Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Setup script address gets automatically changed to http://n.net/proxy.pac


  • This topic is locked This topic is locked
7 replies to this topic

#1 mohikhan1995

mohikhan1995

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 30 January 2016 - 08:20 AM

I am facing a problem for past few days, almost a month. The setup script address on proxy settings in my laptop gets changed automatically to http://n.net/proxy.pac, even after resetting or deleting the registry values. I tried almost every solution I found on internet, but nothing could come to any assistance. So I decided to post this as a topic.

 

When the proxy setup address is set to the given link. interface of Google gets changed. Screenshot is attached below. And to my suspicion, the malware might be from my gmail account, since I use that account to log on in google chrome. And another problem is, just when I see the address got changed after resetting which means the malware attacked again, several apps get installed on my android phone automatically, if the phone is connected to internet. Hence to mention that I use the same gmail account in play store in my mobile. That's how my suspicion built up.

 

So the question is how I can get rid of this problem. Any help would be lifesaving for me.

 

Thanks in advance.

Attached Files


Edited by mohikhan1995, 30 January 2016 - 08:21 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 30 January 2016 - 10:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

How is the computer running now?
Wait for further instructions.

p.s.
Make sure you clean everything that the Malwarebytes program will identify.

#3 mohikhan1995

mohikhan1995
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 30 January 2016 - 12:28 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 30-Jan-16
Scan Time: 10:56 PM
Logfile: Application log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.30.03
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Mohi
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344081
Time Elapsed: 21 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
Trojan.JSRedirector, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Adobe Acrobat Pro DC Update, Delete-on-Reboot, [c6059fa09cfd043268d36fd302029a66], 
 
Registry Values: 1
Hijack.AutoConfigURL, HKU\S-1-5-21-1400104034-2459940219-808400028-1001\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://xn--koa.net/proxy.pac, Quarantined, [4d7efe41f8a1a88e645b4b95a75b6b95]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
HackTool.AutoKMS, C:\ProgramData\KMSAutoS\bin\KMSSS.exe, Quarantined, [ba11c17ea4f53303305d421c0ff38878], 
Trojan.JSRedirector, C:\Windows\System32\Tasks\Adobe Acrobat Pro DC Update, Quarantined, [517abc83d3c61d19d55ebd856a9af40c], 
Trojan.JSRedirector, C:\Windows\Tasks\Adobe Acrobat Pro DC Update.job, Quarantined, [21aa340be6b3c175d95e162c8f758779], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 mohikhan1995

mohikhan1995
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 30 January 2016 - 12:38 PM

# AdwCleaner v5.031 - Logfile created 30/01/2016 at 23:34:12
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Mohi - ASPIRE
# Running from : C:\Users\Mohi\Downloads\adwcleaner_5.031.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\simplitec
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474}
[-] Key Deleted : HKLM\SOFTWARE\simplitec
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : newscientist.com
[-] [C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : free-live-tv.en.softonic.com
[-] [C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : online-live.en.softonic.com
[-] [C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search here
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1602 bytes] ##########


#5 mohikhan1995

mohikhan1995
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 30 January 2016 - 12:42 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Mohi (administrator) on ASPIRE (30-01-2016 23:39:51)
Running from C:\Users\Mohi\Downloads
Loaded Profiles: Mohi (Available Profiles: Mohi)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Qualcomm Atheros) C:\Program Files (x86)\Qualcomm Atheros\Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(NVIDIA Corporation) C:\Users\Mohi\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14049536 2015-07-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2015-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1400104034-2459940219-808400028-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Mohi\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1400104034-2459940219-808400028-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [881336 2015-12-18] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-11-14] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b7f0cc91-b3be-4ec6-8814-3560649f2b55}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-23] (AO Kaspersky Lab)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2015-12-08] (Internet Download Manager, Tonec Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-01-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-23] (AO Kaspersky Lab)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-23] (AO Kaspersky Lab)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-12-23] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1400104034-2459940219-808400028-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-01-18] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Mohi\AppData\Roaming\Mozilla\Firefox\Profiles\h37dj5e9.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-18] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-12-15] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-01-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-23] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-12-15] (Adobe Systems)
FF Extension: IDM integration - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2015-12-09]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-12-23]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-01-23]
FF HKU\S-1-5-21-1400104034-2459940219-808400028-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-1400104034-2459940219-808400028-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Mohi\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Mohi\AppData\Roaming\IDM\idmmzcc5 [2016-01-30] [not signed]
FF HKU\S-1-5-21-1400104034-2459940219-808400028-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com.bd/"
CHR Profile: C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-23]
CHR Extension: (Google Docs) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-23]
CHR Extension: (Google Drive) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Kaspersky Protection) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-12-23]
CHR Extension: (Adobe Acrobat) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-12-25]
CHR Extension: (Google Sheets) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-23]
CHR Extension: (Yulia Brodskaya) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2016-01-01]
CHR Extension: (IDM Integration Module) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-23]
CHR Extension: (Gmail) - C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-23]
CHR Profile: C:\Users\Mohi\AppData\Local\Google\Chrome\User Data\Profile 1
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-18]
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-12-18]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [683696 2015-11-16] (Adobe Systems Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [1843368 2015-09-04] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Qualcomm Atheros QCA9377 Wireless LAN & Bluetooth Installer\Bluetooth Suite\adminservice.exe [309376 2015-01-29] (Qualcomm Atheros) [File not signed]
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-12-23] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2772720 2016-01-17] (Microsoft Corporation)
S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2015-01-28] (Acer Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-09-21] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [455912 2014-12-30] (Acer Incorporate)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-26] (Electronic Arts)
S3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [476904 2015-02-03] (Acer Incorporated)
S3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2015-02-03] (Acer Incorporated)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-23] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-23] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [192312 2015-06-23] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
R3 Qcamain; C:\Windows\System32\drivers\Qcamainx64.sys [2299392 2015-01-28] (Qualcomm Atheros, Inc.)
S3 Qcamain10x64; C:\Windows\System32\drivers\Qcamain10x64.sys [2327040 2015-10-30] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [56520 2015-08-05] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-30 23:39 - 2016-01-30 23:40 - 00024486 _____ C:\Users\Mohi\Downloads\FRST.txt
2016-01-30 23:39 - 2016-01-30 23:39 - 00000000 ____D C:\FRST
2016-01-30 23:30 - 2016-01-30 23:34 - 00000000 ____D C:\AdwCleaner
2016-01-30 22:56 - 2016-01-30 22:56 - 01507840 _____ C:\Users\Mohi\Downloads\adwcleaner_5.031.exe
2016-01-30 22:54 - 2016-01-30 23:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-30 22:52 - 2016-01-30 22:52 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-30 22:52 - 2016-01-30 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-30 22:52 - 2016-01-30 22:52 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-30 22:52 - 2016-01-30 22:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-30 22:52 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-30 22:52 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-30 22:52 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-30 22:50 - 2016-01-30 22:51 - 22908888 _____ (Malwarebytes ) C:\Users\Mohi\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-29 14:12 - 2016-01-16 12:37 - 00202472 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-01-29 14:12 - 2016-01-16 12:36 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-29 14:12 - 2016-01-16 12:36 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-29 14:12 - 2016-01-16 12:34 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-29 14:12 - 2016-01-16 12:24 - 00538632 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2016-01-29 14:12 - 2016-01-16 12:23 - 08728920 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-01-29 14:12 - 2016-01-16 12:23 - 00848160 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-01-29 14:12 - 2016-01-16 12:23 - 00785088 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-29 14:12 - 2016-01-16 12:23 - 00536256 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-01-29 14:12 - 2016-01-16 12:23 - 00408120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-01-29 14:12 - 2016-01-16 12:23 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-01-29 14:12 - 2016-01-16 12:21 - 22572624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-01-29 14:12 - 2016-01-16 12:21 - 01750440 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2016-01-29 14:12 - 2016-01-16 12:20 - 06971752 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-29 14:12 - 2016-01-16 12:20 - 06600904 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-01-29 14:12 - 2016-01-16 12:20 - 00652312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-29 14:12 - 2016-01-16 12:20 - 00431240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2016-01-29 14:12 - 2016-01-16 12:20 - 00366224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-01-29 14:12 - 2016-01-16 12:19 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-01-29 14:12 - 2016-01-16 12:19 - 00405568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-01-29 14:12 - 2016-01-16 12:17 - 21125400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-01-29 14:12 - 2016-01-16 12:16 - 05238360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-01-29 14:12 - 2016-01-16 12:13 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-01-29 14:12 - 2016-01-16 12:13 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-01-29 14:12 - 2016-01-16 12:12 - 01415200 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-01-29 14:12 - 2016-01-16 12:09 - 01089880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-01-29 14:12 - 2016-01-16 12:08 - 01174008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-01-29 14:12 - 2016-01-16 12:08 - 00440152 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-01-29 14:12 - 2016-01-16 11:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbser.sys
2016-01-29 14:12 - 2016-01-16 11:45 - 16986112 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-01-29 14:12 - 2016-01-16 11:44 - 22394368 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-01-29 14:12 - 2016-01-16 11:44 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-01-29 14:12 - 2016-01-16 11:44 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\rasadhlp.dll
2016-01-29 14:12 - 2016-01-16 11:44 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\rastlsext.dll
2016-01-29 14:12 - 2016-01-16 11:43 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\winhttpcom.dll
2016-01-29 14:12 - 2016-01-16 11:42 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-01-29 14:12 - 2016-01-16 11:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\sscoreext.dll
2016-01-29 14:12 - 2016-01-16 11:41 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2016-01-29 14:12 - 2016-01-16 11:40 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-01-29 14:12 - 2016-01-16 11:40 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\rasauto.dll
2016-01-29 14:12 - 2016-01-16 11:40 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2016-01-29 14:12 - 2016-01-16 11:40 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\rasautou.exe
2016-01-29 14:12 - 2016-01-16 11:39 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\FilterDS.dll
2016-01-29 14:12 - 2016-01-16 11:38 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-01-29 14:12 - 2016-01-16 11:38 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-01-29 14:12 - 2016-01-16 11:38 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\SimCfg.dll
2016-01-29 14:12 - 2016-01-16 11:38 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\winbio.dll
2016-01-29 14:12 - 2016-01-16 11:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-01-29 14:12 - 2016-01-16 11:37 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-01-29 14:12 - 2016-01-16 11:37 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-01-29 14:12 - 2016-01-16 11:37 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SMSRouter.dll
2016-01-29 14:12 - 2016-01-16 11:36 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-01-29 14:12 - 2016-01-16 11:36 - 00475648 _____ (Microsoft Corporation) C:\Windows\system32\DDDS.dll
2016-01-29 14:12 - 2016-01-16 11:36 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-29 14:12 - 2016-01-16 11:36 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\SimAuth.dll
2016-01-29 14:12 - 2016-01-16 11:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastlsext.dll
2016-01-29 14:12 - 2016-01-16 11:35 - 13018624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-01-29 14:12 - 2016-01-16 11:35 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-29 14:12 - 2016-01-16 11:35 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasadhlp.dll
2016-01-29 14:12 - 2016-01-16 11:34 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-01-29 14:12 - 2016-01-16 11:34 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2016-01-29 14:12 - 2016-01-16 11:34 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-29 14:12 - 2016-01-16 11:34 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-01-29 14:12 - 2016-01-16 11:34 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttpcom.dll
2016-01-29 14:12 - 2016-01-16 11:33 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2016-01-29 14:12 - 2016-01-16 11:33 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-29 14:12 - 2016-01-16 11:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-01-29 14:12 - 2016-01-16 11:32 - 24602624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-29 14:12 - 2016-01-16 11:32 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2016-01-29 14:12 - 2016-01-16 11:32 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2016-01-29 14:12 - 2016-01-16 11:31 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-01-29 14:12 - 2016-01-16 11:31 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-01-29 14:12 - 2016-01-16 11:31 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-01-29 14:12 - 2016-01-16 11:31 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-01-29 14:12 - 2016-01-16 11:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasautou.exe
2016-01-29 14:12 - 2016-01-16 11:30 - 13382656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-29 14:12 - 2016-01-16 11:30 - 02127360 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-29 14:12 - 2016-01-16 11:30 - 01053696 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-01-29 14:12 - 2016-01-16 11:30 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-29 14:12 - 2016-01-16 11:30 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SimCfg.dll
2016-01-29 14:12 - 2016-01-16 11:30 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winbio.dll
2016-01-29 14:12 - 2016-01-16 11:29 - 01500672 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-01-29 14:12 - 2016-01-16 11:29 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-01-29 14:12 - 2016-01-16 11:28 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-01-29 14:12 - 2016-01-16 11:28 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-01-29 14:12 - 2016-01-16 11:28 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-01-29 14:12 - 2016-01-16 11:28 - 00884736 _____ (Microsoft Corporation) C:\Windows\system32\rasdlg.dll
2016-01-29 14:12 - 2016-01-16 11:28 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SimAuth.dll
2016-01-29 14:12 - 2016-01-16 11:27 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-29 14:12 - 2016-01-16 11:26 - 19338752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-29 14:12 - 2016-01-16 11:26 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-01-29 14:12 - 2016-01-16 11:26 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-01-29 14:12 - 2016-01-16 11:26 - 00260608 _____ C:\Windows\system32\MTFServer.dll
2016-01-29 14:12 - 2016-01-16 11:26 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-01-29 14:12 - 2016-01-16 11:25 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2016-01-29 14:12 - 2016-01-16 11:25 - 00457728 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2016-01-29 14:12 - 2016-01-16 11:25 - 00235008 _____ C:\Windows\system32\MTF.dll
2016-01-29 14:12 - 2016-01-16 11:24 - 18678272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-01-29 14:12 - 2016-01-16 11:24 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2016-01-29 14:12 - 2016-01-16 11:24 - 00613888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-01-29 14:12 - 2016-01-16 11:24 - 00350720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-01-29 14:12 - 2016-01-16 11:24 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2016-01-29 14:12 - 2016-01-16 11:23 - 02050048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-29 14:12 - 2016-01-16 11:23 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-29 14:12 - 2016-01-16 11:21 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-01-29 14:12 - 2016-01-16 11:20 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-01-29 14:12 - 2016-01-16 11:20 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-01-29 14:12 - 2016-01-16 11:20 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-01-29 14:12 - 2016-01-16 11:20 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdlg.dll
2016-01-29 14:12 - 2016-01-16 11:19 - 12126208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-29 14:12 - 2016-01-16 11:19 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-01-29 14:12 - 2016-01-16 11:19 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-01-29 14:12 - 2016-01-16 11:19 - 00162816 _____ C:\Windows\SysWOW64\MTF.dll
2016-01-29 14:12 - 2016-01-16 11:19 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-29 14:12 - 2016-01-16 11:18 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-01-29 14:12 - 2016-01-16 11:18 - 01674240 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-29 14:12 - 2016-01-16 11:17 - 05503488 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-01-29 14:12 - 2016-01-16 11:16 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-01-29 14:12 - 2016-01-16 11:16 - 01542656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-29 14:12 - 2016-01-16 11:15 - 04759040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-01-29 14:12 - 2016-01-16 11:14 - 01946624 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-01-29 14:12 - 2016-01-16 11:14 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-01-29 14:12 - 2016-01-16 11:11 - 00653312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-01-29 14:12 - 2016-01-16 11:09 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-01-28 23:27 - 2016-01-28 23:27 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\MAGIX
2016-01-28 23:27 - 2016-01-28 23:27 - 00000000 ____D C:\ProgramData\MAGIX
2016-01-28 23:16 - 2015-05-06 16:54 - 00120200 _____ () C:\Windows\SysWOW64\DLLDEV32i.dll
2016-01-28 16:37 - 2016-01-28 16:37 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-28 16:37 - 2016-01-23 07:01 - 06366656 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-01-28 16:37 - 2016-01-23 07:01 - 02992064 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-01-28 16:37 - 2016-01-23 07:01 - 02563128 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-01-28 16:37 - 2016-01-23 07:01 - 01263040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-01-28 16:37 - 2016-01-23 07:01 - 00530368 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-01-28 16:37 - 2016-01-23 07:01 - 00393784 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-01-28 16:37 - 2016-01-23 07:01 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-01-28 16:37 - 2016-01-23 07:01 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-01-28 16:37 - 2016-01-22 08:06 - 06125650 _____ C:\Windows\system32\nvcoproc.bin
2016-01-28 16:35 - 2016-01-25 23:34 - 12474312 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-01-28 16:35 - 2016-01-23 09:31 - 42983992 _____ C:\Windows\system32\nvcompiler.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 37615040 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 31115712 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 24941112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 21202488 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 20741880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 19778944 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 17632544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 17224664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 17174032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 17116616 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 14114944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 03648552 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 03230824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 02543160 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 02187712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 01924152 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436175.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436175.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00948672 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00882232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00786872 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00745408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00689600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00632336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00423360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00378784 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00377792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00316960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00153208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-01-28 16:35 - 2016-01-23 09:31 - 00035832 _____ C:\Windows\system32\nvinfo.pb
2016-01-28 15:31 - 2016-01-28 15:31 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-01-26 22:16 - 2016-01-26 22:16 - 00250052 _____ C:\Windows\Minidump\012616-19609-01.dmp
2016-01-25 18:22 - 2016-01-25 18:22 - 00002187 _____ C:\Users\Public\Desktop\Metal Gear Solid V Ground Zeroes.lnk
2016-01-25 18:22 - 2016-01-25 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid Ground Zeroes
2016-01-25 18:21 - 2016-01-25 22:06 - 00000000 ____D C:\Program Files (x86)\Metal Gear Solid Ground Zeroes
2016-01-23 13:21 - 2016-01-23 13:21 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2016-01-23 13:21 - 2016-01-23 13:21 - 00002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2016-01-23 13:16 - 2016-01-23 13:16 - 00000000 ____D C:\Windows\system32\appmgmt
2016-01-20 10:58 - 2016-01-20 10:58 - 00000000 ____D C:\Windows\%LOCALAPPDATA%
2016-01-19 11:08 - 2015-12-18 12:10 - 00099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-01-19 11:08 - 2015-12-18 12:10 - 00090768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-01-17 13:41 - 2016-01-17 13:41 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\PDAppFlex
2016-01-16 20:17 - 2016-01-16 20:17 - 00000000 ____D C:\Users\Mohi\AppData\Local\Microsoft Help
2016-01-16 13:19 - 2016-01-16 13:19 - 00001107 _____ C:\Users\Public\Desktop\PhotoNinja64_1.2.6.lnk
2016-01-16 13:19 - 2016-01-16 13:19 - 00000000 ____D C:\Users\Mohi\AppData\Local\PictureCode
2016-01-16 13:19 - 2016-01-16 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Ninja 1.2.6 64 Bit
2016-01-16 13:19 - 2016-01-16 13:19 - 00000000 ____D C:\Program Files\PictureCode
2016-01-13 18:47 - 2016-01-05 08:51 - 07477600 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 18:47 - 2016-01-05 08:51 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-01-13 18:47 - 2016-01-05 08:51 - 01141496 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-01-13 18:47 - 2016-01-05 08:50 - 00671472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-13 18:47 - 2016-01-05 08:48 - 00499432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 18:47 - 2016-01-05 08:45 - 02587696 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-01-13 18:47 - 2016-01-05 08:42 - 02026736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-01-13 18:47 - 2016-01-05 08:37 - 02544256 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-13 18:47 - 2016-01-05 08:37 - 01299504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-13 18:47 - 2016-01-05 08:37 - 00858952 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-01-13 18:47 - 2016-01-05 08:37 - 00245840 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 18:47 - 2016-01-05 08:37 - 00234504 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2016-01-13 18:47 - 2016-01-05 08:36 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-01-13 18:47 - 2016-01-05 08:33 - 02180128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-13 18:47 - 2016-01-05 08:33 - 01118208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-13 18:47 - 2016-01-05 08:33 - 00701384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-01-13 18:47 - 2016-01-05 08:33 - 00208176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2016-01-13 18:47 - 2016-01-05 08:33 - 00116728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 18:47 - 2016-01-05 08:31 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-01-13 18:47 - 2016-01-05 08:27 - 01594408 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 18:47 - 2016-01-05 08:24 - 00796352 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-13 18:47 - 2016-01-05 08:23 - 01804664 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 18:47 - 2016-01-05 08:23 - 01309376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-13 18:47 - 2016-01-05 08:23 - 00786696 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 18:47 - 2016-01-05 08:23 - 00119320 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 18:47 - 2016-01-05 08:21 - 01371792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 18:47 - 2016-01-05 08:17 - 00695752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 18:47 - 2016-01-05 08:16 - 00100160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 18:47 - 2016-01-05 07:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\RMSRoamingSecurity.dll
2016-01-13 18:47 - 2016-01-05 07:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\usermgrcli.dll
2016-01-13 18:47 - 2016-01-05 07:56 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2016-01-13 18:47 - 2016-01-05 07:54 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthLEEnum.sys
2016-01-13 18:47 - 2016-01-05 07:54 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-01-13 18:47 - 2016-01-05 07:53 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2016-01-13 18:47 - 2016-01-05 07:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-13 18:47 - 2016-01-05 07:51 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2016-01-13 18:47 - 2016-01-05 07:51 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2016-01-13 18:47 - 2016-01-05 07:50 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2016-01-13 18:47 - 2016-01-05 07:50 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-01-13 18:47 - 2016-01-05 07:49 - 01582080 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-01-13 18:47 - 2016-01-05 07:49 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 18:47 - 2016-01-05 07:49 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-01-13 18:47 - 2016-01-05 07:49 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2016-01-13 18:47 - 2016-01-05 07:49 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\ProximityCommon.dll
2016-01-13 18:47 - 2016-01-05 07:48 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 18:47 - 2016-01-05 07:48 - 00387072 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 18:47 - 2016-01-05 07:48 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usermgrcli.dll
2016-01-13 18:47 - 2016-01-05 07:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-01-13 18:47 - 2016-01-05 07:47 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 18:47 - 2016-01-05 07:47 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 18:47 - 2016-01-05 07:45 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 18:47 - 2016-01-05 07:45 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\facecredentialprovider.dll
2016-01-13 18:47 - 2016-01-05 07:44 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2016-01-13 18:47 - 2016-01-05 07:43 - 00953856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-01-13 18:47 - 2016-01-05 07:43 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2016-01-13 18:47 - 2016-01-05 07:43 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 18:47 - 2016-01-05 07:43 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-01-13 18:47 - 2016-01-05 07:42 - 00166912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2016-01-13 18:47 - 2016-01-05 07:41 - 01070080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 18:47 - 2016-01-05 07:41 - 00558592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2016-01-13 18:47 - 2016-01-05 07:40 - 00890880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 18:47 - 2016-01-05 07:40 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ProximityCommon.dll
2016-01-13 18:47 - 2016-01-05 07:39 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-01-13 18:47 - 2016-01-05 07:39 - 00569856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 18:47 - 2016-01-05 07:39 - 00498176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-01-13 18:47 - 2016-01-05 07:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 18:47 - 2016-01-05 07:38 - 00389120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 18:47 - 2016-01-05 07:36 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 18:47 - 2016-01-05 07:36 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 18:47 - 2016-01-05 07:30 - 02796032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-01-13 18:47 - 2016-01-05 07:30 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-13 18:47 - 2016-01-05 07:29 - 03667456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 18:47 - 2016-01-05 07:28 - 07826432 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-01-13 18:47 - 2016-01-05 07:28 - 04894720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 18:47 - 2016-01-05 07:25 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-01-10 12:40 - 2016-01-10 12:49 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-01-09 15:07 - 2016-01-09 15:07 - 00000000 ____D C:\Users\Mohi\Downloads\Adobe Photoshop Lightroom CC 2015 6.1 + Crack
2016-01-09 15:05 - 2016-01-09 15:06 - 00752269 _____ C:\Users\Mohi\Downloads\Adobe Photoshop CC 2015 - 64Bit (Crack)[RareAbyss].rar
2016-01-09 15:02 - 2016-01-09 15:02 - 00625214 _____ C:\Users\Mohi\Downloads\Adobe.Acrobat.Pro.DC.2015.Crack.DLL.for.Win.7z
2016-01-09 14:38 - 2016-01-30 22:57 - 02370560 _____ (Farbar) C:\Users\Mohi\Downloads\FRST64.exe
2016-01-09 12:01 - 2016-01-27 23:05 - 00006144 ____H C:\Users\Mohi\Desktop\photothumb.db
2016-01-09 11:33 - 2016-01-09 11:45 - 00000000 ____D C:\Users\Mohi\AppData\Local\Akamai
2016-01-09 11:33 - 2016-01-09 11:33 - 00000000 ____D C:\ProgramData\Applications
2016-01-07 21:08 - 2016-01-14 22:11 - 00551422 _____ C:\Windows\ntbtlog.txt
2016-01-07 21:08 - 2016-01-14 22:11 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-07 18:41 - 2016-01-07 19:06 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-07 18:41 - 2016-01-07 18:41 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-01-05 23:30 - 2016-01-26 22:16 - 727003194 _____ C:\Windows\MEMORY.DMP
2016-01-05 23:30 - 2016-01-05 23:31 - 00357004 _____ C:\Windows\Minidump\010516-17906-01.dmp
2016-01-04 23:58 - 2016-01-05 00:02 - 00000000 ____D C:\Users\Mohi\Documents\FIFA 16 2
2016-01-03 14:32 - 2016-01-03 14:32 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\SolidDocuments
2016-01-01 19:13 - 2016-01-01 19:13 - 00000000 ___HD C:\Users\Mohi\Downloads\.picasaoriginals
2016-01-01 19:12 - 2016-01-01 19:13 - 00000075 ____H C:\Users\Mohi\Downloads\.picasa.ini
2016-01-01 19:02 - 2016-01-01 19:02 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\java
2016-01-01 18:56 - 2016-01-01 18:56 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-01-01 18:56 - 2016-01-01 18:56 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\Sun
2016-01-01 18:56 - 2016-01-01 18:56 - 00000000 ____D C:\Users\Mohi\AppData\LocalLow\Sun
2016-01-01 18:56 - 2016-01-01 18:56 - 00000000 ____D C:\Users\Mohi\.oracle_jre_usage
2016-01-01 18:56 - 2016-01-01 18:56 - 00000000 ____D C:\ProgramData\Oracle
2016-01-01 18:56 - 2016-01-01 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-01 18:56 - 2016-01-01 18:56 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-01 18:50 - 2016-01-01 18:50 - 00000000 ____D C:\Users\Mohi\AppData\LocalLow\Oracle
2016-01-01 18:24 - 2016-01-01 18:24 - 00000000 ____D C:\Users\Mohi\AppData\Local\ElevatedDiagnostics
2016-01-01 14:28 - 2016-01-01 14:28 - 00017408 ____H C:\Users\Mohi\Downloads\photothumb.db
2015-12-31 18:37 - 2015-12-31 18:37 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-12-31 18:36 - 2015-12-31 18:36 - 00000000 ____D C:\Users\Mohi\Documents\FIFA 16
2015-12-31 13:40 - 2016-01-30 23:18 - 00524288 ___SH C:\Users\Mohi\NTUSER.DAT{2a05c3ce-af8d-11e5-8db8-2c600cb623f6}.TMContainer00000000000000000001.regtrans-ms
2015-12-31 13:40 - 2016-01-30 23:18 - 00065536 ___SH C:\Users\Mohi\NTUSER.DAT{2a05c3ce-af8d-11e5-8db8-2c600cb623f6}.TM.blf
2015-12-31 13:40 - 2015-12-31 13:42 - 00524288 ___SH C:\Users\Mohi\NTUSER.DAT{2a05c3ce-af8d-11e5-8db8-2c600cb623f6}.TMContainer00000000000000000002.regtrans-ms
2015-12-31 13:11 - 2016-01-30 23:36 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-12-31 13:11 - 2016-01-30 18:16 - 00004698 _____ C:\Windows\setupact.log
2015-12-31 13:11 - 2015-12-31 13:11 - 00000000 _____ C:\Windows\setuperr.log
2015-12-31 13:07 - 2016-01-30 23:36 - 00009234 _____ C:\Windows\PFRO.log
2015-12-31 13:01 - 2015-12-31 13:01 - 00000000 ____D C:\Users\Mohi\AppData\Local\Acelogix
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-30 23:37 - 2015-12-23 00:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-30 23:37 - 2015-12-22 23:44 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-30 23:37 - 2015-12-22 23:44 - 00000000 __SHD C:\Users\Mohi\IntelGraphicsProfiles
2016-01-30 23:36 - 2015-12-23 12:47 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-30 23:35 - 2015-12-22 22:55 - 00000000 ____D C:\Users\Mohi
2016-01-30 23:35 - 2015-10-30 12:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-01-30 23:24 - 2015-10-30 13:21 - 00000000 ____D C:\Windows\INF
2016-01-30 23:17 - 2015-12-25 14:10 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\Skype
2016-01-30 22:57 - 2015-12-24 21:59 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\DMCache
2016-01-30 22:20 - 2015-12-26 21:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-30 21:38 - 2015-12-25 12:43 - 00000000 ____D C:\KMPlayer
2016-01-30 21:34 - 2015-12-23 23:58 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\uTorrent
2016-01-30 18:20 - 2015-12-22 23:00 - 00879220 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-30 17:42 - 2015-12-23 23:52 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3B0DA5B8-7B79-41BC-986D-013B71129C32}
2016-01-30 17:09 - 2015-12-26 22:13 - 00000000 ____D C:\ProgramData\Origin
2016-01-30 16:20 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\AppReadiness
2016-01-30 14:50 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\rescache
2016-01-30 11:41 - 2015-10-30 13:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-29 19:34 - 2015-12-25 01:43 - 00000000 ____D C:\Users\Mohi\AppData\Local\CrashDumps
2016-01-29 19:06 - 2015-12-22 22:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-29 19:02 - 2015-10-30 13:24 - 00000000 ___SD C:\Windows\system32\F12
2016-01-29 19:02 - 2015-10-30 13:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-01-29 19:02 - 2015-10-30 13:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-01-29 19:02 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-01-29 19:02 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\system32\oobe
2016-01-29 19:02 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-29 19:02 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\bcastdvr
2016-01-29 14:15 - 2015-10-30 13:11 - 00000000 ____D C:\Windows\CbsTemp
2016-01-29 14:03 - 2015-12-23 12:44 - 00341592 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-28 23:16 - 2015-12-22 23:20 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-28 16:37 - 2015-12-22 23:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-28 16:37 - 2015-12-22 23:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-28 16:37 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\Help
2016-01-28 15:32 - 2015-10-30 13:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-28 15:31 - 2015-10-30 13:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-28 15:29 - 2015-12-25 12:02 - 00000000 ____D C:\Program Files\Microsoft Office
2016-01-28 14:31 - 2015-12-25 12:15 - 00000000 ____D C:\ProgramData\KMSAutoS
2016-01-28 14:23 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\system32\NDF
2016-01-26 22:16 - 2015-12-25 23:48 - 00000000 ____D C:\Windows\Minidump
2016-01-25 00:08 - 2015-12-25 01:46 - 00000000 ____D C:\Users\Mohi\AppData\Local\Adobe
2016-01-23 21:30 - 2015-12-25 12:51 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\CodeBlocks
2016-01-23 13:22 - 2015-12-25 01:47 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-23 13:19 - 2015-12-25 01:44 - 00000000 ____D C:\ProgramData\Adobe
2016-01-23 13:19 - 2015-12-25 01:44 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-20 15:22 - 2015-12-25 23:41 - 00000000 ____D C:\Users\Mohi\Documents\Adobe
2016-01-20 15:22 - 2015-12-22 22:55 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\Adobe
2016-01-20 11:02 - 2015-10-30 12:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-01-19 12:47 - 2015-12-29 22:42 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-19 11:11 - 2015-12-22 22:55 - 00000000 ____D C:\Users\Mohi\AppData\Local\Packages
2016-01-19 11:09 - 2015-12-22 23:24 - 00000000 ____D C:\Users\Mohi\AppData\Local\NVIDIA
2016-01-17 13:42 - 2015-12-25 01:48 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-01-16 21:30 - 2015-12-23 00:11 - 00000000 ____D C:\Windows\system32\MRT
2016-01-16 21:22 - 2015-12-23 00:11 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-16 20:24 - 2015-12-25 12:12 - 00000000 ____D C:\Users\Mohi\AppData\Local\MSfree Inc
2016-01-12 10:41 - 2015-12-22 23:25 - 01542600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-01-12 10:41 - 2015-12-22 23:25 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-01-12 10:40 - 2015-12-24 22:08 - 00112032 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-12 10:40 - 2015-12-22 23:25 - 01860120 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-01-12 10:40 - 2015-12-22 23:25 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-01-10 12:40 - 2015-10-30 13:24 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-01-10 12:40 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-01-09 15:22 - 2015-12-30 00:05 - 00000000 ____D C:\Users\Mohi\AppData\LocalLow\Temp
2016-01-06 13:01 - 2015-12-22 23:16 - 00000000 ____D C:\Users\Mohi\AppData\Local\Comms
2016-01-05 12:00 - 2015-12-23 12:20 - 00000000 ____D C:\Users\Mohi\Documents\My Games
2016-01-03 07:40 - 2015-10-30 13:26 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 07:40 - 2015-10-30 13:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 22:51 - 2015-12-26 22:08 - 00001752 _____ C:\Users\Mohi\Desktop\FIFA 16.lnk
2016-01-01 14:45 - 2015-12-24 21:59 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\IDM
2016-01-01 14:34 - 2015-12-25 14:00 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\PhotoScape
2015-12-31 15:35 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\debug
2015-12-31 13:39 - 2015-10-30 13:24 - 00000000 ____D C:\Windows\system32\config\TxR
2015-12-31 13:38 - 2015-12-24 23:24 - 00000000 ____D C:\ProgramData\TEMP
2015-12-31 13:02 - 2015-12-25 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-12-31 12:53 - 2015-12-23 12:49 - 00000000 ____D C:\Windows\SoftwareDistribution
2015-12-31 12:50 - 2015-12-23 12:44 - 00000000 ____D C:\Windows\Panther
2015-12-31 11:43 - 2015-12-25 13:51 - 00000000 ____D C:\Users\Mohi\AppData\Roaming\MyPhoneExplorer
2015-12-31 10:36 - 2015-12-26 01:12 - 00000000 ___RD C:\Users\Mohi\Creative Cloud Files
 
==================== Files in the root of some directories =======
 
2015-03-26 17:48 - 2015-03-26 17:48 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-12-22 23:07 - 2015-12-22 23:07 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Mohi\AppData\Local\Temp\KMP_4.0.4.6.exe
C:\Users\Mohi\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Mohi\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-28 16:12
 
==================== End of FRST.txt ============================

Attached Files


Edited by mohikhan1995, 30 January 2016 - 12:44 PM.


#6 mohikhan1995

mohikhan1995
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  

Posted 30 January 2016 - 12:49 PM

Computer is running fine, since I have kept the 'use proxy setup' feature turned off. But the address is still remaining there. Attached File  Untitled.png   321.33KB   1 downloads

 

And MBAM is keeping 5 threats in quarantine. It is wrote there that threats don't pose threat while quarantined, so I didn't take any action further. Should I remove the threats from quarantine too?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 06 February 2016 - 01:48 PM

Should I remove the threats from quarantine too?

Yes not required.

If all is well.

To learn more about how to protect yourself while on the internet read this little
guide best security practices keep safe. http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:32 AM

Posted 06 February 2016 - 01:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users