\Windows\SysWOW64\ssprs.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-01 16:36
 
==================== End of FRST.txt ============================

Attached Files


Edited by holyvin, 05 September 2015 - 02:59 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:56 PM

Posted 06 September 2015 - 07:46 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:56 PM

Posted 12 September 2015 - 08:43 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users