Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Viceice dot com ; browser hijacked?


  • This topic is locked This topic is locked
10 replies to this topic

#1 heIpmepls

heIpmepls

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 21 March 2016 - 08:09 AM

Hi guys, I've recently been browser hijacked and my homepage always shows that Viceice .com webpage. I've tried scanning with AdwCleaner & Malwarebytes Pro but it doesn't seem to be working.

 

Here is my FRST log..? 

(im not sure if this is what you guys need)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Joel (administrator) on IJY (21-03-2016 21:07:04)
Running from C:\FRST\FRST-OlderVersion
Loaded Profiles: Joel &  (Available Profiles: Joel)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files\PreSonus\AudioBox\AudioBox.exe
(Valve Corporation) E:\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\ProgramData\GarenaCIG\GarenaCIG.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) E:\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\ProgramData\GarenaCIG\GarenaCIG.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) E:\TeamViewer\TeamViewer_Service.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\Garena Plus\bbtalk\BBTalk.exe
(Jitbit Macro Recorder) E:\Jitbit Macro Recorder\MacroRecorder\MacroRecorder.exe
(Electronic Arts Seoul Studio) E:\Fifa Online 3\GameData\Apps\FO3\fifalauncher.exe
(Electronic Arts Seoul Studio) E:\Fifa Online 3\GameData\Apps\FO3\fifazf.exe
(Wellbia.com) E:\Fifa Online 3\GameData\Apps\FO3\XignCode\xxd-0.xem
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2685072 2015-05-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [ctfmon] => C:\Windows\system32\CTFMON.exe [9728 2009-07-14] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-27] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [GarenaCIG] => C:\ProgramData\GarenaCIG\GarenaCIG.exe [4278936 2016-03-18] ()
HKU\S-1-5-21-1725554695-2874560869-3025143003-1000\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7593984 2014-07-16] ()
HKU\S-1-5-21-1725554695-2874560869-3025143003-1000\...\Run: [Steam] => E:\Steam\steam.exe [3074128 2016-03-11] (Valve Corporation)
HKU\S-1-5-21-1725554695-2874560869-3025143003-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1725554695-2874560869-3025143003-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9862184 2016-03-17] ()
HKU\S-1-5-21-1725554695-2874560869-3025143003-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AudioBox VSL] => C:\Program Files\PreSonus\AudioBox\AudioBox.exe [7593984 2014-07-16] ()
HKU\S-1-5-21-1725554695-2874560869-3025143003-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => E:\Steam\steam.exe [3074128 2016-03-11] (Valve Corporation)
HKU\S-1-5-21-1725554695-2874560869-3025143003-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1725554695-2874560869-3025143003-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9862184 2016-03-17] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-02-04]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{49CC609D-331E-4F20-99F8-32B38B598C53}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F3D285AF-BDD9-4652-8BAE-34FB0A3F377A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1725554695-2874560869-3025143003-1000 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1725554695-2874560869-3025143003-1000 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1725554695-2874560869-3025143003-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
SearchScopes: HKU\S-1-5-21-1725554695-2874560869-3025143003-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2039DD3E-4E72-4C20-90E7-9FD959AA7D06} URL = hxxp://www.google.com/cse?cx=partner-pub-0900663996874144:4435833467&ie=UTF-8&q={searchTerms}&sa=Search&ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\Tswn7FZe.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-08-27] ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\Tswn7FZe.default\Extensions\abs@avira.com [2015-06-24] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com.sg/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8
CHR StartupUrls: Default -> "hxxp://www.viceice.com/"
CHR Profile: C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (The Space ) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchoeafalnaacdkpoodkjnbogigpjabk [2016-03-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-02-04] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-02-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-14] (Creative Technology Ltd) [File not signed]
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [20512 2014-03-13] (Micro-Star Int'l Co., Ltd.)
R2 GarenaCIG; C:\ProgramData\GarenaCIG\GarenaCIG.exe [4278936 2016-03-18] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-02] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1884304 2015-05-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22997648 2015-05-02] (NVIDIA Corporation)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-05] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; E:\TeamViewer\TeamViewer_Service.exe [6887696 2015-11-30] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [34304 2011-12-21] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2016-03-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2012-02-28] (ManyCam LLC)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-02] () [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio_x64.sys [260096 2014-04-16] ()
S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp_x64.sys [62464 2014-07-16] ()
S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks_x64.sys [46080 2014-04-16] ()
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [33448 2014-12-30] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-05] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-11] (Razer, Inc.)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [31912 2014-12-30] (Razer Inc)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2014-07-02] (SplitmediaLabs Limited)
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
R3 gkernel; \??\C:\Users\Joel\AppData\Local\Temp\gkernel.sys [X]
R3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-21 20:10 - 2016-03-21 20:10 - 00615478 _____ C:\Users\Joel\Downloads\Autoruns.zip
2016-03-21 20:05 - 2016-03-21 20:06 - 00000000 ____D C:\AdwCleaner
2016-03-21 20:04 - 2016-03-21 20:04 - 01529344 _____ C:\Users\Joel\Downloads\AdwCleaner.exe
2016-03-21 18:46 - 2016-03-21 18:47 - 19995829 _____ C:\Users\Joel\Downloads\Malwarebytes Patch.zip
2016-03-21 18:45 - 2016-03-21 20:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-21 18:45 - 2016-03-21 18:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-21 18:45 - 2016-03-21 18:45 - 00001122 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-21 18:45 - 2016-03-21 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-21 18:45 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-21 18:45 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-21 18:45 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-21 18:44 - 2016-03-21 18:44 - 22851472 _____ (Malwarebytes ) C:\Users\Joel\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-20 20:49 - 2016-03-20 20:49 - 14572000 _____ (Microsoft Corporation) C:\Users\Joel\Desktop\vc_redist.x64.exe
2016-03-20 17:39 - 2016-03-20 17:39 - 240397312 _____ C:\Users\Joel\AppData\Roaming\Launcher.dat
2016-03-20 17:39 - 2016-03-20 17:39 - 00000009 _____ C:\Users\Joel\AppData\Roaming\update.dat
2016-03-20 17:28 - 2016-03-21 00:24 - 00000000 ____D C:\Users\Joel\Desktop\Singsong sheets and lyrics
2016-03-16 21:55 - 2016-03-21 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WWE 2K16
2016-03-15 18:57 - 2016-03-15 18:57 - 00000000 ____D C:\Users\Joel\Documents\FIFA ONLINE3
2016-03-09 23:32 - 2016-03-09 23:32 - 00000000 ____D C:\Users\Joel\Documents\VideoPad Projects
2016-03-09 22:47 - 2016-03-09 22:47 - 00001306 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-03-09 22:47 - 2016-03-09 22:47 - 00001166 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPad Video Editor.lnk
2016-03-09 22:47 - 2016-03-09 22:47 - 00001154 _____ C:\Users\Public\Desktop\VideoPad Video Editor.lnk
2016-03-09 22:47 - 2016-03-09 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
2016-03-09 22:47 - 2016-03-09 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2016-03-09 19:28 - 2016-03-09 19:28 - 00267320 _____ C:\Windows\Minidump\030916-7597-01.dmp
2016-03-09 19:03 - 2016-02-20 03:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 19:03 - 2016-02-20 02:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 19:03 - 2016-02-19 22:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 19:03 - 2016-02-13 02:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 19:03 - 2016-02-13 02:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 19:03 - 2016-02-13 02:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 19:03 - 2016-02-13 02:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 19:03 - 2016-02-13 02:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 19:03 - 2016-02-13 02:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 19:03 - 2016-02-13 02:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 19:03 - 2016-02-13 02:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 19:03 - 2016-02-13 02:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 19:03 - 2016-02-13 02:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 19:03 - 2016-02-13 02:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 19:03 - 2016-02-13 02:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 19:03 - 2016-02-13 02:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 19:03 - 2016-02-13 02:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 19:03 - 2016-02-13 02:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 19:03 - 2016-02-13 02:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 19:03 - 2016-02-12 02:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 19:03 - 2016-02-12 02:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 19:03 - 2016-02-12 02:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 19:03 - 2016-02-12 02:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 19:03 - 2016-02-12 02:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 19:03 - 2016-02-12 02:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 19:03 - 2016-02-12 02:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 19:03 - 2016-02-12 02:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 19:03 - 2016-02-12 02:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 19:03 - 2016-02-12 02:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 19:03 - 2016-02-12 02:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 19:03 - 2016-02-12 02:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 19:03 - 2016-02-12 02:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 19:03 - 2016-02-12 02:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 19:03 - 2016-02-12 02:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 19:03 - 2016-02-12 02:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 19:03 - 2016-02-12 02:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 19:03 - 2016-02-12 02:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 19:03 - 2016-02-12 02:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 19:03 - 2016-02-12 02:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 19:03 - 2016-02-12 02:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 19:03 - 2016-02-12 02:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 19:03 - 2016-02-12 02:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 19:03 - 2016-02-12 02:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 19:03 - 2016-02-12 02:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 19:03 - 2016-02-12 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 19:03 - 2016-02-12 02:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 19:03 - 2016-02-12 02:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 19:03 - 2016-02-12 02:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 19:03 - 2016-02-12 02:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 19:03 - 2016-02-12 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 19:03 - 2016-02-12 02:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 19:03 - 2016-02-12 02:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 19:03 - 2016-02-12 02:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 19:03 - 2016-02-12 02:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 19:03 - 2016-02-12 02:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 19:03 - 2016-02-12 02:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 19:03 - 2016-02-12 02:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 19:03 - 2016-02-12 02:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 19:03 - 2016-02-12 02:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 19:03 - 2016-02-12 02:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 19:03 - 2016-02-12 02:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 19:03 - 2016-02-12 02:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 19:03 - 2016-02-12 02:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 19:03 - 2016-02-12 02:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 19:03 - 2016-02-12 02:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 02:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 01:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 19:03 - 2016-02-12 01:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 19:03 - 2016-02-12 01:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 19:03 - 2016-02-12 01:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 19:03 - 2016-02-12 01:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 19:03 - 2016-02-12 01:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 19:03 - 2016-02-12 01:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 19:03 - 2016-02-12 01:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 19:03 - 2016-02-12 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 19:03 - 2016-02-12 01:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 19:03 - 2016-02-12 01:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 19:03 - 2016-02-12 01:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 19:03 - 2016-02-12 01:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 19:03 - 2016-02-12 01:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 19:03 - 2016-02-12 01:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 01:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 19:03 - 2016-02-12 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 19:03 - 2016-02-11 22:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 19:03 - 2016-02-09 17:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 19:03 - 2016-02-09 17:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 19:03 - 2016-02-09 17:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 19:03 - 2016-02-09 17:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 19:03 - 2016-02-09 17:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 19:03 - 2016-02-09 17:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 19:03 - 2016-02-09 17:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 19:03 - 2016-02-09 17:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 19:03 - 2016-02-09 17:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 19:03 - 2016-02-09 17:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 19:03 - 2016-02-09 17:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 19:03 - 2016-02-09 14:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 19:03 - 2016-02-09 14:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 19:03 - 2016-02-09 05:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 19:03 - 2016-02-09 04:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 19:03 - 2016-02-09 04:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 19:03 - 2016-02-09 04:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 19:03 - 2016-02-09 04:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 19:03 - 2016-02-09 04:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 19:03 - 2016-02-09 04:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 19:03 - 2016-02-09 04:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 19:03 - 2016-02-09 04:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 19:03 - 2016-02-09 04:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 19:03 - 2016-02-09 04:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 19:03 - 2016-02-09 04:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 19:03 - 2016-02-09 04:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 19:03 - 2016-02-09 04:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 19:03 - 2016-02-09 04:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 19:03 - 2016-02-09 04:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 19:03 - 2016-02-09 04:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 19:03 - 2016-02-09 04:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 19:03 - 2016-02-09 04:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 19:03 - 2016-02-09 04:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 19:03 - 2016-02-09 04:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 19:03 - 2016-02-09 04:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 19:03 - 2016-02-09 04:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 19:03 - 2016-02-09 04:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 19:03 - 2016-02-09 04:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 19:03 - 2016-02-09 04:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 19:03 - 2016-02-09 04:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 19:03 - 2016-02-09 04:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 19:03 - 2016-02-09 03:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 19:03 - 2016-02-09 03:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 19:03 - 2016-02-09 03:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 19:03 - 2016-02-09 02:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 19:03 - 2016-02-09 02:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 19:03 - 2016-02-09 02:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 19:03 - 2016-02-09 02:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 19:03 - 2016-02-09 02:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 19:03 - 2016-02-09 02:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 19:03 - 2016-02-09 02:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 19:03 - 2016-02-09 02:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 19:03 - 2016-02-09 02:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 19:03 - 2016-02-09 02:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 19:03 - 2016-02-09 02:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 19:03 - 2016-02-09 02:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 19:03 - 2016-02-09 02:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 19:03 - 2016-02-09 02:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 19:03 - 2016-02-09 02:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 19:03 - 2016-02-09 02:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 19:03 - 2016-02-09 02:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 19:03 - 2016-02-09 02:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 19:03 - 2016-02-09 01:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 19:03 - 2016-02-09 01:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 19:03 - 2016-02-09 01:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 19:03 - 2016-02-09 01:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 19:03 - 2016-02-09 01:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 19:03 - 2016-02-09 01:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 19:03 - 2016-02-09 01:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 19:03 - 2016-02-09 01:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 19:03 - 2016-02-09 01:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 19:03 - 2016-02-09 01:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 19:03 - 2016-02-09 01:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 19:03 - 2016-02-09 01:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 19:03 - 2016-02-09 01:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 19:03 - 2016-02-09 01:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 19:03 - 2016-02-09 00:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 19:03 - 2016-02-06 02:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 19:03 - 2016-02-06 02:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 19:03 - 2016-02-06 02:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 19:03 - 2016-02-06 02:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 19:03 - 2016-02-06 02:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 19:03 - 2016-02-06 02:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 19:03 - 2016-02-06 02:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 19:03 - 2016-02-06 01:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 19:03 - 2016-02-06 01:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 19:03 - 2016-02-06 01:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 19:03 - 2016-02-05 22:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 19:03 - 2016-02-05 22:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 19:03 - 2016-02-05 22:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 19:03 - 2016-02-05 09:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 19:03 - 2016-02-05 02:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 19:03 - 2016-02-05 01:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 19:03 - 2016-02-04 02:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 19:03 - 2016-02-04 02:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 19:03 - 2016-02-04 02:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 19:03 - 2016-02-04 02:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 19:03 - 2016-02-04 02:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 19:03 - 2016-01-12 03:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 19:03 - 2015-11-19 22:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 19:03 - 2015-11-19 22:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-02-28 22:07 - 2016-03-14 20:40 - 00000000 ____D C:\Users\Joel\Desktop\Slam
2016-02-28 22:07 - 2016-02-28 22:08 - 00000000 ____D C:\Users\Joel\Desktop\Garena
2016-02-28 22:06 - 2016-02-28 23:04 - 00000000 ____D C:\Users\Joel\AppData\Local\SLAM
2016-02-28 21:53 - 2016-02-28 21:53 - 00001655 _____ C:\Users\Public\Desktop\MorphVOX Pro.lnk
2016-02-28 21:53 - 2016-02-28 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2016-02-28 03:00 - 2016-02-28 03:00 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-02-28 03:00 - 2016-02-28 03:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-02-28 03:00 - 2016-02-28 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-02-27 14:49 - 2016-02-28 03:00 - 00002133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-27 14:49 - 2016-02-28 03:00 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-27 14:49 - 2016-02-28 03:00 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-27 14:49 - 2016-02-28 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-26 21:26 - 2016-02-26 21:26 - 00000563 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-02-26 21:26 - 2016-02-26 21:26 - 00000563 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-02-26 18:22 - 2015-06-18 18:45 - 04496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-02-26 18:22 - 2015-06-18 17:59 - 02862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-02-26 18:22 - 2015-06-17 19:47 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2016-02-26 18:22 - 2015-06-17 14:45 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-02-26 18:22 - 2015-06-15 17:39 - 01748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-02-26 18:22 - 2015-05-26 11:59 - 00166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-02-26 18:22 - 2015-05-25 15:18 - 03195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-02-26 18:22 - 2015-05-18 14:47 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-02-26 18:22 - 2015-05-15 19:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-02-26 18:22 - 2015-05-15 16:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-02-26 18:22 - 2015-05-05 14:01 - 01948928 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO264.dll
2016-02-26 18:22 - 2015-05-05 14:01 - 01716480 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO232.dll
2016-02-26 18:22 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-02-26 18:20 - 2016-02-26 18:20 - 00003136 _____ C:\Windows\System32\Tasks\{D1983041-98A7-4E7B-8FBE-8B6D3BE54234}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-21 21:07 - 2015-09-18 22:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f21a88fad081.job
2016-03-21 21:07 - 2015-03-06 22:45 - 00000000 ____D C:\FRST
2016-03-21 21:06 - 2015-08-30 14:03 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e2e997894fa9.job
2016-03-21 21:06 - 2015-02-27 00:01 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Skype
2016-03-21 21:00 - 2015-02-04 21:31 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-21 20:25 - 2015-02-28 23:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-21 20:14 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-21 20:14 - 2009-07-14 12:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-21 20:12 - 2009-07-14 13:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-21 20:12 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-03-21 20:10 - 2015-10-04 20:01 - 00000000 ____D C:\Users\Joel\AppData\Roaming\GarenaPlus
2016-03-21 20:10 - 2015-10-04 19:11 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-03-21 20:08 - 2016-02-02 23:03 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15dcade3c2cab.job
2016-03-21 20:08 - 2015-12-03 00:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12d1ae16e4e4d.job
2016-03-21 20:08 - 2015-07-16 14:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf9459567e1b.job
2016-03-21 20:06 - 2016-02-02 23:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15dcade1961e8.job
2016-03-21 20:06 - 2015-12-03 00:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12d1ae14d3140.job
2016-03-21 20:06 - 2015-11-13 09:10 - 00003476 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-03-21 20:06 - 2015-09-18 22:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f21a88d7deae.job
2016-03-21 20:06 - 2015-08-30 14:03 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2e99765e8a4.job
2016-03-21 20:06 - 2015-05-16 22:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fe1e7ecb0ea.job
2016-03-21 20:06 - 2015-02-04 21:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-03-21 20:06 - 2015-02-04 21:31 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-21 20:06 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-21 19:41 - 2015-06-26 21:25 - 00003376 _____ C:\Windows\System32\Tasks\TaiGProUpdateTask
2016-03-20 22:56 - 2015-03-01 22:57 - 00000000 ____D C:\Users\Joel\AppData\Roaming\uTorrent
2016-03-20 20:49 - 2015-02-04 21:33 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-19 14:43 - 2015-10-04 19:11 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2016-03-18 17:39 - 2016-01-13 19:34 - 00000000 ____D C:\ProgramData\GarenaCIG
2016-03-16 23:25 - 2015-06-24 21:15 - 00001172 _____ C:\Users\Joel\Desktop\New Text Document.txt
2016-03-16 22:55 - 2015-03-22 00:04 - 00000000 ____D C:\Users\Joel\AppData\Roaming\vlc
2016-03-12 17:46 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-03-12 14:51 - 2009-07-14 13:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-03-12 01:22 - 2009-07-14 12:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-11 20:25 - 2015-02-28 23:12 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-11 20:25 - 2015-02-28 23:12 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-11 20:25 - 2015-02-28 23:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-11 20:19 - 2009-07-14 12:45 - 05031704 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-10 03:02 - 2015-02-25 22:49 - 00000000 ____D C:\Windows\system32\MRT
2016-03-10 03:00 - 2015-02-26 00:14 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-10 03:00 - 2015-02-25 22:49 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-09 23:34 - 2016-02-12 21:02 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-03-09 22:47 - 2016-02-12 21:01 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-03-09 19:28 - 2015-05-09 19:07 - 756147063 _____ C:\Windows\MEMORY.DMP
2016-03-09 19:28 - 2015-02-26 03:01 - 00000000 ____D C:\Windows\Minidump
2016-03-09 18:08 - 2015-02-04 21:32 - 00002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-29 19:31 - 2015-02-25 23:38 - 00000000 ____D C:\Users\Joel\AppData\Local\Steam
2016-02-28 20:15 - 2009-07-14 10:34 - 00000478 _____ C:\Windows\win.ini
2016-02-28 03:23 - 2015-02-04 21:40 - 00109744 _____ C:\Users\Joel\AppData\Local\GDIPFONTCACHEV1.DAT
2016-02-28 03:01 - 2015-02-04 21:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-02-27 15:03 - 2015-09-13 23:15 - 00000000 ____D C:\Users\Joel\Desktop\New folder
2016-02-27 02:02 - 2016-02-08 04:34 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-02-26 22:15 - 2015-02-04 21:35 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-02-26 22:10 - 2015-12-17 10:55 - 00000000 ____D C:\Program Files (x86)\Skype
2016-02-26 22:10 - 2015-10-04 21:03 - 00000000 ____D C:\Users\Joel\AppData\Roaming\Garena
2016-02-26 22:10 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 22:10 - 2015-04-05 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-26 22:10 - 2015-02-27 00:01 - 00000000 ____D C:\ProgramData\Skype
2016-02-26 22:10 - 2015-02-04 21:36 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-02-26 22:10 - 2015-02-04 21:36 - 00000000 ____D C:\Program Files\Realtek
2016-02-26 22:10 - 2015-02-04 21:35 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-02-26 22:10 - 2015-02-04 21:25 - 00000000 ____D C:\Users\Joel
2016-02-26 22:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\security
2016-02-26 22:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\registration
2016-02-26 22:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\AppCompat
2016-02-26 22:03 - 2011-04-12 16:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-02-26 00:01 - 2015-02-26 19:39 - 00000000 ____D C:\Users\Joel\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2016-03-20 17:39 - 2016-03-20 17:39 - 240397312 _____ () C:\Users\Joel\AppData\Roaming\Launcher.dat
2016-01-13 19:35 - 2016-01-13 19:35 - 0045270 _____ () C:\Users\Joel\AppData\Roaming\room_v3.dat
2016-03-20 17:39 - 2016-03-20 17:39 - 0000009 _____ () C:\Users\Joel\AppData\Roaming\update.dat
2016-03-20 17:41 - 2016-03-21 18:23 - 0000004 _____ () C:\Users\Joel\AppData\Roaming\Microsoft\notaut.txt
2015-02-26 22:39 - 2015-02-26 22:39 - 0007605 _____ () C:\Users\Joel\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Joel\AppData\Local\Temp\avgnt.exe
C:\Users\Joel\AppData\Local\Temp\be2fe93bc82129e89fe1cc4c32bd0d71.dll
C:\Users\Joel\AppData\Local\Temp\c5e33b6d8db822b10eec8b5666f64a1d.dll
C:\Users\Joel\AppData\Local\Temp\Garena_FO3_patcher_20150908to20151020.exe
C:\Users\Joel\AppData\Local\Temp\Garena_FO3_patcher_20151020to20151105.exe
C:\Users\Joel\AppData\Local\Temp\Garena_FO3_patcher_20151105to20151125.exe
C:\Users\Joel\AppData\Local\Temp\Garena_FO3_patcher_20151125to20160315.exe
C:\Users\Joel\AppData\Local\Temp\ggspawn1063858535.dll
C:\Users\Joel\AppData\Local\Temp\ggspawn136928871.dll
C:\Users\Joel\AppData\Local\Temp\ggspawn1556635582.dll
C:\Users\Joel\AppData\Local\Temp\ggspawn3073946679.dll
C:\Users\Joel\AppData\Local\Temp\ggspawn3680220437.dll
C:\Users\Joel\AppData\Local\Temp\ggspawn4035294288.dll
C:\Users\Joel\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Joel\AppData\Local\Temp\sfextra.dll
C:\Users\Joel\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-19 16:41
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
 
 
 
 
This is my addition.txt 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Joel (2016-03-21 21:07:24)
Running from C:\FRST\FRST-OlderVersion
Windows 7 Home Premium Service Pack 1 (X64) (2015-02-04 13:25:41)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1725554695-2874560869-3025143003-500 - Administrator - Disabled)
Guest (S-1-5-21-1725554695-2874560869-3025143003-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1725554695-2874560869-3025143003-1002 - Limited - Enabled)
Joel (S-1-5-21-1725554695-2874560869-3025143003-1000 - Administrator - Enabled) => C:\Users\Joel
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1725554695-2874560869-3025143003-1000\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-1725554695-2874560869-3025143003-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS USB-AC51 WLAN Card Utilities & Driver (HKLM-x32\...\{DDEA12A2-E130-4318-ABE3-8D4E20367E66}) (Version: 1.0.0.7 - ASUS)
AudioBox version 1.3 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.3 - PreSonus)
Blue Satin Skin (HKLM-x32\...\{B0C00181-ECF5-4124-A6DE-14EA663D4799}) (Version: 2.2.0 - Screaming Bee)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Female Voice Pack (HKLM-x32\...\{71F8C486-8A13-468E-8B73-06051075556A}) (Version: 3.3.1 - Screaming Bee)
Garena - FIFA ONLINE 3(English) (HKLM-x32\...\FO3) (Version:  - Garena Online Pte Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
how do you Do It? (HKLM-x32\...\Steam App 353360) (Version:  - Nina Freeman)
Intel® Chipset Device Software (x32 Version: 10.0.20 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Macro Recorder 5.7.1 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.7.1 - Jitbit Software)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
ManyCam 3.0.53 (remove only) (HKLM-x32\...\ManyCam) (Version: 3.0.53 - ManyCam LLC)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Melodyne singletrack (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 2.01.0045 - Celemony Software GmbH)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{76828C87-C612-4329-843B-4DB58060030A}) (Version: 4.4.9 - Screaming Bee)
MSI Gaming APP (HKLM-x32\...\{E0229316-E73B-484B-B9E0-45098AB38D8C}}_is1) (Version: 3.0.0.12 - MSI)
MSI Kombustor 2.5.9 (HKLM-x32\...\{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1) (Version:  - MSI Co., LTD)
Native Instruments Guitar Rig 4 (HKLM-x32\...\Native Instruments Guitar Rig 4) (Version:  - Native Instruments)
Native Instruments Komplete 7 Players (HKLM-x32\...\Native Instruments Komplete 7 Players) (Version:  - Native Instruments)
Native Instruments Kontakt 4 (HKLM-x32\...\Native Instruments Kontakt 4) (Version:  - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version:  - Native Instruments)
Native Instruments Kore Player (HKLM-x32\...\Native Instruments Kore Player) (Version:  - Native Instruments)
Native Instruments Reaktor 5 (HKLM-x32\...\Native Instruments Reaktor 5) (Version:  - Native Instruments)
Native Instruments Reaktor Factory Selection (HKLM-x32\...\Native Instruments Reaktor Factory Selection) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.0.0.0256 - PACE Anti-Piracy, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Personality Voices (HKLM-x32\...\{29C042AB-059B-414C-840E-94775E3F24A8}) (Version: 1.0.0 - Screaming Bee)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
PreSonus Studio One 2 (HKLM-x32\...\PreSonus Studio One 2) (Version: 2.5.2.22258 - PreSonus Audio Electronics)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.19.25502 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.3.22 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Sound Blaster X-Fi MB3 (HKLM-x32\...\{3689CE39-3173-4952-B7AF-F1A9D6F9A288}) (Version: 1.00.03 - Creative Technology Limited)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.52465 - TeamViewer)
Translator Fun Voice Pack (HKLM-x32\...\{602A1471-063B-4E03-9DCE-0210B914EFF5}) (Version: 1.5.0 - Screaming Bee)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.89 - NCH Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{FAE4272A-909E-4C49-BD11-86BEEB2483A2}) (Version: 2.2.1502.1734 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1725554695-2874560869-3025143003-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1725554695-2874560869-3025143003-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {176EBC60-FDCE-486D-BE2A-08BA98C46F3F} - System32\Tasks\GoogleUpdateTaskMachineUA1d0e2e997894fa9 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {2473B595-8D3A-4A03-8E7D-9DBE2909CFA8} - System32\Tasks\GoogleUpdateTaskMachineCore1d12d1ae14d3140 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {37ABA1B7-59A7-4BDD-9F58-4B241669102C} - System32\Tasks\TaiGProUpdateTask => E:\TaigPro\TaiGPro.exe [2015-11-19] (悠然天地科技有限公司)
Task: {37AD0448-9065-4D95-8204-7EBEA066EE41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-11] (Adobe Systems Incorporated)
Task: {39E1F019-E64F-4E61-A26F-9D09B29D75A2} - System32\Tasks\Garena+ Plugin Host Service => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2016-03-18] ()
Task: {4F011980-5ABB-4C7B-8F05-56A378B254E1} - System32\Tasks\GoogleUpdateTaskMachineCore1d15dcade1961e8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {5D1DB68D-BF32-4C75-9960-D30387D63901} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f21a88d7deae => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {71604792-4D56-4267-B6A3-BFF1062AB507} - System32\Tasks\GoogleUpdateTaskMachineCore1d0e2e99765e8a4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {74310839-42DE-4BA2-9257-D721A1CCC742} - System32\Tasks\{2978E889-4E6A-4EAF-AA25-F97C1943594D} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.1.0.105&LastError=12002
Task: {8D513577-1309-41E7-B9F8-BC039803E8A4} - System32\Tasks\GoogleUpdateTaskMachineCore1d08fe1e7ecb0ea => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9A6F365E-E57F-485C-83FA-1B909E3E2C9E} - System32\Tasks\GoogleUpdateTaskMachineUA1d15dcade3c2cab => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AAABE664-2ACA-44DE-9E5E-1EA5AA984854} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f21a88fad081 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C1D526F2-1F86-4D08-87F2-365761CFCCA9} - System32\Tasks\GoogleUpdateTaskMachineUA1d12d1ae16e4e4d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C740E0B5-549B-4C47-8D5D-C743921643DA} - System32\Tasks\GoogleUpdateTaskMachineUA1d0bf9459567e1b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {CA3DAE5F-33D7-43B2-9819-782DFBB6406F} - System32\Tasks\{D1983041-98A7-4E7B-8FBE-8B6D3BE54234} => pcalua.exe -a C:\Users\Joel\Desktop\32bit_Win7_Win8_Win81_R275.exe -d C:\Users\Joel\Desktop
Task: {DDDA8523-A864-4759-B9C0-BB39A09BEE15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E811418A-07E0-4B87-A02F-218B134805C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AdobeAAMUpdater-1.0-GOOD-COMPUTER-Joel.job => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fe1e7ecb0ea.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0e2e99765e8a4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f21a88d7deae.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d12d1ae14d3140.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d15dcade1961e8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0bf9459567e1b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0e2e997894fa9.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f21a88fad081.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d12d1ae16e4e4d.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d15dcade3c2cab.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-04 21:49 - 2015-02-06 03:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-08 22:26 - 2016-03-18 19:25 - 00447528 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2015-02-04 21:36 - 2013-01-25 11:08 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2015-02-04 21:36 - 2013-01-25 11:06 - 00328704 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2015-05-09 23:22 - 2014-07-16 16:54 - 07593984 _____ () C:\Program Files\PreSonus\AudioBox\AudioBox.exe
2015-09-08 22:26 - 2016-03-17 21:18 - 09862184 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
2013-08-08 14:30 - 2013-08-08 14:30 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2016-01-13 19:34 - 2016-03-18 17:39 - 04278936 _____ () C:\ProgramData\GarenaCIG\GarenaCIG.exe
2015-02-04 21:50 - 2015-03-28 11:45 - 00721552 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\gamecaster64.dll
2015-02-04 21:50 - 2015-03-28 11:45 - 00854160 _____ () C:\Program Files\NVIDIA Corporation\ShadowPlay\twitchsdk64.dll
2015-02-05 08:24 - 2015-02-05 08:25 - 00187072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-08-27 16:56 - 2016-03-02 21:20 - 06868520 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-08 22:26 - 2016-03-17 12:13 - 03585576 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2015-04-01 19:44 - 2015-05-02 00:52 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-05-09 23:22 - 2014-04-16 11:22 - 00192512 _____ () C:\Program Files\PreSonus\AudioBox\paeusbaudioapi.dll
2015-06-24 20:36 - 2016-02-10 09:17 - 00782336 _____ () E:\Steam\SDL2.dll
2015-06-24 20:36 - 2015-07-04 00:12 - 04962816 _____ () E:\Steam\v8.dll
2015-06-24 20:36 - 2015-07-04 00:12 - 01556992 _____ () E:\Steam\icui18n.dll
2015-06-24 20:36 - 2015-07-04 00:12 - 01187840 _____ () E:\Steam\icuuc.dll
2015-06-24 20:36 - 2016-03-11 03:02 - 02547792 _____ () E:\Steam\video.dll
2015-06-24 20:36 - 2016-02-09 07:14 - 02549760 _____ () E:\Steam\libavcodec-56.dll
2015-06-24 20:36 - 2016-02-09 07:14 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-06-24 20:36 - 2016-02-09 07:14 - 00491008 _____ () E:\Steam\libavformat-56.dll
2015-06-24 20:36 - 2016-02-09 07:14 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-06-24 20:36 - 2016-02-09 07:14 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-06-24 20:36 - 2016-03-11 03:02 - 00802896 _____ () E:\Steam\bin\chromehtml.DLL
2016-03-09 18:07 - 2016-02-18 06:25 - 00281088 _____ () E:\Steam\openvr_api.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00073664 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\InputHook.dll
2015-08-27 16:56 - 2016-03-02 21:20 - 02462248 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00070080 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00111040 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2012-03-22 18:07 - 2012-03-22 18:07 - 00469880 _____ () E:\ManyCam Pro 3.1 - Fully Cracked\Bin\cximagecrt.dll
2011-09-14 19:13 - 2011-09-14 19:13 - 01437184 _____ () E:\ManyCam Pro 3.1 - Fully Cracked\Bin\opencv_imgproc220.dll
2011-09-14 19:13 - 2011-09-14 19:13 - 02128384 _____ () E:\ManyCam Pro 3.1 - Fully Cracked\Bin\opencv_core220.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00111552 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00040384 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2015-09-08 22:26 - 2016-03-18 19:25 - 00046632 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00058304 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00094144 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00494016 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00032192 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00177600 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00380864 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00191424 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2015-09-08 22:27 - 2015-09-08 22:27 - 00226752 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2015-09-08 22:27 - 2015-11-24 21:26 - 00159168 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00965056 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00061888 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2015-09-08 22:27 - 2016-02-22 19:25 - 00237608 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2015-09-08 22:26 - 2016-03-17 21:18 - 02220584 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00199616 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00162240 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2015-09-08 22:26 - 2016-01-11 14:32 - 03355584 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00072640 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00023488 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 01552320 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00963008 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00251840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00033216 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00523712 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00075200 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2015-09-08 22:26 - 2016-03-17 21:18 - 00154152 _____ () C:\Program Files (x86)\Garena Plus\xIM.dll
2015-09-08 22:27 - 2016-03-17 21:19 - 00572968 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_msn.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00467392 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_xmpp.dll
2015-09-08 22:27 - 2016-03-17 21:19 - 00184872 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_yahoo.dll
2015-09-08 22:26 - 2016-03-17 21:18 - 00113192 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00243648 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
2015-09-08 22:26 - 2016-03-17 21:18 - 00410152 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
2015-09-08 22:26 - 2015-09-08 22:26 - 00293824 _____ () C:\Program Files (x86)\Garena Plus\Plugins\DailyTaskPlugin.dll
2015-09-08 22:27 - 2015-09-08 22:27 - 00223168 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GameSalePlugin.dll
2015-02-02 15:52 - 2015-02-02 15:52 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-06-24 20:36 - 2016-02-09 09:33 - 48400672 _____ () E:\Steam\bin\libcef.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00039872 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\DibModule.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00389056 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\ImageModule.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00824256 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\gagmhook.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00048064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lollauncher.dll
2015-08-28 15:19 - 2016-03-02 21:32 - 00034856 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\VersionModule.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00454960 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\sqlite3.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00115648 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\AudioMixerLib.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00036800 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00431552 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\exchndl.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00083904 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\FileManager.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00059840 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\FileSystem.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00380864 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\Http.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00053696 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\InputHookLib.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00048576 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\IPCLib.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00062400 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\LangLib.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00096704 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\audiohost.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00141760 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MessagePumpLib.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00037312 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MP3Saver.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00245184 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\libmp3lame.DLL
2015-08-27 16:57 - 2015-08-27 16:57 - 01054656 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00062912 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ResLib.dll
2015-08-27 16:56 - 2015-08-27 16:56 - 00105920 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PngModule.dll
2015-08-27 16:57 - 2016-01-05 19:31 - 00134592 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\TcpClient.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00144320 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UdpClient.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00117696 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILayout.dll
2015-08-27 16:57 - 2016-03-02 21:20 - 00878120 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILib.dll
2015-08-27 16:57 - 2015-08-27 16:57 - 00062400 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\XmlUIModule.dll
2015-06-24 20:36 - 2015-09-25 07:56 - 00119208 _____ () E:\Steam\winh264.dll
2016-03-09 18:08 - 2016-03-08 10:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-09 18:08 - 2016-03-08 10:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-03-11 20:30 - 2016-03-08 12:16 - 17541312 _____ () C:\Users\Joel\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1725554695-2874560869-3025143003-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1725554695-2874560869-3025143003-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Joel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: PWRISOVM.EXE => E:\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: Sound Blaster X-Fi MB 3 => "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe" /r
MSCONFIG\startupreg: uTorrent => "C:\Users\Joel\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{118A949F-51A1-423A-AE12-CF996A6F22AD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D72A4A88-2047-474C-AC7E-5CD216EB9CB2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{03B6C01E-68EB-4F97-92AB-E12B79E3BA1F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{F37B6C9C-B287-41DB-8222-CA7D5042417A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8243F100-2968-4828-BBD9-EB03C798DB50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E4B8EE40-1B3F-4853-9F03-E928EA48A662}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E86C8CAA-6711-4E5E-8CF2-E386121A06AB}] => (Allow) F:\good boost\Steam and Razer\Steam.exe
FirewallRules: [{4884EF8B-F016-4DE1-8ED2-6761EB78891A}] => (Allow) F:\good boost\Steam and Razer\Steam.exe
FirewallRules: [{AC023BBC-52A3-47EB-9D34-9023EEB1D49C}] => (Allow) F:\good boost\Steam and Razer\bin\steamwebhelper.exe
FirewallRules: [{56FF73A6-D572-4E8A-8224-76F40B2138A7}] => (Allow) F:\good boost\Steam and Razer\bin\steamwebhelper.exe
FirewallRules: [{597E6206-6CA7-470A-A9E5-27A568AEEB35}] => (Allow) F:\good boost\Steam and Razer\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{9B6C0778-162E-449E-8AE9-2E7F57706AD6}] => (Allow) F:\good boost\Steam and Razer\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{728333C3-37E2-49F7-AB03-B311349EBB5F}F:\good boost\steam and razer\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) F:\good boost\steam and razer\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{03A36954-7A37-42F1-832F-62B0F9476905}F:\good boost\steam and razer\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) F:\good boost\steam and razer\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{17972FE6-1DEF-471D-A334-8AB55E8E6D82}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{C6685AA0-E4A5-41D4-A90F-109F0C8AC866}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{D3FAC5A2-C179-46C4-9759-FAC78F713F31}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0518383A-9801-48B1-B5A9-718024768314}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A18C6F3-0FF2-4332-8994-338E8C46596F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4380D71D-2A2E-4AD7-94D8-0DE19D8F5D50}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A656896-F9B9-4710-AF7C-AAADAD816260}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DB0381B0-5E7E-4765-9D74-83BA7805DE20}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{71EBCE76-291B-482A-80E7-DE9B3538CCFA}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{A0457F4D-D439-4E50-A2CE-EFA211BFA6F5}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{9AC7E2C6-AC95-4669-82DD-B47F20F92A02}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8185EEF7-98F9-4C47-A681-318F36001AB1}] => (Allow) C:\Users\Joel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{03D7FE29-A4BC-4689-B1FB-00039B7E541B}] => (Allow) C:\Users\Joel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{52AD2CC6-5CBA-4E8E-B134-15FD16A52DD5}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{544B4013-1898-4603-B395-3A4CBEB3894E}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{B8933042-16F8-4D47-ABEA-34A23DE653FB}] => (Allow) E:\Steam\steamapps\common\how do you Do It\how_do_you_Do_It\how do you Do It.exe
FirewallRules: [{416CEC1B-F365-4A65-A3BB-E56D5F5D5381}] => (Allow) E:\Steam\steamapps\common\how do you Do It\how_do_you_Do_It\how do you Do It.exe
FirewallRules: [TCP Query User{087BB620-97F0-4209-887F-6F02A6F6FE6F}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{A86E6FAF-C8E8-4AA9-AF14-FE58E20B9EE9}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{6F06F210-1698-493D-90FE-D593DF3990C5}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [UDP Query User{BAC5CC8E-CA94-4A09-87C8-B7BDCE08ACEF}C:\program files\presonus\audiobox\audiobox.exe] => (Allow) C:\program files\presonus\audiobox\audiobox.exe
FirewallRules: [TCP Query User{80498C2C-01C0-460A-ABC5-6421F1FB4EC3}E:\taigpro\download\minithunderplatform.exe] => (Allow) E:\taigpro\download\minithunderplatform.exe
FirewallRules: [UDP Query User{FF7797F7-12CA-4EB4-A3BC-D846F7404FA3}E:\taigpro\download\minithunderplatform.exe] => (Allow) E:\taigpro\download\minithunderplatform.exe
FirewallRules: [{7F0FE37E-A1C3-41E6-82E9-B589DA5C34DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF8D1C97-020B-483B-993F-8ABCEF04435F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3EC4E4A5-113C-4B23-9EE2-2824D55EFD90}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8FB4EB91-3BE6-4592-9813-7FC16ABFA3E9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{84B8C408-02AC-4085-9A21-745DB27117FE}] => (Allow) E:\iTunes\iTunes.exe
FirewallRules: [{0A60627A-4362-4041-B20A-9ED74208570B}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{055EF5A1-E440-4221-A246-CA24D3E8C589}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{1DE86788-C86E-4FB2-91F9-215A0C7E6E76}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{313C3ABB-6B4D-44A0-94C5-DC0197B97D8F}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{68C328E8-38E9-4C35-A615-B4B26BBF39D8}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{696B9824-4BD2-4F93-AB77-A66C8650EE2E}] => (Allow) E:\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9D9480D2-E368-41D7-84EB-9C5F2AA70B97}] => (Allow) E:\fo3Installer.exe
FirewallRules: [{E3C312A3-7C78-4E95-A832-BE9303A7D0C1}] => (Allow) E:\fo3Installer.exe
FirewallRules: [{3188DB9B-003C-4A64-A216-60BCE8328A42}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{422C45A0-329C-4FDE-81EF-E9A388EE97ED}] => (Allow) C:\Program Files (x86)\Garena Plus\ggdllhost.exe
FirewallRules: [{7D0E6E1C-EFAD-44B9-B128-C9F06AD87D1B}] => (Allow) E:\Fifa Online 3\GameData\Apps\FO3\fifazf.exe
FirewallRules: [{B8994D1B-7630-4450-90FD-6CAF9E91EE57}] => (Allow) E:\Fifa Online 3\GameData\Apps\FO3\fifazf.exe
FirewallRules: [{A6F078C2-718E-4D5F-A4FA-C989B126AC4E}] => (Allow) C:\Program Files (x86)\Garena Plus\Room\garena_room.exe
FirewallRules: [TCP Query User{62E358D0-31C0-44EF-8A3B-3AD041BD0E3E}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [UDP Query User{D5B94E3A-FC83-4539-9B48-242EAB56EF2B}C:\program files (x86)\garena plus\garenamessenger.exe] => (Allow) C:\program files (x86)\garena plus\garenamessenger.exe
FirewallRules: [{CCDB3BB0-C32A-422F-8947-58501C6A3A4D}] => (Allow) C:\GarenaDownload\Games\fo3\fo3Installer.exe
FirewallRules: [{75BA674F-2C37-4AAC-BBEE-9D2959C62CE9}] => (Allow) C:\GarenaDownload\Games\fo3\fo3Installer.exe
FirewallRules: [{CD26CDF7-4E45-4196-8B1E-56CF4AE6BA78}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{B6BA962B-BF68-4FAA-8245-C91A2FE3AFD0}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{A5311B2E-FAAC-4FA8-8561-955972781A0E}] => (Allow) E:\Steam and Razer\Steam.exe
FirewallRules: [{1C504C33-7534-4293-A5F9-DF86391B20D5}] => (Allow) E:\Steam and Razer\Steam.exe
FirewallRules: [TCP Query User{9623E1CF-2E79-40C2-9B69-E86B7F679501}E:\steam and razer\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) E:\steam and razer\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{83417317-7E56-43A2-B214-E84FB027A50C}E:\steam and razer\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) E:\steam and razer\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{81F6638F-035E-494E-B839-B5FAF8C223B6}] => (Allow) E:\Steam and Razer\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{291430E2-C752-492E-82FA-B90EC695308D}] => (Allow) E:\Steam and Razer\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{9CFA65D1-F67D-4428-B177-D4EEF9B89643}] => (Allow) E:\TeamViewer\TeamViewer.exe
FirewallRules: [{4820095D-1FFF-4074-97DA-31DBFEEEC4F4}] => (Allow) E:\TeamViewer\TeamViewer.exe
FirewallRules: [{C61B1912-51C4-4655-BDE6-72C47DD3D86A}] => (Allow) E:\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F0A0E02E-A5D6-4662-952C-62B8D9285C12}] => (Allow) E:\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{073482B2-CBFB-47CA-A529-FE3F6172A939}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-03-2016 03:00:12 Windows Update
13-03-2016 14:37:02 Windows Update
16-03-2016 20:40:09 Windows Update
17-03-2016 02:19:38 Windows Update
20-03-2016 14:25:48 Windows Update
20-03-2016 20:46:39 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
20-03-2016 20:49:57 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
 
==================== Faulty Device Manager Devices =============
 
Name: ManyCam Virtual Webcam
Description: ManyCam Virtual Webcam
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ManyCam LLC
Service: ManyCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: ManyCam Virtual Microphone
Description: ManyCam Virtual Microphone
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: ManyCam LLC
Service: mcaudrv_simple
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: ASUS USB-AC51 USB Wireless adapter
Description: ASUS USB-AC51 USB Wireless adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK Computer Inc.
Service: netr28ux
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/21/2016 08:08:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/21/2016 08:06:45 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcCan't create NSS process. [0]
 
Error: (03/21/2016 08:06:45 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to create process. [216]
 
Error: (03/21/2016 07:33:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/21/2016 07:31:19 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcCan't create NSS process. [0]
 
Error: (03/21/2016 07:31:19 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to create process. [216]
 
Error: (03/21/2016 06:39:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/21/2016 06:38:04 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcCan't create NSS process. [0]
 
Error: (03/21/2016 06:38:04 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to create process. [216]
 
Error: (03/21/2016 06:31:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/21/2016 08:06:49 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/21/2016 08:06:45 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/21/2016 08:06:41 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.
 
Error: (03/21/2016 08:06:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (03/21/2016 08:06:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/21/2016 08:06:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/21/2016 08:06:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (03/21/2016 08:06:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
Error: (03/21/2016 08:06:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (03/21/2016 08:06:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Qualcomm Atheros Killer Service V2 service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 58%
Total physical RAM: 8076.74 MB
Available physical RAM: 3353.01 MB
Total Virtual: 16151.69 MB
Available Virtual: 10554.3 MB
 
==================== Drives ================================
 
Drive c: (Local Disk (SSD)) (Fixed) (Total:238.37 GB) (Free:132.9 GB) NTFS
Drive e: (HDD) (Fixed) (Total:1863.01 GB) (Free:1268.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 2E363E29)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2C5FD163)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
Would appreciate if i could get some help, thanks a bunch! :)

 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 21 March 2016 - 04:24 PM

Hello
  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.
  • 1.
    ZN3USrZ.png Emsisoft Emergency Kit
    • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
    • Save EmsisoftEmergencyKit.exe to your Desktop.
    • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
      dQVDkTW.png
    • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
    • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
    • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
      yEgPemv.png
    • Choose Yes, then wait for EEK to finish updating.
    • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
    • Wait for the scan to finish.
      RUeRoi4.png
    • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
    • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
    • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
      P7FSALs.png
    • Please Copy and Paste the contents of the scan log in your next reply.
    2.
    Download RogueKiller from one of the following links and save it to your desktop:
    • Link 1
    • Link 2
      • Close all programs and disconnect any USB or external drives before running the tool.
      • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
      • Once the Prescan has finished, click Scan.
      • Once the Status box shows "Scan Finished", click the "Report" button to show the log, and then close the program. <--Don't fix anything!
      • Copy and paste the report that opens into your next reply.
        • The log can also be found in the following location: C:\ProgramData\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log
        • >>For XP users, you must first show hidden files/folders, then the log location is here: C:\Documents and Settings\All Users\Application data\RogueKiller\Logs\RKreport_SCN_mmddyyyy_hhmmss.log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 heIpmepls

heIpmepls
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 22 March 2016 - 08:15 AM

Hi there, 

 

Thanks for the reply. 

Here is my log for EEK :

 

Emsisoft Emergency Kit - Version 11.0
Last update: N/A
User account: IJY\Joel
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 3/22/2016 8:43:43 PM
 
Scanned 96566
Found 0
 
Scan end: 3/22/2016 8:45:43 PM
Scan time: 0:02:00
 
 
 
---------------------------------------------------
 
 
 
Here is my log for RogueKiller
 
RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joel [Administrator]
Started from : C:\Users\Joel\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/22/2016 21:14:05
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] (SVC) gkernel -- \??\C:\Users\Joel\AppData\Local\Temp\gkernel.sys[x] -> Found
 
¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gkernel (\??\C:\Users\Joel\AppData\Local\Temp\gkernel.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gkernel (\??\C:\Users\Joel\AppData\Local\Temp\gkernel.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gkernel (\??\C:\Users\Joel\AppData\Local\Temp\gkernel.sys) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49CC609D-331E-4F20-99F8-32B38B598C53} | DhcpNameServer : 172.20.10.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{49CC609D-331E-4F20-99F8-32B38B598C53} | DhcpNameServer : 172.20.10.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{49CC609D-331E-4F20-99F8-32B38B598C53} | DhcpNameServer : 172.20.10.1 ([X])  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 8 ¤¤¤
[PUP][Folder] C:\ProgramData\{2F1A850B-9DA6-4E4A-AB2A-E9005D72D5B2} -> Found
[PUP][Folder] C:\ProgramData\{47960B9E-9E4E-438D-AA0C-2F495913AD7E} -> Found
[PUP][Folder] C:\ProgramData\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B} -> Found
[PUP][Folder] C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E} -> Found
[PUP][Folder] C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA} -> Found
[PUP][Folder] C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA} -> Found
[PUP][Folder] C:\ProgramData\{B5F0C192-874D-49A8-88D7-8431E3714756} -> Found
[PUP][Folder] C:\ProgramData\{D15CE785-FD15-4860-807A-3B68400084D3} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT256MX100SSD1 ATA Device +++++
--- User ---
[MBR] b15e7b3db7729fa1e25fa0329707d52c
[BSP] dd260ce473eb4cf158a075ddfa2a06c9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD20PURX-64P6ZY0 ATA Device +++++
--- User ---
[MBR] de5fa6e9fa9f08e3a0e8a6d764fd0cfc
[BSP] 57c0a4976b1bedee37efabd421bf5310 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 22 March 2016 - 10:07 AM

Please run Roguekiller again and sleect DELETE ALL to everything it finds. Please post the log it produces along with how is the computer running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 heIpmepls

heIpmepls
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 22 March 2016 - 11:30 AM

Hi there,

 

This is the log after deletion.

 

I restarted the computer but when i open Chrome it still gives me that hijacked website :(

 

RogueKiller V12.0.3.0 [Mar 21 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Joel [Administrator]
Started from : C:\Users\Joel\Downloads\RogueKiller.exe
Mode : Delete -- Date : 03/23/2016 00:27:16
 
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] (SVC) gkernel -- \??\C:\Users\Joel\AppData\Local\Temp\gkernel.sys[x] -> ERROR [41c]
 
¤¤¤ Registry : 8 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gkernel (\??\C:\Users\Joel\AppData\Local\Temp\gkernel.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gkernel (\??\C:\Users\Joel\AppData\Local\Temp\gkernel.sys) -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gkernel (\??\C:\Users\Joel\AppData\Local\Temp\gkernel.sys) -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{49CC609D-331E-4F20-99F8-32B38B598C53} | DhcpNameServer : 172.20.10.1 ([X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{49CC609D-331E-4F20-99F8-32B38B598C53} | DhcpNameServer : 172.20.10.1 ([X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{49CC609D-331E-4F20-99F8-32B38B598C53} | DhcpNameServer : 172.20.10.1 ([X])  -> Replaced ()
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Replaced (2)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 8 ¤¤¤
[PUP][Folder] C:\ProgramData\{2F1A850B-9DA6-4E4A-AB2A-E9005D72D5B2} -> Deleted
[PUP][File] C:\ProgramData\{2F1A850B-9DA6-4E4A-AB2A-E9005D72D5B2}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{2F1A850B-9DA6-4E4A-AB2A-E9005D72D5B2}\Komplete 7 Players Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{2F1A850B-9DA6-4E4A-AB2A-E9005D72D5B2}\Komplete 7 Players Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{2F1A850B-9DA6-4E4A-AB2A-E9005D72D5B2}\Komplete 7 Players Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{2F1A850B-9DA6-4E4A-AB2A-E9005D72D5B2}\Komplete 7 Players Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{2F1A850B-9DA6-4E4A-AB2A-E9005D72D5B2}\Komplete 7 Players Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{2F1A850B-9DA6-4E4A-AB2A-E9005D72D5B2}\mia.lib -> Deleted
[PUP][Folder] C:\ProgramData\{47960B9E-9E4E-438D-AA0C-2F495913AD7E} -> Deleted
[PUP][File] C:\ProgramData\{47960B9E-9E4E-438D-AA0C-2F495913AD7E}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{47960B9E-9E4E-438D-AA0C-2F495913AD7E}\Kontakt Factory Selection Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{47960B9E-9E4E-438D-AA0C-2F495913AD7E}\Kontakt Factory Selection Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{47960B9E-9E4E-438D-AA0C-2F495913AD7E}\Kontakt Factory Selection Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{47960B9E-9E4E-438D-AA0C-2F495913AD7E}\Kontakt Factory Selection Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{47960B9E-9E4E-438D-AA0C-2F495913AD7E}\Kontakt Factory Selection Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{47960B9E-9E4E-438D-AA0C-2F495913AD7E}\mia.lib -> Deleted
[PUP][Folder] C:\ProgramData\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B} -> Deleted
[PUP][File] C:\ProgramData\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}\mia.lib -> Deleted
[PUP][File] C:\ProgramData\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}\Reaktor Factory Selection Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}\Reaktor Factory Selection Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}\Reaktor Factory Selection Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}\Reaktor Factory Selection Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{51753DAD-2BAB-4BB2-A4AA-CAAEF5AA972B}\Reaktor Factory Selection Setup PC.res -> Deleted
[PUP][Folder] C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E} -> Deleted
[PUP][File] C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}\Guitar Rig 4 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}\Guitar Rig 4 Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}\Guitar Rig 4 Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}\Guitar Rig 4 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}\Guitar Rig 4 Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}\mia.lib -> Deleted
[PUP][Folder] C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA} -> Deleted
[PUP][File] C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA}\Kontakt 4 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA}\Kontakt 4 Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA}\Kontakt 4 Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA}\Kontakt 4 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA}\Kontakt 4 Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{699830EE-64F0-4782-AEDE-0FCCC40946BA}\mia.lib -> Deleted
[PUP][Folder] C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA} -> Deleted
[PUP][File] C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA}\mia.lib -> Deleted
[PUP][File] C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA}\Reaktor 5 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA}\Reaktor 5 Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA}\Reaktor 5 Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA}\Reaktor 5 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{9A73EE13-A1FF-4899-BA10-5DF1DE4A86CA}\Reaktor 5 Setup PC.res -> Deleted
[PUP][Folder] C:\ProgramData\{B5F0C192-874D-49A8-88D7-8431E3714756} -> Deleted
[PUP][File] C:\ProgramData\{B5F0C192-874D-49A8-88D7-8431E3714756}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{B5F0C192-874D-49A8-88D7-8431E3714756}\mia.lib -> Deleted
[PUP][File] C:\ProgramData\{B5F0C192-874D-49A8-88D7-8431E3714756}\Service Center Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{B5F0C192-874D-49A8-88D7-8431E3714756}\Service Center Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{B5F0C192-874D-49A8-88D7-8431E3714756}\Service Center Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{B5F0C192-874D-49A8-88D7-8431E3714756}\Service Center Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{B5F0C192-874D-49A8-88D7-8431E3714756}\Service Center Setup PC.res -> Deleted
[PUP][Folder] C:\ProgramData\{D15CE785-FD15-4860-807A-3B68400084D3} -> Deleted
[PUP][File] C:\ProgramData\{D15CE785-FD15-4860-807A-3B68400084D3}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{D15CE785-FD15-4860-807A-3B68400084D3}\Kore Player Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{D15CE785-FD15-4860-807A-3B68400084D3}\Kore Player Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{D15CE785-FD15-4860-807A-3B68400084D3}\Kore Player Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{D15CE785-FD15-4860-807A-3B68400084D3}\Kore Player Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{D15CE785-FD15-4860-807A-3B68400084D3}\Kore Player Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{D15CE785-FD15-4860-807A-3B68400084D3}\mia.lib -> Deleted
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT256MX100SSD1 ATA Device +++++
--- User ---
[MBR] b15e7b3db7729fa1e25fa0329707d52c
[BSP] dd260ce473eb4cf158a075ddfa2a06c9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 244096 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD20PURX-64P6ZY0 ATA Device +++++
--- User ---
[MBR] de5fa6e9fa9f08e3a0e8a6d764fd0cfc
[BSP] 57c0a4976b1bedee37efabd421bf5310 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 22 March 2016 - 12:29 PM

How is the computer running now? Browser still hijacked? If so Which browser?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 heIpmepls

heIpmepls
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 23 March 2016 - 06:24 AM

How is the computer running now? Browser still hijacked? If so Which browser?

 

Unfortunately not. Chrome ; 

Internet explorer seems to be working fine (i don't use it though)



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 23 March 2016 - 07:33 AM

See here for how to reset Chrome. Once you have done this, see if this fixes the issue.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 heIpmepls

heIpmepls
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:13 PM

Posted 23 March 2016 - 08:15 AM

Ah, thank you very much. Didn't think I needed the reset because when I checked the "homepage setting" it did show my default page, not the hijacked website.

Working perfectly for now, your help has been much appreciated.



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 23 March 2016 - 08:22 AM

It Appears That Your Pc Is Now Clean!

***


Clean up:

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***


Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Browse more secure :step2: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step3: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step4: Use only one anti-virus software and keep it up-to-date.

:step5: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step6: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step7: Use Strong passwords!

:step8: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:07:13 AM

Posted 25 March 2016 - 09:33 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users