Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bank thinks I have a keylogger on my PC.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Ghosting

Ghosting

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 03 April 2016 - 01:02 AM

On Feb 25th, there was fraud on my account, 10s of charges almost simultaneously. Bank canceled my debit card, then sent me a new one. I changed the username and password for my online banking account. On Mar 25th, there was another fraudulent charge. I only had time to use the card twice online, and that was Amazon and Time Warner. After I noticed the fraud the second time, I transferred my remaining balance to my savings account. I googled the charge and it was some kind of Netflix type business for magazines, based out of NY, same location as most of the charges from the last fraud. My first thought was the subscription just renewed itself and my bank must of made the mistake of approving it on my new card. I went to my bank a few days later, told them about what happened. They swore that they would never approve a charge that was carried over from previous fraudulent activity. I asked if there was any more activity after I transferred my funds out of that account. There was three attempts to charge $12.99 to the card, but all were denied, so they couldn't tell me what the charges were for. They said I most likely had a keylogger on my computer.

 

I didn't notice anything odd with my computer before the fraud, and I haven't since then either. I haven't noticed any activity with any of my other accounts, but of course I use LastPass, so maybe it just hasn't had the chance to log any of my passwords yet.

 

I've ran:

  • Spybot S&D - (Safe Mode) - Clean
  • Malwarebytes Anti-Malware - (Safe Mode) - Clean
  • Microsoft Security Essentials - (Safe Mode) - Clean
  • SUPERAnti-Spyware - (Safe Mode) - Clean
  • COMODO Cleaning Essentials - (Safe Mode) - Clean
  • Rkill - Clean - have logs
  • ESET Online Scanner - Clean
  • RogueKiller - Clean
  • AdwCleaner - Found "Software\Conduit" (deleted) and few false positives - have logs
  • ComboFix - (Sorry, did a system restore afterwards) - have logs
  • Malwarebytes Anti-Rootkit - Clean - have logs
  • McAfee Rootkit Remover - Clean - have logs
  • Bitdefender Rootkit Remover - Clean
  • Norton Power Eraser - Tons of false positives (I think) - have logs
  • aswMBR - Doesn't seem like it found anything - have logs
  • GMER - Doesn't seem like it found anything - have logs

 

Looked through installed programs using Revo Uninstaller and ShouldIRemoveIt. Nothing there that I don't recognize.

I also installed HostsMan during my search if anyone wonders about the huge hosts file. It was clean before I made the edits.

---

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Ghosting (administrator) on IGPC (03-04-2016 01:00:31)
Running from C:\Users\Ghosting\Downloads
Loaded Profiles: Ghosting (Available Profiles: Ghosting)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Scarlet.Crush Productions) C:\ScpServer\bin\ScpService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Foxit Software Inc.) D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hi-Rez Studios) E:\Games\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) D:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() D:\Program Files (x86)\qBittorrent\qbittorrent.exe
(erengy) C:\Users\Ghosting\AppData\Roaming\Taiga\Taiga.exe
() D:\Program Files (x86)\SVP\SVPMgr.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(COMODO) D:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2014-10-17] (Broadcom Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => D:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-03-21] (COMODO)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-13] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Run: [qBittorrent] => D:\Program Files (x86)\qBittorrent\qbittorrent.exe [14828032 2015-10-31] ()
HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Run: [Taiga] => C:\Users\Ghosting\AppData\Roaming\Taiga\Taiga.exe [2254336 2016-01-26] (erengy)
HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Run: [SVPMgr] => D:\Program Files (x86)\SVP\SVPMgr.exe [980384 2015-11-04] ()
HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\MountPoints2: {35f1f1a3-fdb2-11e1-90b0-806e6f6e6963} - D:\autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
Startup: C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-412266121-979616170-4178972170-1000] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 198.168.1.1
Tcpip\..\Interfaces\{0814C02E-AC69-4E8C-B0F4-77E9C26CCD40}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{0814C02E-AC69-4E8C-B0F4-77E9C26CCD40}: [DhcpNameServer] 198.168.1.1
Tcpip\..\Interfaces\{DC62C968-211F-4428-9384-F6A2EB8F594A}: [NameServer] 156.154.70.22,156.154.71.22

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-10] (LastPass)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-10] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-10] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-10] (LastPass)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab

FireFox:
========
FF ProfilePath: C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxps://duckduckgo.com/
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-02] ()
FF Plugin: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-10] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-02] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-10] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Extension: Scrollbar Anywhere - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\{767a0048-69da-4392-b458-55b7a96b66f7} [2015-05-29]
FF Extension: BetterPrivacy - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-12-02]
FF Extension: Status-4-Evar - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\status4evar@caligonstudios.com.xpi [2015-12-07]
FF Extension: SearchPreview - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2015-12-23]
FF Extension: Stylish - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-01-28]
FF Extension: LastPass - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\support@lastpass.com [2016-03-09]
FF Extension: Classic Theme Restorer - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-03-17]
FF Extension: feedly - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\feedly@devhd.xpi [2016-03-18]
FF Extension: HTTPS-Everywhere - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\https-everywhere-eff@eff.org [2016-03-23]
FF Extension: WOT - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-01]
FF Extension: TrafficLight - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\trafficlight@bitdefender.com.xpi [2016-04-02]
FF Extension: about:addons-memory - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\about-addons-memory@tn123.org.xpi [2015-05-27]
FF Extension: Download Panel Tweaker - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\downloadPanelTweaker@infocatcher.xpi [2015-05-29]
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\firefox1@myibay.com.xpi [2015-05-29]
FF Extension: MEGA - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\firefox@mega.co.nz.xpi [2016-03-31]
FF Extension: HideScrollbars - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\Hidescrollbars@ArisT2Noia4dev.xpi [2015-12-07]
FF Extension: Gmail™ Notifier (restartless) - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-03-19]
FF Extension: Feedly Notifier - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\jid1-BOjn8b0IM7kH2w@jetpack.xpi [2016-03-19]
FF Extension: Gif Delayer - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\jid1-mqCpKcAruymyAA@jetpack.xpi [2016-04-02]
FF Extension: Old Bookmarks Sidebar - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\old_bookmarks_sidebar@francev_nikolay.xpi [2015-05-29]
FF Extension: Rainbow - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\rainbow@colors.org.xpi [2015-05-29]
FF Extension: Menu Wizard - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\s3menu@wizard.xpi [2016-04-02]
FF Extension: EPUBReader - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-02-19]
FF Extension: NoScript - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-03-23]
FF Extension: FT DeepDark - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2016-02-12]
FF Extension: YouTube High Definition - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-03-31]
FF Extension: Adblock Plus - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-12-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2015-12-03] (ASUSTeK Computer Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433760 2015-12-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413280 2015-12-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855648 2015-12-01] (BlueStack Systems, Inc.)
R2 CmdAgent; D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5793800 2016-03-21] (COMODO)
S3 cmdvirth; D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-03-21] (COMODO)
S3 DAUpdaterSvc; E:\Steam Library\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2015-03-30] (BioWare)
R2 Ds3Service; C:\ScpServer\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
R3 FoxitCloudUpdateService; D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
U3 HiPatchService; E:\Games\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-10] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2014-10-17] (Broadcom Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-04] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146016 2015-12-01] (BlueStack Systems)
S3 btwaudio; no ImagePath
S3 btwavdt; no ImagePath
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 btwl2cap; no ImagePath
S3 btwrchid; no ImagePath
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-03-21] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [823344 2016-03-21] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56464 2016-03-21] (COMODO)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-09] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 FancyRd; C:\Windows\System32\DRIVERS\fancyrd.sys [187840 2012-04-19] (Romex Software)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-03-21] (COMODO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2012-01-17] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-02] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S3 MotioninJoyXFilter; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 VBoxNetFlt; no ImagePath
U3 AppMgmt; no ImagePath
U2 CscService; no ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MFE_RR; \??\C:\Temp\mfe_rr.sys [X]
U3 PeerDistSvc; no ImagePath
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
U3 aswMBR; \??\C:\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Temp\aswVmm.sys [X]
U3 pxldrpog; \??\C:\Temp\pxldrpog.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 01:00 - 2016-04-03 01:00 - 00023935 _____ C:\Users\Ghosting\Downloads\FRST.txt
2016-04-03 00:24 - 2016-04-03 01:00 - 00000000 ____D C:\FRST
2016-04-03 00:23 - 2016-04-03 00:23 - 02374144 _____ (Farbar) C:\Users\Ghosting\Downloads\FRST64.exe
2016-04-02 23:17 - 2016-04-02 23:17 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-02 23:17 - 2016-04-02 23:17 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-02 22:45 - 2016-04-02 22:45 - 00002057 _____ C:\Users\Ghosting\Downloads\aswMBR.txt
2016-04-02 22:45 - 2016-04-02 22:45 - 00000512 _____ C:\Users\Ghosting\Downloads\MBR.dat
2016-04-02 22:43 - 2016-04-02 22:46 - 00000554 _____ C:\Windows\ntbtlog.txt
2016-04-02 22:43 - 2016-04-02 22:34 - 00002140 _____ C:\Users\Ghosting\Downloads\mbar-log-2016-04-02 (22-04-50).txt
2016-04-02 22:41 - 2016-04-02 22:38 - 02870596 _____ C:\Users\Ghosting\Downloads\Info20160402223541.xml
2016-04-02 22:35 - 2016-04-02 22:35 - 00000000 ____D C:\NPE
2016-04-02 22:34 - 2016-04-02 22:34 - 00000000 ____D C:\ProgramData\Norton
2016-04-02 22:04 - 2016-04-02 22:34 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-02 22:03 - 2016-04-02 22:34 - 00000000 ____D C:\Users\Ghosting\Desktop\mbar
2016-04-02 22:00 - 2016-04-02 22:46 - 00000000 ____D C:\Users\Ghosting\Downloads\Anti-Rootkit
2016-04-02 19:49 - 2016-04-02 19:58 - 00229438 _____ C:\TDSSKiller.3.1.0.9_02.04.2016_19.49.30_log.txt
2016-04-02 19:11 - 2016-04-02 19:11 - 00001686 _____ C:\Users\Ghosting\Downloads\AdwCleaner[S1].txt
2016-04-02 18:48 - 2016-04-02 19:46 - 00000000 ____D C:\AdwCleaner
2016-04-02 17:59 - 2016-04-02 17:59 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-02 17:55 - 2016-04-02 17:56 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-02 17:06 - 2016-04-02 17:06 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\abelhadigital.com
2016-04-02 17:06 - 2016-04-02 17:06 - 00000000 ____D C:\ProgramData\abelhadigital.com
2016-04-02 14:57 - 2016-04-02 14:57 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-02 14:56 - 2016-04-02 14:56 - 00002496 _____ C:\Users\Ghosting\Downloads\Rkill.txt
2016-04-02 14:21 - 2016-04-02 14:21 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2016-04-02 14:18 - 2016-04-02 14:18 - 00000000 ____D C:\ProgramData\Shared Space
2016-04-02 05:18 - 2016-04-01 15:06 - 00000967 _____ C:\Windows\system32\Drivers\etc\hosts.ccebak
2016-04-02 03:32 - 2016-04-02 14:15 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Comodo
2016-04-02 03:03 - 2016-04-02 14:20 - 00000000 ____D C:\ProgramData\Comodo
2016-04-01 21:09 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-04-01 21:09 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-04-01 20:07 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-04-01 20:07 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-04-01 20:07 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-04-01 20:07 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-04-01 20:07 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-04-01 20:07 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-01 20:07 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-01 20:07 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-04-01 20:07 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-04-01 20:07 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-04-01 20:07 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-01 20:07 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-04-01 20:07 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-04-01 20:07 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-04-01 20:07 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-04-01 20:07 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-04-01 20:07 - 2016-02-04 13:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-01 20:07 - 2016-01-06 15:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-04-01 20:07 - 2016-01-06 14:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-04-01 20:07 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-04-01 20:07 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-04-01 20:07 - 2015-11-13 19:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-04-01 20:07 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-04-01 20:07 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-04-01 20:07 - 2015-11-13 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-04-01 20:07 - 2015-11-10 14:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-04-01 20:07 - 2015-11-10 14:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-04-01 20:07 - 2015-11-10 14:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-04-01 20:07 - 2015-11-03 15:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-04-01 20:07 - 2015-11-03 14:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-04-01 20:07 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-04-01 20:07 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-04-01 20:07 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-04-01 20:07 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-04-01 20:07 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-04-01 20:07 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-04-01 20:07 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-04-01 20:07 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-04-01 20:07 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-04-01 20:07 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-04-01 20:07 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-04-01 20:07 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-04-01 20:07 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-04-01 20:07 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-04-01 20:07 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-04-01 20:07 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-04-01 20:07 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-04-01 20:07 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2016-04-01 20:06 - 2016-02-09 02:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-01 20:06 - 2016-02-09 02:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-01 20:06 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-01 20:06 - 2016-02-08 16:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-01 20:06 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-01 20:06 - 2016-02-08 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-01 20:06 - 2016-02-08 16:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-01 20:06 - 2016-02-08 16:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-01 20:06 - 2016-02-08 16:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-01 20:06 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-01 20:06 - 2016-02-08 16:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-01 20:06 - 2016-02-08 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-01 20:06 - 2016-02-08 16:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-01 20:06 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-01 20:06 - 2016-02-08 16:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-01 20:06 - 2016-02-08 16:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-01 20:06 - 2016-02-08 16:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-01 20:06 - 2016-02-08 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-01 20:06 - 2016-02-08 16:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-01 20:06 - 2016-02-08 16:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-01 20:06 - 2016-02-08 16:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-01 20:06 - 2016-02-08 16:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-01 20:06 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-01 20:06 - 2016-02-08 16:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-01 20:06 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-01 20:06 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-01 20:06 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-01 20:06 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-01 20:06 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-01 20:06 - 2016-02-08 16:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-01 20:06 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-01 20:06 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-01 20:06 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-01 20:06 - 2016-02-08 14:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-01 20:06 - 2016-02-08 14:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-01 20:06 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-01 20:06 - 2016-02-08 14:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-01 20:06 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-01 20:06 - 2016-02-08 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-01 20:06 - 2016-02-08 14:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-01 20:06 - 2016-02-08 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-01 20:06 - 2016-02-08 14:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-01 20:06 - 2016-02-08 14:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-01 20:06 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-01 20:06 - 2016-02-08 14:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-01 20:06 - 2016-02-08 14:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-01 20:06 - 2016-02-08 14:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-01 20:06 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-01 20:06 - 2016-02-08 14:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-01 20:06 - 2016-02-08 14:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-01 20:06 - 2016-02-08 14:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-01 20:06 - 2016-02-08 13:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-01 20:06 - 2016-02-08 13:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-01 20:06 - 2016-02-08 13:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-01 20:06 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-01 20:06 - 2016-02-08 13:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-01 20:06 - 2016-02-08 13:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-01 20:06 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-01 20:06 - 2016-02-08 13:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-01 20:06 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-01 20:06 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-01 20:06 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-01 20:06 - 2016-02-08 13:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-01 20:06 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-01 20:06 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-01 20:06 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-01 20:06 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-04-01 20:06 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-04-01 20:06 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-04-01 20:06 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-04-01 20:06 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-04-01 20:06 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-04-01 20:06 - 2015-11-10 14:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-04-01 20:06 - 2015-11-10 14:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-04-01 20:06 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-04-01 20:06 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-04-01 20:06 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-04-01 20:06 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-01 20:06 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-01 20:06 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-01 20:06 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-01 20:06 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-01 20:06 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-01 20:06 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-01 20:06 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-01 20:06 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-01 20:06 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-04-01 20:06 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-01 20:06 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-04-01 20:06 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-01 20:06 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-04-01 20:06 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-01 20:06 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-04-01 20:06 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-01 20:06 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-04-01 20:06 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-04-01 20:06 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-04-01 20:06 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-04-01 20:06 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-04-01 20:06 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2016-04-01 20:05 - 2016-02-11 14:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-01 20:05 - 2016-02-11 14:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-01 20:05 - 2016-02-11 14:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-01 20:05 - 2016-02-11 14:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-01 20:05 - 2016-02-11 14:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-01 20:05 - 2016-02-11 14:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-01 20:05 - 2016-02-11 14:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-01 20:05 - 2016-02-11 14:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-01 20:05 - 2016-02-11 14:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-01 20:05 - 2016-02-11 14:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-01 20:05 - 2016-02-11 14:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-01 20:05 - 2016-02-11 14:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-01 20:05 - 2016-02-11 14:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-01 20:05 - 2016-02-11 14:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-01 20:05 - 2016-02-11 14:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-01 20:05 - 2016-02-11 14:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-01 20:05 - 2016-02-11 14:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-01 20:05 - 2016-02-11 14:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-01 20:05 - 2016-02-11 14:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-01 20:05 - 2016-02-11 14:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-01 20:05 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-01 20:05 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-01 20:05 - 2016-02-11 14:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-01 20:05 - 2016-02-11 14:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-01 20:05 - 2016-02-11 14:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-01 20:05 - 2016-02-11 14:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-01 20:05 - 2016-02-11 14:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-01 20:05 - 2016-02-11 14:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-01 20:05 - 2016-02-11 14:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-01 20:05 - 2016-02-11 14:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-01 20:05 - 2016-02-11 14:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-01 20:05 - 2016-02-11 14:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 13:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-01 20:05 - 2016-02-11 13:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-01 20:05 - 2016-02-11 13:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-01 20:05 - 2016-02-11 13:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-01 20:05 - 2016-02-11 13:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-01 20:05 - 2016-02-11 13:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-01 20:05 - 2016-02-11 13:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-01 20:05 - 2016-02-11 13:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-01 20:05 - 2016-02-11 13:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-01 20:05 - 2016-02-11 13:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-01 20:05 - 2016-02-11 13:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-01 20:05 - 2016-02-11 13:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-01 20:05 - 2016-02-11 13:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-01 20:05 - 2016-02-11 13:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-01 20:05 - 2016-02-11 13:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 13:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-01 20:05 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-04-01 20:05 - 2016-02-05 14:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-01 20:05 - 2016-02-05 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-04-01 20:05 - 2016-02-05 14:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-01 20:05 - 2016-02-05 14:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-04-01 20:05 - 2016-02-05 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-04-01 20:05 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-01 20:05 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-04-01 20:05 - 2016-02-05 13:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-01 20:05 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-01 20:05 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-01 20:05 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-04-01 20:05 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-04-01 20:05 - 2016-01-16 15:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-01 20:05 - 2016-01-16 14:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-01 20:05 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-04-01 20:05 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-04-01 20:05 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-04-01 20:05 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-04-01 20:05 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-04-01 20:05 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-04-01 20:05 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-04-01 20:05 - 2015-12-08 17:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-04-01 20:05 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-04-01 20:05 - 2015-12-08 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-04-01 20:05 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-04-01 20:05 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-04-01 20:05 - 2015-12-08 15:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-04-01 20:05 - 2015-12-08 15:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-04-01 20:05 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-04-01 20:05 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-04-01 20:05 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-04-01 20:05 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-04-01 20:05 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-04-01 20:05 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-04-01 20:05 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-04-01 20:05 - 2015-10-13 12:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-04-01 20:05 - 2015-10-13 12:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-04-01 20:05 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-04-01 20:05 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-04-01 20:05 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-04-01 20:05 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-04-01 20:05 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-04-01 20:05 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-01 20:05 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-01 20:05 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-01 20:05 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-01 20:05 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-01 20:05 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-04-01 20:05 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-01 20:05 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-01 20:05 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-04-01 20:05 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-04-01 20:05 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-01 20:05 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-04-01 20:04 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-04-01 20:04 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-04-01 20:04 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-04-01 20:04 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-04-01 20:04 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-04-01 20:04 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-04-01 20:04 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-04-01 20:04 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-04-01 20:04 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-04-01 20:04 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-04-01 20:04 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-04-01 20:04 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-04-01 20:04 - 2016-01-22 02:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-01 20:04 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-04-01 20:04 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-04-01 20:04 - 2016-01-22 02:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-01 20:04 - 2016-01-22 02:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-01 20:04 - 2015-12-08 17:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-04-01 20:04 - 2015-12-08 15:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-04-01 20:04 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-04-01 20:04 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-04-01 20:04 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-04-01 20:04 - 2015-09-23 09:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-04-01 20:04 - 2015-09-23 09:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-04-01 20:04 - 2015-09-23 09:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-04-01 19:21 - 2016-04-01 19:22 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\SVP 3.1
2016-04-01 19:21 - 2016-04-01 19:21 - 00000000 ____D C:\Program Files (x86)\ffdshow
2016-04-01 19:21 - 2016-04-01 19:21 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2016-04-01 19:21 - 2014-09-29 12:23 - 00112640 _____ C:\Windows\SysWOW64\ff_vfw.dll
2016-04-01 18:11 - 2016-04-02 22:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-01 18:09 - 2016-04-02 22:03 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-01 18:09 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-01 18:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-31 22:15 - 2016-03-31 22:15 - 00000085 _____ C:\Windows\wininit.ini
2016-03-31 22:15 - 2016-03-31 22:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-03-31 21:09 - 2016-03-31 21:09 - 00027745 _____ C:\Users\Ghosting\Downloads\ComboFix.txt
2016-03-31 20:36 - 2016-03-31 21:34 - 00000000 ____D C:\Windows\erdnt
2016-03-31 20:36 - 2016-03-31 21:09 - 00000000 ____D C:\Qoobox
2016-03-31 20:04 - 2016-03-31 20:04 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\SUPERAntiSpyware.com
2016-03-31 17:12 - 2016-03-31 17:12 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-31 17:11 - 2016-03-31 17:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-30 19:45 - 2016-03-30 19:45 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-03-30 19:45 - 2011-04-19 03:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMIUE.DLL
2016-03-30 19:45 - 2011-03-14 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BIUE.DLL
2016-03-30 19:45 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2016-03-30 19:44 - 2016-03-30 19:45 - 00000000 ____D C:\ProgramData\EPSON
2016-03-28 16:20 - 2016-04-02 21:27 - 00000170 _____ C:\Users\Ghosting\Desktop\30 days.txt
2016-03-21 19:19 - 2016-03-21 19:19 - 00823344 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2016-03-21 19:19 - 2016-03-21 19:19 - 00116248 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-03-21 19:19 - 2016-03-21 19:19 - 00056464 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-03-21 19:19 - 2016-03-21 19:19 - 00031648 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-03-21 19:17 - 2016-03-21 19:17 - 00596232 _____ (COMODO) C:\Windows\system32\guard64.dll
2016-03-21 19:17 - 2016-03-21 19:17 - 00461648 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2016-03-21 19:17 - 2016-03-21 19:17 - 00051800 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-03-21 19:15 - 2016-03-21 19:15 - 00365240 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2016-03-21 19:14 - 2016-03-21 19:14 - 00051896 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2016-03-21 19:12 - 2016-03-21 19:12 - 00295608 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2016-03-21 19:11 - 2016-03-21 19:11 - 00046776 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2016-03-20 02:16 - 2016-03-20 02:16 - 00000821 _____ C:\Users\Ghosting\Desktop\Slay.lnk
2016-03-12 17:59 - 2016-03-12 18:00 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Taiga
2016-03-05 21:01 - 2016-04-02 20:25 - 00000000 ____D C:\Users\Ghosting\Downloads\OLD
2016-03-04 19:56 - 2016-03-04 19:56 - 00000818 _____ C:\Users\Ghosting\Desktop\Smite.lnk
2016-02-11 19:41 - 2016-02-11 19:41 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Titan Quest Patchfix
2016-02-03 01:29 - 2016-02-03 01:29 - 00014336 ___SH C:\Users\Ghosting\Thumbs.db

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 01:00 - 2015-01-06 02:20 - 00000000 ____D C:\Temp
2016-04-03 00:55 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-03 00:55 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-03 00:53 - 2014-04-10 23:18 - 00000000 ____D C:\Users\Ghosting\AppData\LocalLow\LastPass
2016-04-02 23:47 - 2014-07-20 01:27 - 00003478 _____ C:\Windows\System32\Tasks\SmartShare
2016-04-02 22:40 - 2014-03-28 07:54 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-02 22:40 - 2009-07-14 01:13 - 00920302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-02 22:40 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-02 22:35 - 2015-11-19 03:55 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\qBittorrent
2016-04-02 22:35 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-02 20:25 - 2014-08-02 12:18 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security
2016-04-02 20:24 - 2014-08-02 12:44 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\[Quick]
2016-04-02 20:24 - 2014-08-02 12:43 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced
2016-04-02 20:22 - 2013-08-03 11:33 - 00000000 ___RD C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser
2016-04-02 20:22 - 2012-09-16 20:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser
2016-04-02 20:20 - 2013-04-12 22:39 - 00000000 ___RD C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Settings
2016-04-02 16:55 - 2009-07-13 22:34 - 00000879 _____ C:\Windows\system32\Drivers\etc\HOSTS.bak
2016-04-02 16:43 - 2012-09-13 07:52 - 00000000 ____D C:\Users\Ghosting
2016-04-02 16:27 - 2012-09-12 21:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-02 16:18 - 2015-01-06 02:29 - 00000000 ____D C:\Program Files (x86)\AMD
2016-04-02 16:01 - 2013-05-12 01:59 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-04-02 06:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-02 03:02 - 2012-09-13 21:30 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-02 00:16 - 2015-01-06 04:35 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\MPC-BE
2016-04-01 23:42 - 2014-01-20 20:44 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\MPC-HC
2016-04-01 21:21 - 2015-02-06 06:16 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-01 21:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-01 21:10 - 2015-02-15 13:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-04-01 21:10 - 2015-02-15 13:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-04-01 20:38 - 2012-09-13 21:30 - 00002155 _____ C:\Windows\epplauncher.mif
2016-04-01 20:37 - 2014-05-28 13:18 - 00000000 ____D C:\Windows\system32\MRT
2016-04-01 20:37 - 2012-09-13 21:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-04-01 20:37 - 2012-09-13 21:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-04-01 20:29 - 2012-09-13 22:31 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-01 18:09 - 2014-01-07 17:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-01 16:41 - 2009-07-14 01:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-31 21:34 - 2014-10-13 18:35 - 00000000 ____D C:\ScpServer
2016-03-31 21:34 - 2014-01-20 20:29 - 00000000 ____D C:\Program Files\CCleaner
2016-03-31 21:34 - 2013-08-10 21:00 - 00000000 ____D C:\Windows\Minidump
2016-03-31 21:34 - 2013-03-21 05:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-03-31 21:34 - 2013-03-09 14:25 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\DAEMON Tools Lite
2016-03-31 21:34 - 2012-12-29 15:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-31 21:34 - 2011-04-12 04:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-31 21:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-03-31 20:41 - 2009-07-13 22:34 - 75235328 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-03-31 20:41 - 2009-07-13 22:34 - 23592960 _____ C:\Windows\system32\config\SYSTEM.bak
2016-03-31 20:41 - 2009-07-13 22:34 - 04980736 _____ C:\Windows\system32\config\DEFAULT.bak
2016-03-31 20:41 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-03-31 20:41 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-03-31 16:56 - 2013-03-09 12:46 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Mozilla
2016-03-31 16:51 - 2014-11-20 13:39 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Moonchild Productions
2016-03-31 16:50 - 2013-12-28 17:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-31 16:47 - 2013-03-18 17:18 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-30 21:46 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-03-13 23:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-09 11:57 - 2014-04-07 12:11 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\foobar2000

==================== Files in the root of some directories =======

2014-04-10 23:18 - 2014-04-10 23:18 - 14883840 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-12-17 16:23 - 2015-12-18 21:26 - 0002013 _____ () C:\Users\Ghosting\AppData\Roaming\droid4xinstaller.log
2014-08-05 01:27 - 2014-08-05 01:27 - 0000037 ___SH () C:\Users\Ghosting\AppData\Local\69ff07055291669bb2b218.72821112
2013-03-17 17:43 - 2016-04-02 00:49 - 0226816 _____ () C:\Users\Ghosting\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-16 21:14 - 2013-08-16 21:15 - 1065984 _____ () C:\Users\Ghosting\AppData\Local\file__0.localstorage
2015-11-18 14:41 - 2015-11-18 14:41 - 0000705 _____ () C:\Users\Ghosting\AppData\Local\recently-used.xbel
2013-02-07 17:42 - 2015-12-03 15:35 - 0007594 _____ () C:\Users\Ghosting\AppData\Local\resmon.resmoncfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-30 05:21

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 05 April 2016 - 12:42 AM

Hi Ghosting :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.

 

polskamachina



#3 Ghosting

Ghosting
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 06 April 2016 - 02:24 AM

Just an update since last time. I've stopped using HostsMan, the large hosts file was slowing down browsing too much. Hosts file is currently clean. Switched from Firefox to Chrome, and to OpenDNS. Also, currently have Comodo's Firewall/HIPS running in training mode.



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 06 April 2016 - 06:42 PM

Hi Ghosting :)

 

Thanks for the update. Just to make sure I understand you correctly, are you still not noticing any problems with your computer?

 

polskamachina



#5 Ghosting

Ghosting
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 06 April 2016 - 07:21 PM

Yeah, still haven't noticed any problems.



#6 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 08 April 2016 - 11:03 PM

Hi Ghosting :)

 

I am consulting with staff regarding your issue. Thanks for your patience.

 

polskamachina



#7 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 09 April 2016 - 10:04 AM

Hi Ghosting :)
 
I've looked over your logs and cannot find anything that would indicate that your computer has been compromised. I would put the blame on your bank but they probably won't admit it.
 
I did find one curious entry in your FRST log and was wondering if you were aware that you have a proxy connection configured. The line in question is:

ProxyServer: [S-1-5-21-412266121-979616170-4178972170-1000] => localhost:8080

Next: Please consult with your financial institution and change your account/debit/credit card number, user name, and password again. Make sure that you never configure your browser to remember your passwords. It's an inconvenience to have to type it in every time but it is worth the extra effort. The following link explains some basic password safety.
 
I would also recommend following up with your AdwCleaner scan:
Please download AdwCleaner by Xplode and save to your Desktop.

  • Right-click AdwCleaner and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

In summary I will need from you:

  • Whether or not you're aware of the local host proxy connection
  • Confirmation that you changed your bank account access information, password, and user name.
  • AdwCleaner log.

Let me know if you have any questions.

polskamachina



#8 Ghosting

Ghosting
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 09 April 2016 - 11:23 AM

Good day polskamachina

  • Was not aware of a proxy
  • Changed username/password
  • log below

---

 

# AdwCleaner v5.109 - Logfile created 09/04/2016 at 12:13:21
# Updated 04/04/2016 by Xplode
# Database : 2016-04-07.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Ghosting - IGPC
# Running from : C:\Users\Ghosting\Downloads\adwcleaner_5.109.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser
[-] Folder Deleted : C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1953 bytes] - [02/04/2016 19:42:43]
C:\AdwCleaner\AdwCleaner[C2].txt - [970 bytes] - [09/04/2016 12:13:21]
C:\AdwCleaner\AdwCleaner[S1].txt - [1686 bytes] - [02/04/2016 18:55:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [1759 bytes] - [02/04/2016 19:36:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1832 bytes] - [02/04/2016 19:40:41]
C:\AdwCleaner\AdwCleaner[S4].txt - [1234 bytes] - [02/04/2016 19:46:44]
C:\AdwCleaner\AdwCleaner[S5].txt - [1313 bytes] - [09/04/2016 12:02:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1407 bytes] ##########


#9 Ghosting

Ghosting
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 09 April 2016 - 11:39 AM

Took a look at proxy settings under Internet Properties. The address is localhost and port is 8080, but the checkbox to use the proxy server isn't checked off. Is it fine to leave it as is?

EDIT: I went and cleared both address and port boxes just in case.


Edited by Ghosting, 10 April 2016 - 02:07 AM.


#10 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 10 April 2016 - 01:20 PM

Hi Ghosting :)
 
Going over your logs I also noticed that you have qBitTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall qBitTorrent, however that choice is up to you.
If you wish to keep it, please do not use it until your computer is cleaned.
 
If you choose to remove this program, directions are below.

We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting Remove -> qBitTorrent

Additional instructions can be found here if needed.
 
Next we are going clear out any remaining proxy settings:
 
We need to run a fix with FRST:
Please download the 64-bit version of Farbar Recovery Scan Tool and save it to your Desktop. (To change your download destination folder to the Desktop, right click the above link and choose the Save as... option.)

  • Copy and paste the following text into Notepad.
  • RemoveProxy:
     Save the file to your Desktop as, fixlist.txt
  • Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work!
  • Run FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST64 will generate a log, fixlog.txt in the same location (Desktop) that the tool was run.
  • Please copy and paste the log into your next reply to me.

In summary I will need from you:

  • Your decision about whether or not you uninstalled your torrent software
  • fixlog.txt

Let me know if you have any questions.
 
polskamachina



#11 Ghosting

Ghosting
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 10 April 2016 - 02:12 PM

  • kept torrent software
  • log below

---

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Ghosting (2016-04-10 15:08:30) Run:1
Running from D:\[EXE]\[Security]
Loaded Profiles: Ghosting (Available Profiles: Ghosting)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
RemoveProxy:
*****************
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-412266121-979616170-4178972170-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-412266121-979616170-4178972170-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
==== End of Fixlog 15:08:31 ====


#12 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 12 April 2016 - 12:17 AM

Hi Ghosting,
 
Good job with the implementation of the fixlist. :thumbup2:
Let's get one more FRST64 scan to make sure all is well now.

  • Open the FRST64 program.
  • When the window opens, check the box for Addition.txt
  • Click on Scan
  • When the scan has completed, please copy and paste the FRST.txt and Addition.txt logs into your next reply to me.

Let me know if you have any questions.
 
polskamachina



#13 Ghosting

Ghosting
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 12 April 2016 - 01:07 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Ghosting (administrator) on IGPC (12-04-2016 01:35:01)
Running from D:\[EXE]\[Security]
Loaded Profiles: Ghosting (Available Profiles: Ghosting)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(COMODO) D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Scarlet.Crush Productions) C:\ScpServer\bin\ScpService.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(COMODO) D:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) D:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(erengy) C:\Users\Ghosting\AppData\Roaming\Taiga\Taiga.exe
() C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(COMODO) D:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) D:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2014-10-17] (Broadcom Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [COMODO Internet Security] => D:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-04-07] (COMODO)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-13] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: c:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Run: [qBittorrent] => D:\Program Files (x86)\qBittorrent\qbittorrent.exe [16470528 2016-04-11] ()
HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Run: [Taiga] => C:\Users\Ghosting\AppData\Roaming\Taiga\Taiga.exe [2254336 2016-01-26] (erengy)
HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2016-04-05] ()
HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\MountPoints2: {35f1f1a3-fdb2-11e1-90b0-806e6f6e6963} - D:\autorun.exe
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
Startup: C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2014-10-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 198.168.1.1
Tcpip\..\Interfaces\{0814C02E-AC69-4E8C-B0F4-77E9C26CCD40}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{0814C02E-AC69-4E8C-B0F4-77E9C26CCD40}: [DhcpNameServer] 198.168.1.1
Tcpip\..\Interfaces\{DC62C968-211F-4428-9384-F6A2EB8F594A}: [NameServer] 156.154.70.22,156.154.71.22
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-10] (LastPass)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-10] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2014-04-10] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Program Files (x86)\LastPass\LPToolbar.dll [2014-04-10] (LastPass)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default
FF DefaultSearchEngine.US: DuckDuckGo
FF Homepage: hxxps://duckduckgo.com/
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass64.dll [2014-04-10] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass.dll [2014-04-10] (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Extension: Scrollbar Anywhere - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\{767a0048-69da-4392-b458-55b7a96b66f7} [2015-05-29]
FF Extension: BetterPrivacy - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-12-02]
FF Extension: Status-4-Evar - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\status4evar@caligonstudios.com.xpi [2015-12-07]
FF Extension: SearchPreview - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6} [2015-12-23]
FF Extension: Stylish - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2016-01-28]
FF Extension: LastPass - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\support@lastpass.com [2016-03-09]
FF Extension: Classic Theme Restorer - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2016-03-17]
FF Extension: feedly - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\feedly@devhd.xpi [2016-03-18]
FF Extension: HTTPS-Everywhere - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\https-everywhere-eff@eff.org [2016-03-23]
FF Extension: WOT - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-04-01]
FF Extension: about:addons-memory - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\about-addons-memory@tn123.org.xpi [2015-05-27]
FF Extension: Download Panel Tweaker - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\downloadPanelTweaker@infocatcher.xpi [2015-05-29]
FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\firefox1@myibay.com.xpi [2015-05-29]
FF Extension: MEGA - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\firefox@mega.co.nz.xpi [2016-03-31]
FF Extension: HideScrollbars - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\Hidescrollbars@ArisT2Noia4dev.xpi [2015-12-07]
FF Extension: Gmail™ Notifier (restartless) - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2016-03-19]
FF Extension: Feedly Notifier - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\jid1-BOjn8b0IM7kH2w@jetpack.xpi [2016-03-19]
FF Extension: Reddit Enhancement Suite - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-04-04]
FF Extension: Old Bookmarks Sidebar - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\old_bookmarks_sidebar@francev_nikolay.xpi [2015-05-29]
FF Extension: Rainbow - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\rainbow@colors.org.xpi [2015-05-29]
FF Extension: Menu Wizard - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\s3menu@wizard.xpi [2016-04-02]
FF Extension: TrafficLight - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\trafficlight@bitdefender.com.xpi [2016-04-02]
FF Extension: EPUBReader - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2016-02-19]
FF Extension: NoScript - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-03-23]
FF Extension: FT DeepDark - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2016-02-12]
FF Extension: YouTube High Definition - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-03-31]
FF Extension: Adblock Plus - C:\Users\Ghosting\AppData\Roaming\Mozilla\Firefox\Profiles\xj9qwwa0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-24]
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://duckduckgo.com/
CHR DefaultSearchKeyword: Default -> t
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2016-04-06]
CHR Extension: (No Scroll Bars Please!) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnbemfjhoibkhlijfbbjdjafbmhimdn [2016-04-06]
CHR Extension: (Google Drive) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-06]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2016-04-06]
CHR Extension: (YouTube) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-06]
CHR Extension: (Minimalist for Everything) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2016-04-06]
CHR Extension: (RSS Subscription Extension) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmjffnfcokiodbeiamclanljnaheeoke [2016-04-07]
CHR Extension: (Adblock Plus) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-06]
CHR Extension: (Feedly Notifier) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\egikgfbhipinieabdmcpigejkaomgjgb [2016-04-06]
CHR Extension: (Stylish) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2016-04-06]
CHR Extension: (Empty New Tab Page - Black) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllomkdgoahjlgcblpldnpjcilipjelp [2016-04-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-04-06]
CHR Extension: (Chromarks - Chrome Bookmarks Menu) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdheengilgkagjehknnnofigbmlnnfj [2016-04-06]
CHR Extension: (Black carbon + silver metal) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\lodhggoaglindpoejnjldimdlikkphph [2016-04-06]
CHR Extension: (Google Mail Checker) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-04-06]
CHR Extension: (Scrollbar Anywhere) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\namcaplenodjnggbfkbopdbfngponici [2016-04-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR Extension: (Gmail) - C:\Users\Ghosting\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-12-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-02-02] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.08\AsusFanControlService.exe [324608 2015-12-03] (ASUSTeK Computer Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433760 2015-12-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413280 2015-12-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855648 2015-12-01] (BlueStack Systems, Inc.)
R2 CmdAgent; D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5799552 2016-04-07] (COMODO)
S3 cmdvirth; D:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-04-07] (COMODO)
S3 DAUpdaterSvc; E:\Steam Library\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2015-03-30] (BioWare)
R2 Ds3Service; C:\ScpServer\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2012-10-02] (DTS, Inc)
S3 FoxitCloudUpdateService; D:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
S3 HiPatchService; E:\Games\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160768 2011-05-27] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3472368 2014-12-01] (INCA Internet Co., Ltd.)
S3 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [2099208 2015-11-10] (Electronic Arts)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2014-10-17] (Broadcom Corporation) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14592 2010-10-20] (ASUSTek Computer Inc.)
S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2011-11-04] (Broadcom Corporation.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146016 2015-12-01] (BlueStack Systems)
S3 btwaudio; no ImagePath
S3 btwavdt; no ImagePath
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-21] (Broadcom Corporation.)
S3 btwl2cap; no ImagePath
S3 btwrchid; no ImagePath
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-04-06] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [823848 2016-04-06] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56464 2016-04-06] (COMODO)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-09] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 FancyRd; C:\Windows\System32\DRIVERS\fancyrd.sys [187840 2012-04-19] (Romex Software)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-04-06] (COMODO)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52832 2012-01-17] (hxxp://libusb-win32.sourceforge.net)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S3 MotioninJoyXFilter; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 VBoxNetFlt; no ImagePath
U3 AppMgmt; no ImagePath
U2 CscService; no ImagePath
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MFE_RR; \??\C:\Temp\mfe_rr.sys [X]
U3 PeerDistSvc; no ImagePath
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
S3 X6va016; \??\C:\Windows\SysWOW64\Drivers\X6va016 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-11 13:21 - 2016-04-11 13:21 - 17141991 _____ (The qBittorrent project) C:\Users\Ghosting\Downloads\qbittorrent_3.3.4_setup.exe
2016-04-07 14:23 - 2016-04-07 14:24 - 00003800 _____ C:\Windows\system32\Drivers\fvstore.dat
2016-04-07 14:23 - 2016-04-07 14:23 - 00000000 ___HD C:\VTRoot
2016-04-06 00:10 - 2016-04-06 00:10 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-06 00:09 - 2016-04-06 00:09 - 00987728 _____ (Google Inc.) C:\Users\Ghosting\Downloads\ChromeSetup.exe
2016-04-05 12:18 - 2016-04-12 01:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-05 12:18 - 2016-04-07 17:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-05 02:26 - 2016-04-05 02:26 - 00002020 _____ C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
2016-04-05 02:26 - 2016-04-05 02:26 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\OpenDNS Updater
2016-04-05 02:26 - 2016-04-05 02:26 - 00000000 ____D C:\Program Files (x86)\OpenDNS Updater
2016-04-04 19:48 - 2016-04-04 19:49 - 67878096 _____ C:\Users\Ghosting\Downloads\IronPortable.zip
2016-04-04 18:50 - 2016-04-04 18:50 - 01569672 _____ (PortableApps.com) C:\Users\Ghosting\Downloads\GoogleChromePortable_49.0.2623.110_online.paf.exe
2016-04-03 11:20 - 2016-04-03 11:20 - 19109476 _____ C:\Users\Ghosting\Downloads\tweaking.com_windows_repair_aio.zip
2016-04-03 00:24 - 2016-04-12 01:35 - 00000000 ____D C:\FRST
2016-04-02 23:17 - 2016-04-07 17:01 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-02 23:17 - 2016-04-07 17:01 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-02 22:43 - 2016-04-03 02:50 - 00000684 _____ C:\Windows\ntbtlog.txt
2016-04-02 22:35 - 2016-04-02 22:35 - 00000000 ____D C:\NPE
2016-04-02 22:34 - 2016-04-02 22:34 - 00000000 ____D C:\ProgramData\Norton
2016-04-02 19:49 - 2016-04-02 19:58 - 00229438 _____ C:\TDSSKiller.3.1.0.9_02.04.2016_19.49.30_log.txt
2016-04-02 18:48 - 2016-04-09 12:13 - 00000000 ____D C:\AdwCleaner
2016-04-02 17:59 - 2016-04-02 17:59 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-02 17:55 - 2016-04-02 17:56 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-02 17:06 - 2016-04-02 17:06 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\abelhadigital.com
2016-04-02 17:06 - 2016-04-02 17:06 - 00000000 ____D C:\ProgramData\abelhadigital.com
2016-04-02 14:57 - 2016-04-02 14:57 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-02 14:21 - 2016-04-02 14:21 - 00000000 ____D C:\Windows\System32\Tasks\COMODO
2016-04-02 14:18 - 2016-04-02 14:18 - 00000000 ____D C:\ProgramData\Shared Space
2016-04-02 05:18 - 2016-04-01 15:06 - 00000967 _____ C:\Windows\system32\Drivers\etc\hosts.ccebak
2016-04-02 03:32 - 2016-04-02 14:15 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Comodo
2016-04-02 03:03 - 2016-04-02 14:20 - 00000000 ____D C:\ProgramData\Comodo
2016-04-01 21:09 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-04-01 21:09 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-04-01 20:07 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-04-01 20:07 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-04-01 20:07 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-04-01 20:07 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-04-01 20:07 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-04-01 20:07 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-01 20:07 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-01 20:07 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-04-01 20:07 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-04-01 20:07 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-04-01 20:07 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-01 20:07 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-04-01 20:07 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-04-01 20:07 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-04-01 20:07 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-04-01 20:07 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-04-01 20:07 - 2016-02-04 13:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-01 20:07 - 2016-01-06 15:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-04-01 20:07 - 2016-01-06 14:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-04-01 20:07 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-04-01 20:07 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-04-01 20:07 - 2015-11-13 19:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-04-01 20:07 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-04-01 20:07 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-04-01 20:07 - 2015-11-13 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-04-01 20:07 - 2015-11-10 14:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-04-01 20:07 - 2015-11-10 14:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-04-01 20:07 - 2015-11-10 14:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-04-01 20:07 - 2015-11-03 15:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-04-01 20:07 - 2015-11-03 14:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-04-01 20:07 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-04-01 20:07 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-04-01 20:07 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-04-01 20:07 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-04-01 20:07 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-04-01 20:07 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-04-01 20:07 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-04-01 20:07 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-04-01 20:07 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-04-01 20:07 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-04-01 20:07 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-04-01 20:07 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-04-01 20:07 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-04-01 20:07 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-04-01 20:07 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-04-01 20:07 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-04-01 20:07 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2016-04-01 20:07 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2016-04-01 20:06 - 2016-02-09 02:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-01 20:06 - 2016-02-09 02:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-01 20:06 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-01 20:06 - 2016-02-08 16:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-01 20:06 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-01 20:06 - 2016-02-08 16:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-01 20:06 - 2016-02-08 16:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-01 20:06 - 2016-02-08 16:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-01 20:06 - 2016-02-08 16:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-01 20:06 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-01 20:06 - 2016-02-08 16:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-01 20:06 - 2016-02-08 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-01 20:06 - 2016-02-08 16:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-01 20:06 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-01 20:06 - 2016-02-08 16:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-01 20:06 - 2016-02-08 16:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-01 20:06 - 2016-02-08 16:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-01 20:06 - 2016-02-08 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-01 20:06 - 2016-02-08 16:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-01 20:06 - 2016-02-08 16:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-01 20:06 - 2016-02-08 16:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-01 20:06 - 2016-02-08 16:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-01 20:06 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-01 20:06 - 2016-02-08 16:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-01 20:06 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-01 20:06 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-01 20:06 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-01 20:06 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-01 20:06 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-01 20:06 - 2016-02-08 16:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-01 20:06 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-01 20:06 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-01 20:06 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-01 20:06 - 2016-02-08 14:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-01 20:06 - 2016-02-08 14:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-01 20:06 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-01 20:06 - 2016-02-08 14:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-01 20:06 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-01 20:06 - 2016-02-08 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-01 20:06 - 2016-02-08 14:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-01 20:06 - 2016-02-08 14:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-01 20:06 - 2016-02-08 14:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-01 20:06 - 2016-02-08 14:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-01 20:06 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-01 20:06 - 2016-02-08 14:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-01 20:06 - 2016-02-08 14:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-01 20:06 - 2016-02-08 14:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-01 20:06 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-01 20:06 - 2016-02-08 14:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-01 20:06 - 2016-02-08 14:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-01 20:06 - 2016-02-08 14:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-01 20:06 - 2016-02-08 13:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-01 20:06 - 2016-02-08 13:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-01 20:06 - 2016-02-08 13:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-01 20:06 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-01 20:06 - 2016-02-08 13:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-01 20:06 - 2016-02-08 13:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-01 20:06 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-01 20:06 - 2016-02-08 13:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-01 20:06 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-01 20:06 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-01 20:06 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-01 20:06 - 2016-02-08 13:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-01 20:06 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-01 20:06 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-01 20:06 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-01 20:06 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-04-01 20:06 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-04-01 20:06 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-04-01 20:06 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-04-01 20:06 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-04-01 20:06 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-04-01 20:06 - 2015-11-10 14:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-04-01 20:06 - 2015-11-10 14:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-04-01 20:06 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-04-01 20:06 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2016-04-01 20:06 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-04-01 20:06 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-01 20:06 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-01 20:06 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-01 20:06 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-01 20:06 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-01 20:06 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-01 20:06 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-01 20:06 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-01 20:06 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-01 20:06 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-04-01 20:06 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-01 20:06 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-04-01 20:06 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-01 20:06 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-04-01 20:06 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-01 20:06 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2016-04-01 20:06 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-01 20:06 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-04-01 20:06 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-04-01 20:06 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-04-01 20:06 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-04-01 20:06 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2016-04-01 20:06 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2016-04-01 20:05 - 2016-02-11 14:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-01 20:05 - 2016-02-11 14:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-01 20:05 - 2016-02-11 14:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-01 20:05 - 2016-02-11 14:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-01 20:05 - 2016-02-11 14:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-01 20:05 - 2016-02-11 14:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-01 20:05 - 2016-02-11 14:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-01 20:05 - 2016-02-11 14:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-01 20:05 - 2016-02-11 14:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-01 20:05 - 2016-02-11 14:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-01 20:05 - 2016-02-11 14:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-01 20:05 - 2016-02-11 14:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-01 20:05 - 2016-02-11 14:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-01 20:05 - 2016-02-11 14:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-01 20:05 - 2016-02-11 14:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-01 20:05 - 2016-02-11 14:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-01 20:05 - 2016-02-11 14:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-01 20:05 - 2016-02-11 14:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-01 20:05 - 2016-02-11 14:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-01 20:05 - 2016-02-11 14:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-01 20:05 - 2016-02-11 14:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-01 20:05 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-01 20:05 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-01 20:05 - 2016-02-11 14:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-01 20:05 - 2016-02-11 14:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-01 20:05 - 2016-02-11 14:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-01 20:05 - 2016-02-11 14:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-01 20:05 - 2016-02-11 14:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-01 20:05 - 2016-02-11 14:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-01 20:05 - 2016-02-11 14:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-01 20:05 - 2016-02-11 14:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-01 20:05 - 2016-02-11 14:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-01 20:05 - 2016-02-11 14:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-01 20:05 - 2016-02-11 14:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 13:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-01 20:05 - 2016-02-11 13:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-01 20:05 - 2016-02-11 13:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-01 20:05 - 2016-02-11 13:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-01 20:05 - 2016-02-11 13:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-01 20:05 - 2016-02-11 13:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-01 20:05 - 2016-02-11 13:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-01 20:05 - 2016-02-11 13:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-01 20:05 - 2016-02-11 13:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-01 20:05 - 2016-02-11 13:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-01 20:05 - 2016-02-11 13:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-01 20:05 - 2016-02-11 13:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-01 20:05 - 2016-02-11 13:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-01 20:05 - 2016-02-11 13:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-01 20:05 - 2016-02-11 13:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 13:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-01 20:05 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-01 20:05 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-04-01 20:05 - 2016-02-05 14:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-04-01 20:05 - 2016-02-05 14:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-04-01 20:05 - 2016-02-05 14:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-04-01 20:05 - 2016-02-05 14:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-04-01 20:05 - 2016-02-05 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-04-01 20:05 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-04-01 20:05 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-04-01 20:05 - 2016-02-05 13:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-04-01 20:05 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-04-01 20:05 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-04-01 20:05 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-04-01 20:05 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-04-01 20:05 - 2016-01-16 15:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-01 20:05 - 2016-01-16 14:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-01 20:05 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-04-01 20:05 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-04-01 20:05 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-04-01 20:05 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-04-01 20:05 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-04-01 20:05 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-04-01 20:05 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-04-01 20:05 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-04-01 20:05 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-04-01 20:05 - 2015-12-08 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-04-01 20:05 - 2015-12-08 17:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-04-01 20:05 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-04-01 20:05 - 2015-12-08 17:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-04-01 20:05 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-04-01 20:05 - 2015-12-08 15:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-04-01 20:05 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-04-01 20:05 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-04-01 20:05 - 2015-12-08 15:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-04-01 20:05 - 2015-12-08 15:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-04-01 20:05 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-04-01 20:05 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-04-01 20:05 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-04-01 20:05 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-04-01 20:05 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-04-01 20:05 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-04-01 20:05 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-04-01 20:05 - 2015-10-13 12:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-04-01 20:05 - 2015-10-13 12:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-04-01 20:05 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-04-01 20:05 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-04-01 20:05 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-04-01 20:05 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-04-01 20:05 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2016-04-01 20:05 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-04-01 20:05 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-04-01 20:05 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-01 20:05 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-04-01 20:05 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-04-01 20:05 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-04-01 20:05 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-04-01 20:05 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-01 20:05 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-04-01 20:05 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-04-01 20:05 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-04-01 20:05 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-04-01 20:04 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-04-01 20:04 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-04-01 20:04 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-04-01 20:04 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-04-01 20:04 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-04-01 20:04 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-04-01 20:04 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-04-01 20:04 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-04-01 20:04 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-04-01 20:04 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-04-01 20:04 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-04-01 20:04 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-04-01 20:04 - 2016-01-22 02:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-01 20:04 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-04-01 20:04 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-04-01 20:04 - 2016-01-22 02:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-01 20:04 - 2016-01-22 02:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-01 20:04 - 2015-12-08 17:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-04-01 20:04 - 2015-12-08 15:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-04-01 20:04 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2016-04-01 20:04 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2016-04-01 20:04 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-04-01 20:04 - 2015-09-23 09:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-04-01 20:04 - 2015-09-23 09:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-04-01 20:04 - 2015-09-23 09:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-04-01 19:21 - 2016-04-01 19:22 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\SVP 3.1
2016-04-01 19:21 - 2016-04-01 19:21 - 00000000 ____D C:\Program Files (x86)\ffdshow
2016-04-01 19:21 - 2016-04-01 19:21 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5
2016-04-01 19:21 - 2014-09-29 12:23 - 00112640 _____ C:\Windows\SysWOW64\ff_vfw.dll
2016-04-01 18:11 - 2016-04-10 03:01 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-01 18:09 - 2016-04-02 22:03 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-01 18:09 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-01 18:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-03-31 22:15 - 2016-03-31 22:15 - 00000085 _____ C:\Windows\wininit.ini
2016-03-31 22:15 - 2016-03-31 22:15 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-03-31 20:36 - 2016-03-31 21:34 - 00000000 ____D C:\Windows\erdnt
2016-03-31 20:36 - 2016-03-31 21:09 - 00000000 ____D C:\Qoobox
2016-03-31 20:04 - 2016-03-31 20:04 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\SUPERAntiSpyware.com
2016-03-31 17:12 - 2016-03-31 17:12 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-31 17:11 - 2016-03-31 17:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-30 19:45 - 2016-03-30 19:45 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-03-30 19:45 - 2011-04-19 03:03 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMIUE.DLL
2016-03-30 19:45 - 2011-03-14 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BIUE.DLL
2016-03-30 19:45 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2016-03-30 19:44 - 2016-03-30 19:45 - 00000000 ____D C:\ProgramData\EPSON
2016-03-28 16:20 - 2016-04-07 16:27 - 00000220 _____ C:\Users\Ghosting\Desktop\30 days.txt
2016-03-21 19:19 - 2016-04-06 08:19 - 00116248 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2016-03-21 19:19 - 2016-04-06 08:19 - 00056464 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2016-03-21 19:19 - 2016-04-06 08:18 - 00823848 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2016-03-21 19:19 - 2016-04-06 08:18 - 00031648 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2016-03-21 19:17 - 2016-04-06 08:17 - 00051800 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2016-03-21 19:17 - 2016-04-06 08:16 - 00596232 _____ (COMODO) C:\Windows\system32\guard64.dll
2016-03-21 19:17 - 2016-04-06 08:16 - 00461648 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2016-03-21 19:15 - 2016-04-06 08:14 - 00365752 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2016-03-21 19:14 - 2016-04-06 08:14 - 00051896 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2016-03-21 19:12 - 2016-04-06 08:12 - 00296120 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2016-03-21 19:11 - 2016-04-06 08:11 - 00046776 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2016-03-20 02:16 - 2016-03-20 02:16 - 00000821 _____ C:\Users\Ghosting\Desktop\Slay.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-12 01:35 - 2015-01-06 02:20 - 00000000 ____D C:\Temp
2016-04-11 20:11 - 2015-11-19 03:55 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\qBittorrent
2016-04-11 12:58 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-11 12:58 - 2009-07-14 00:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-11 12:55 - 2014-03-28 07:54 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-11 12:55 - 2009-07-14 01:13 - 00879594 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-11 12:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-11 12:50 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-07 02:02 - 2014-04-10 23:18 - 00000000 ____D C:\Users\Ghosting\AppData\LocalLow\LastPass
2016-04-06 00:10 - 2013-12-28 17:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-05 02:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-03 16:51 - 2016-03-05 21:01 - 00000000 ____D C:\Users\Ghosting\Downloads\OLD
2016-04-03 02:57 - 2014-08-02 12:43 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced
2016-04-03 02:32 - 2009-07-13 22:34 - 00506590 _____ C:\Windows\system32\Drivers\etc\HOSTS.bak
2016-04-03 01:23 - 2015-01-06 01:45 - 00000000 __SHD C:\Users\Ghosting\AppData\LocalLow\EmieBrowserModeList
2016-04-03 01:23 - 2014-08-23 21:40 - 00000000 __SHD C:\Users\Ghosting\AppData\LocalLow\EmieUserList
2016-04-03 01:23 - 2014-08-23 21:40 - 00000000 __SHD C:\Users\Ghosting\AppData\LocalLow\EmieSiteList
2016-04-02 23:47 - 2014-07-20 01:27 - 00003478 _____ C:\Windows\System32\Tasks\SmartShare
2016-04-02 20:25 - 2014-08-02 12:18 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security
2016-04-02 20:24 - 2014-08-02 12:44 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\[Quick]
2016-04-02 20:20 - 2013-04-12 22:39 - 00000000 ___RD C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Settings
2016-04-02 16:43 - 2012-09-13 07:52 - 00000000 ____D C:\Users\Ghosting
2016-04-02 16:27 - 2012-09-12 21:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-02 16:18 - 2015-01-06 02:29 - 00000000 ____D C:\Program Files (x86)\AMD
2016-04-02 16:01 - 2013-05-12 01:59 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-04-02 06:21 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-02 03:02 - 2012-09-13 21:30 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-04-02 00:16 - 2015-01-06 04:35 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\MPC-BE
2016-04-01 23:42 - 2014-01-20 20:44 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\MPC-HC
2016-04-01 21:21 - 2015-02-06 06:16 - 00268392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-01 21:20 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-01 21:10 - 2015-02-15 13:15 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-04-01 21:10 - 2015-02-15 13:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-04-01 20:38 - 2012-09-13 21:30 - 00002155 _____ C:\Windows\epplauncher.mif
2016-04-01 20:37 - 2014-05-28 13:18 - 00000000 ____D C:\Windows\system32\MRT
2016-04-01 20:37 - 2012-09-13 21:30 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-04-01 20:37 - 2012-09-13 21:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-04-01 20:29 - 2012-09-13 22:31 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-01 18:09 - 2014-01-07 17:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-01 16:41 - 2009-07-14 01:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-31 21:34 - 2014-10-13 18:35 - 00000000 ____D C:\ScpServer
2016-03-31 21:34 - 2014-01-20 20:29 - 00000000 ____D C:\Program Files\CCleaner
2016-03-31 21:34 - 2013-08-10 21:00 - 00000000 ____D C:\Windows\Minidump
2016-03-31 21:34 - 2013-03-21 05:07 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-03-31 21:34 - 2013-03-09 14:25 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\DAEMON Tools Lite
2016-03-31 21:34 - 2012-12-29 15:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-31 21:34 - 2011-04-12 04:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-31 21:34 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-03-31 20:41 - 2009-07-13 22:34 - 75235328 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-03-31 20:41 - 2009-07-13 22:34 - 23592960 _____ C:\Windows\system32\config\SYSTEM.bak
2016-03-31 20:41 - 2009-07-13 22:34 - 04980736 _____ C:\Windows\system32\config\DEFAULT.bak
2016-03-31 20:41 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-03-31 20:41 - 2009-07-13 22:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-03-31 16:56 - 2013-03-09 12:46 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Mozilla
2016-03-31 16:51 - 2014-11-20 13:39 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Moonchild Productions
2016-03-31 16:47 - 2013-03-18 17:18 - 00000000 ____D C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-30 21:46 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
 
==================== Files in the root of some directories =======
 
2014-04-10 23:18 - 2014-04-10 23:18 - 14883840 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-12-17 16:23 - 2015-12-18 21:26 - 0002013 _____ () C:\Users\Ghosting\AppData\Roaming\droid4xinstaller.log
2014-08-05 01:27 - 2014-08-05 01:27 - 0000037 ___SH () C:\Users\Ghosting\AppData\Local\69ff07055291669bb2b218.72821112
2013-03-17 17:43 - 2016-04-02 00:49 - 0226816 _____ () C:\Users\Ghosting\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-16 21:14 - 2013-08-16 21:15 - 1065984 _____ () C:\Users\Ghosting\AppData\Local\file__0.localstorage
2015-11-18 14:41 - 2015-11-18 14:41 - 0000705 _____ () C:\Users\Ghosting\AppData\Local\recently-used.xbel
2013-02-07 17:42 - 2015-12-03 15:35 - 0007594 _____ () C:\Users\Ghosting\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-08 14:35
 
==================== End of FRST.txt ============================
 
---
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Ghosting (2016-04-12 01:35:50)
Running from D:\[EXE]\[Security]
Windows 7 Home Premium Service Pack 1 (X64) (2012-09-13 11:52:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-412266121-979616170-4178972170-500 - Administrator - Disabled)
Ghosting (S-1-5-21-412266121-979616170-4178972170-1000 - Administrator - Enabled) => C:\Users\Ghosting
Guest (S-1-5-21-412266121-979616170-4178972170-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Age of Empires® III: Complete Collection (HKLM-x32\...\Steam App 105450) (Version:  - Ensemble Studios)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Amazon Kindle (HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{D6BCFAC4-9F12-E1D2-803E-0F2C6CE7EE0D}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Antichamber (HKLM-x32\...\Steam App 219890) (Version:  - Alexander Bruce)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Banished (HKLM-x32\...\Steam App 242920) (Version:  - Shining Rock Software LLC)
Bastion (HKLM-x32\...\Steam App 107100) (Version:  - Supergiant Games)
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version:  - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version:  - Irrational Games)
BlueStacks App Player (HKLM-x32\...\{D080F290-4B2A-4C67-9757-63DA0C6E8855}) (Version: 2.0.0.1011 - BlueStack Systems, Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Braid (HKLM-x32\...\Steam App 26800) (Version:  - Number None)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.5.3200 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.100.82.97 - Broadcom Corporation)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version:  - Criterion Games)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
COMODO Firewall (HKLM\...\{0BC63E80-F9DE-40B2-AE07-EFAD9C82E06E}) (Version: 8.2.0.4978 - COMODO Security Solutions Inc.)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Craft The World (HKLM-x32\...\Steam App 248390) (Version:  - Dekovir Entertainment)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Curse Client (HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Dead Rising 3 (HKLM-x32\...\Steam App 265550) (Version:  - Capcom Game Studio Vancouver)
Defense Grid: The Awakening (HKLM-x32\...\Steam App 18500) (Version:  - Hidden Path Entertainment)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
DiskCheckup v3.3 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.3.1000 - PassMark Software)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
Divinity II: Developer's Cut (HKLM-x32\...\Steam App 219780) (Version:  - Larian Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
Dropbox (HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Endless Space (HKLM-x32\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
Fight The Dragon (HKLM-x32\...\Steam App 250560) (Version:  - 3 Sprockets)
FINAL FANTASY III (HKLM-x32\...\Steam App 239120) (Version:  - Square Enix)
FINAL FANTASY IV (HKLM-x32\...\Steam App 312750) (Version:  - Square Enix)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version:  - SQUARE ENIX)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version:  - Filip Victor)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version:  - Gearbox Software)
Half-Life: Opposing Force (HKLM-x32\...\Steam App 50) (Version:  - Gearbox Software)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HostsMan 4.6.103 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.6.103.0 - abelhadigital.com)
Icaros 2.2.2 (HKLM\...\Icaros_is1) (Version: 2.2.2.0 - Tabibito Technology)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2752 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
KCP Black 1.0.8 (HKLM-x32\...\KCP Black_is1) (Version: 1.0.8 - Haruhichan.com)
Kingdoms of Amalur: Reckoning™ (HKLM-x32\...\Steam App 102500) (Version:  - Big Huge Games)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version:  - Almost Human Games)
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect (HKLM-x32\...\Steam App 17460) (Version:  - BioWare)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Max Payne 3 (HKLM-x32\...\Steam App 204100) (Version:  - Rockstar Studios)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Firefox 45.0.1 (x86 en-US) (HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Game Long Name (HKLM\...\UDK-5cad613e-ac3d-47ae-9d5d-a4f34ef95402) (Version:  - Epic Games, Inc.)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
Need for Speed: Hot Pursuit (HKLM-x32\...\Steam App 47870) (Version:  - Criterion Games)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.2 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.7 - Notepad++ Team)
Octodad: Dadliest Catch (HKLM-x32\...\Steam App 224480) (Version:  - Young Horses)
Oddworld: Abe's Oddysee (HKLM-x32\...\Steam App 15700) (Version:  - Oddworld Inhabitants)
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Overlord (HKLM-x32\...\Steam App 11450) (Version:  - Triumph Studios)
Overlord II (HKLM-x32\...\Steam App 12810) (Version:  - Triumph Studios)
Overlord: Raising Hell (HKLM-x32\...\Steam App 12710) (Version:  - Triumph Studios)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
Papo & Yo (HKLM-x32\...\Steam App 227080) (Version: 2.0 - Minority Media Inc.)
Pokémon Trading Card Game Online (HKLM-x32\...\{F1F2C3CF-BE57-4C12-951E-2F0A01C173F4}) (Version: 2.23.1 - The Pokémon Company International)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Primo Ramdisk Ultimate Edition 5.5.0 (HKLM\...\{94B97E1E-9B67-4012-A126-6319E211A298}_is1) (Version: 5.5.0 - Romex Software)
PSP Type B Driver 1.2.6 (HKLM-x32\...\PSP Type B Driver) (Version: 1.2.6 - ${PRODUCT_PUBLISHER})
qBittorrent 3.3.4 (HKLM-x32\...\qBittorrent) (Version: 3.3.4 - The qBittorrent project)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6772 - Realtek Semiconductor Corp.)
RealWorld Cursor Editor (HKLM-x32\...\{25A344BB-378D-4E51-9A39-780755012B2D}) (Version: 13.1.0 - RealWorld Graphics)
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version:  - EasyGameStation)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Reus (HKLM-x32\...\Steam App 222730) (Version:  - Abbey Games)
Rogue Legacy (HKLM-x32\...\Steam App 241600) (Version:  - Cellar Door Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Scrolls (HKLM-x32\...\{AA53ACF4-5893-4F7C-8589-32F6A4266125}) (Version: 1.0.0.0 - Mojang)
Sean O'Connor's Windows Games (HKLM-x32\...\Sean O'Connor's Windows Games_is1) (Version:  - Sean O'Connor's Windows Games)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version:  - Flying Wild Hog)
Should I Remove It (HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sins of a Solar Empire®: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 3.5.3323.0 - Hi-Rez Studios)
SmoothVideo Project version 3.1.7a (HKLM-x32\...\SmoothVideo Project_is1) (Version: 3.1.7a - SVP)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Solar 2 (HKLM-x32\...\Steam App 97000) (Version:  - Murudai)
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - Terry Cavanagh)
Supreme Commander (HKLM-x32\...\Steam App 9350) (Version:  - Gas Powered Games)
Supreme Commander: Forged Alliance (HKLM-x32\...\Steam App 9420) (Version:  - Gas Powered Games)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
Taiga (HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\Taiga) (Version: 1.2 - erengy)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Last Remnant (HKLM-x32\...\Steam App 23310) (Version:  - SQUARE ENIX)
The Legend of Heroes: Trails in the Sky (HKLM-x32\...\Steam App 251150) (Version:  - Nihon Falcom)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD PROJEKT RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD PROJEKT RED)
Titan Quest (HKLM-x32\...\Steam App 4540) (Version:  - Iron Lore Entertainment)
Titan Quest: Immortal Throne (HKLM-x32\...\Steam App 4550) (Version:  - Iron Lore Entertainment)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Transistor (HKLM-x32\...\Steam App 237930) (Version:  - Supergiant Games)
Trine (HKLM-x32\...\Steam App 35700) (Version:  - Frozenbyte)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
Unepic (HKLM-x32\...\Steam App 233980) (Version:  - Francisco Téllez de Meneses)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
Valkyria Chronicles™ (HKLM-x32\...\Steam App 294860) (Version:  - SEGA)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Viscera Cleanup Detail: Shadow Warrior (HKLM-x32\...\Steam App 255520) (Version:  - RuneStorm)
Warframe (HKLM-x32\...\{42401058-F9E0-4170-99E9-47A643E67FC6}) (Version: 1.0.0 - Digital Extremes)
Wargame: AirLand Battle (HKLM-x32\...\Steam App 222750) (Version:  - Eugen Systems)
Wargame: European Escalation (HKLM-x32\...\Steam App 58610) (Version:  - Eugen Systems)
WIDCOMM Bluetooth Software (HKLM\...\{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}) (Version: 6.5.0.3200 - Broadcom Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-412266121-979616170-4178972170-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-412266121-979616170-4178972170-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-412266121-979616170-4178972170-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-412266121-979616170-4178972170-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-412266121-979616170-4178972170-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-412266121-979616170-4178972170-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-412266121-979616170-4178972170-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-412266121-979616170-4178972170-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-412266121-979616170-4178972170-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-412266121-979616170-4178972170-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {25B4AC96-E65D-448D-BA04-E17CA700B447} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-07] (COMODO)
Task: {409BD5B3-C317-43CF-A6A0-915521405C83} - System32\Tasks\DMT\Warning 3 => D:\Ghosting\Documents\[My]\TskMsg\rdmsg3.vbs
Task: {590F9047-EB93-4540-927D-47159CC8A756} - System32\Tasks\DMT\Warning 2 => D:\Ghosting\Documents\[My]\TskMsg\rdmsg2.vbs
Task: {6A2B53D1-7E33-4214-BC87-139274676A3B} - System32\Tasks\ASUS\i-Setup084814 => C:\Windows\Chipset\AsusSetup.exe [2010-09-08] (ASUSTeK Computer Inc.)
Task: {B8B94FFE-E833-4A38-8013-0FA0826A9BA4} - System32\Tasks\SmartShare => C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe
Task: {B9D2B510-25DB-405F-A687-0FBC57842C2E} - System32\Tasks\DMT\Warning 1 => D:\Ghosting\Documents\[My]\TskMsg\rdmsg1.vbs
Task: {DB8423C6-FBC4-4619-99DE-2F1553EAEFE1} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => D:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-04-07] (COMODO)
Task: {EE5BD2F7-7443-403C-9F42-DC6BB2CE17B1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {EE656DDA-86A6-4440-9B0C-B84F7530BDFD} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => D:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-04-07] (COMODO)
Task: {FBB8315A-53AA-44BA-B960-82976EA1CA8F} - System32\Tasks\ASUS\ASUS AI Suite II Execute => D:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-03 17:27 - 2015-12-03 17:28 - 00920736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-07-28 14:29 - 2014-07-28 14:29 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 14:32 - 2014-07-28 14:32 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 14:29 - 2014-07-28 14:29 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 14:31 - 2014-07-28 14:31 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2010-06-16 17:42 - 2016-04-05 02:26 - 00839680 _____ () C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
2015-12-03 17:27 - 2016-04-11 12:50 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2015-12-03 17:27 - 2010-06-29 11:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-12-03 17:29 - 2011-07-12 20:14 - 00147456 _____ () D:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2015-12-03 17:29 - 2010-10-05 09:22 - 00253952 _____ () D:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2015-12-03 17:29 - 2012-03-21 13:07 - 00972288 _____ () D:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2015-12-03 17:29 - 2012-05-25 11:33 - 00883712 _____ () D:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2015-12-03 17:29 - 2012-05-28 22:27 - 01622528 _____ () D:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2015-12-03 17:29 - 2011-09-19 21:18 - 01243136 _____ () D:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2015-12-03 17:29 - 2011-07-21 10:06 - 00846848 _____ () D:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2015-12-03 17:29 - 2011-10-14 21:03 - 00885248 _____ () D:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2015-12-03 17:29 - 2010-10-05 09:22 - 00208896 _____ () D:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2015-12-03 17:29 - 2009-08-12 21:15 - 00253952 _____ () D:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
2016-04-02 03:39 - 2016-04-02 03:39 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\384e5d911d6517b2f6db742c6aa22cf0\IsdiInterop.ni.dll
2012-09-13 14:04 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-09-13 23:03 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-04-06 00:10 - 2016-03-27 03:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-04-06 00:10 - 2016-03-27 03:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Ghosting\Downloads\ChromeSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Ghosting\Downloads\ChromeSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Ghosting\Downloads\GoogleChromePortable_49.0.2623.110_online.paf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Ghosting\Downloads\GoogleChromePortable_49.0.2623.110_online.paf.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Ghosting\Downloads\IronPortable.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Ghosting\Downloads\IronPortable.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Ghosting\Downloads\qbittorrent_3.3.4_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Ghosting\Downloads\tweaking.com_windows_repair_aio.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Ghosting\Downloads\tweaking.com_windows_repair_aio.zip:$CmdZnID [26]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-412266121-979616170-4178972170-1000\...\aeriagames.com -> hxxp://aeriagames.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2016-04-04 00:29 - 00000827 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-412266121-979616170-4178972170-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ghosting\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => 
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: SDTray => 
MSCONFIG\startupreg: StartCCC => 
MSCONFIG\startupreg: XboxStat => 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{363A0BD0-21F2-422D-91B6-D125F60648FF}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CD22629A-48CF-4A68-95B1-FB557DDB7733}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA18E86C-A5BD-4695-A54F-BD7F78834C22}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E9DD8A52-9A98-49E0-9E30-3B566341AC08}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A670EC59-9D68-4EA7-BD95-99F795B106BD}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{50AE868F-C982-45DB-82B1-2455469E1D8C}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{2BCE1B82-C6DA-4A73-828C-FEDB54746440}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{8D7877E4-0CDF-4D98-AF47-672660C0988F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2514\Agent.exe
FirewallRules: [{539BF61F-333D-4D06-B118-20A167CD543D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{716CCEE5-B71A-49BE-AF07-10F1B9EEC26B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{6DEE8D56-C1BE-4357-BA1A-86290C65674E}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7676CB7E-1D29-46B1-8B61-DE423B1B9D39}] => (Allow) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{D43001F8-506C-4797-B23D-66181587E8FF}D:\program files (x86)\mirc\mirc.exe] => (Allow) D:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{8E274D36-A3F6-4F4C-83F0-EAD67B2657FB}D:\program files (x86)\mirc\mirc.exe] => (Allow) D:\program files (x86)\mirc\mirc.exe
FirewallRules: [{3D1B5C45-0ACD-42BA-ADE5-D8B2746DF240}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{F4E25B65-6EC4-4C4E-BAE2-24DFE722F2F7}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{C1470069-9183-4837-A043-A95A42A2DACA}] => (Allow) C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C73D1007-71C6-4D72-B86E-758995C965CF}] => (Allow) C:\Users\Ghosting\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F9CE5AC2-AB48-4297-8E83-B95549C718A5}] => (Allow) LPort=5357
FirewallRules: [{E3595031-2D16-45A7-B667-8D0D2227A663}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E21201F7-1D38-4755-B844-716932055DB7}] => (Allow) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{021ADCB7-12EF-4DF5-B8B2-0991E3C8B093}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{F633892C-0196-43E4-818B-C6C3A3AF1F47}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{273E2C0C-7DAA-47AE-8434-07DB5110C6D7}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{4AD235AB-47C9-460C-AD17-4B5C0DD2D695}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [TCP Query User{64091545-3127-43AD-9402-61EC0F956C64}C:1\java\bin\java.exe] => (Allow) C:1\java\bin\java.exe
FirewallRules: [UDP Query User{6E6AD638-9DDC-4281-BD22-3BEFED8E97E6}C:1\java\bin\java.exe] => (Allow) C:1\java\bin\java.exe
FirewallRules: [TCP Query User{A4539D94-14F4-446B-89A7-2A3104A8614E}C:1\java\bin\java.exe] => (Block) C:1\java\bin\java.exe
FirewallRules: [UDP Query User{E8CF1B5E-43D3-4F66-AE6B-80D5A507B176}C:1\java\bin\java.exe] => (Block) C:1\java\bin\java.exe
FirewallRules: [TCP Query User{652E7632-D786-48B9-947E-B8686CED1365}D:\program files (x86)\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{28180EF8-768D-49CB-94B5-0ACE50BEAAA0}D:\program files (x86)\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{1DF6DACB-70DF-4539-82A0-9CC6512FEA17}H:\java\bin\java.exe] => (Allow) H:\java\bin\java.exe
FirewallRules: [UDP Query User{908A6BBE-CE17-44B2-B863-6AD5D2354326}H:\java\bin\java.exe] => (Allow) H:\java\bin\java.exe
FirewallRules: [TCP Query User{A172B6D4-278A-40E8-AA6D-D1D44DBE1EF5}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{D472A17A-BDAA-4CE7-AA09-6875D91708CC}C:\program files (x86)\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{BBC6C790-00BC-45A0-B5E5-F3B1BDC3E5A6}] => (Allow) E:\Steam Library\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{A1C6089D-2364-4D1C-A4DC-C9FE5E1A6085}] => (Allow) E:\Steam Library\steamapps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{E03AEEB1-BAAE-48C1-A6DB-E2B5460739EB}] => (Allow) E:\Steam Library\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{66B32601-02B2-425E-B7DF-1FDE8177CB99}] => (Allow) E:\Steam Library\steamapps\common\Batman Arkham Asylum GOTY\Binaries\BmLauncher.exe
FirewallRules: [{3DB7A4E2-5CE9-4F02-BB48-9FDD51F1B8F7}] => (Allow) E:\Steam Library\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{8AD1D98C-10CE-41F0-9D4F-602C11607291}] => (Allow) E:\Steam Library\steamapps\common\Batman Arkham City GOTY\Binaries\Win32\BatmanAC.exe
FirewallRules: [{A9C6BB72-7776-48DB-996D-B7B4CB93263F}] => (Allow) E:\Steam Library\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{CB647FD5-0672-4FB8-A609-31D7C60FB0BE}] => (Allow) E:\Steam Library\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{FAC15A0E-B8DF-4080-9598-11B0F2A68CE9}] => (Allow) E:\Steam Library\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{7BAFA80F-9736-4B47-8568-23C48423ADBF}] => (Allow) E:\Steam Library\steamapps\common\Banished\Application-steam-x64.exe
FirewallRules: [{5C1E943B-8F44-42D8-9DA2-A0705A984F25}] => (Allow) E:\Steam Library\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{C5D8C823-904B-4384-A1F3-8B560BD5B1B3}] => (Allow) E:\Steam Library\steamapps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{2C4064D1-FC29-405F-A329-C25C27E75940}] => (Allow) E:\Steam Library\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{25E5B883-256F-444E-8438-960B4352EDA6}] => (Allow) E:\Steam Library\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{A6978632-0A39-4874-A1CF-BC6A8D33079F}] => (Allow) E:\Steam Library\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{A71D4A42-3787-4012-BAB7-796DBA24EE8B}] => (Allow) E:\Steam Library\steamapps\common\Rogue Legacy\RogueLegacy.exe
FirewallRules: [{869B6F05-5DDB-4C0A-A26A-BE1E0FF844EE}] => (Allow) E:\Steam Library\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{90AAC0E3-8D9E-4DCE-9158-AE7E43AC842F}] => (Allow) E:\Steam Library\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{EA5DBBAC-14F4-42DE-9061-15504D5D5559}] => (Allow) E:\Steam Library\steamapps\common\Braid\braid.exe
FirewallRules: [{A423A4AA-CC80-469B-A5CB-39BE43C556A6}] => (Allow) E:\Steam Library\steamapps\common\Braid\braid.exe
FirewallRules: [{EFBA2D62-FA6D-4785-A80C-F59913468045}] => (Allow) E:\Steam Library\steamapps\common\Limbo\limbo.exe
FirewallRules: [{CED7B8D2-8A94-4D8F-ACE4-670EDF987803}] => (Allow) E:\Steam Library\steamapps\common\Limbo\limbo.exe
FirewallRules: [{A0C210A9-7A2D-407F-B228-A3F931F5D795}] => (Allow) E:\Steam Library\steamapps\common\Reus\Reus.exe
FirewallRules: [{7741A47C-3E7C-4E1F-9B5F-5904018654B1}] => (Allow) E:\Steam Library\steamapps\common\Reus\Reus.exe
FirewallRules: [{C0C8D3B5-265A-41E6-A02A-300BF927405E}] => (Allow) E:\Steam Library\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{2DED1516-5152-48F0-AA84-37C3F6FD2AE1}] => (Allow) E:\Steam Library\steamapps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{87B35C02-1582-4CA5-B20E-CCA0716FF6E2}] => (Allow) E:\Steam Library\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{51DB6980-C714-4062-B038-0D23FC6D9F01}] => (Allow) E:\Steam Library\steamapps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{CE776B8F-13E2-441A-BBAA-7C5EBD06ABDF}] => (Allow) E:\Steam Library\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{92A45EDF-8E30-4CE9-90E4-6047880BBEF8}] => (Allow) E:\Steam Library\steamapps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{C2DE0C2E-C518-47A2-AE6B-5326F5B22327}] => (Allow) E:\Steam Library\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{9ACF8BA9-6ECA-474F-B52D-7E46C4038572}] => (Allow) E:\Steam Library\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{365102DF-B363-499B-8547-CC9AABD8776B}] => (Allow) E:\Steam Library\steamapps\common\Half-Life\hl.exe
FirewallRules: [{62ED5D09-3D50-4033-8E44-FE87D9C08459}] => (Allow) E:\Steam Library\steamapps\common\Half-Life\hl.exe
FirewallRules: [{22B1116C-5689-4C6A-A395-80901D65D156}] => (Allow) E:\Steam Library\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{9CFDD48C-EF61-40CF-82D5-FCC96E7C5AD4}] => (Allow) E:\Steam Library\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{3D88333B-3FCF-44B6-9119-FC41D6DB2CDF}] => (Allow) E:\Steam Library\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{F928D152-4345-486D-8E5D-8AC0A387F465}] => (Allow) E:\Steam Library\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{B6927CF4-EE82-4EFC-9F28-1DE9FEF5D5F4}] => (Allow) E:\Steam Library\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{A3CBC868-6F08-454B-9808-F8603C3A50C4}] => (Allow) E:\Steam Library\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{00B7261A-9A02-4208-924E-1B09741A717F}] => (Allow) E:\Steam Library\steamapps\common\Red Orchestra 2 - Single Player\Binaries\Win32\ROGame.exe
FirewallRules: [{65E6E2DC-82B2-4609-8453-08F40F6C9DE5}] => (Allow) E:\Steam Library\steamapps\common\Red Orchestra 2 - Single Player\Binaries\Win32\ROGame.exe
FirewallRules: [{3D46740A-2A4E-4A0C-AE2A-283E3B083CE6}] => (Allow) E:\Steam Library\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{FEEF3EE6-227A-4FEE-8E79-DEE9078DD76D}] => (Allow) E:\Steam Library\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{2871E13C-E2F8-48C2-A189-2FC22A9A547D}] => (Allow) E:\Steam Library\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{A2DA1A6D-77AE-4038-BEE5-DB47825B4AB7}] => (Allow) E:\Steam Library\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{C667D551-A3EB-413C-98AE-D31586F633FB}] => (Allow) E:\Steam Library\steamapps\common\SS2\Shock2.exe
FirewallRules: [{4FD44C72-D86C-4422-AD3A-C17192EA30D6}] => (Allow) E:\Steam Library\steamapps\common\SS2\Shock2.exe
FirewallRules: [{4FE12D6A-7FBD-40AC-A67A-1718B78A42E8}] => (Allow) E:\Steam Library\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{4FFEA76B-F7E1-4BC1-8CC2-D3611D893B01}] => (Allow) E:\Steam Library\steamapps\common\Octodad Dadliest Catch\OctodadDadliestCatch.exe
FirewallRules: [{B3ADC905-E6BD-4C14-A56C-4B1530219645}] => (Allow) E:\Steam Library\steamapps\common\Solar 2\Solar2.exe
FirewallRules: [{5C787CE3-726C-402A-A4A3-56D077A32A84}] => (Allow) E:\Steam Library\steamapps\common\Solar 2\Solar2.exe
FirewallRules: [{E6562AD5-4A79-499B-8DA9-ABAAEC806052}] => (Allow) E:\Steam Library\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{A1D3730C-4179-4C63-B569-604C6BF70F77}] => (Allow) E:\Steam Library\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{D457ED58-4BA2-49A4-8A0A-09F59485C6E4}] => (Allow) E:\Steam Library\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{5881C283-C9C2-410E-87FF-C5A532FFAF87}] => (Allow) E:\Steam Library\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{FF8C0C99-72F6-413D-A1FF-F2439087693C}] => (Allow) E:\Steam Library\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{CBFA52F2-E36E-4102-A18F-34FC6EDCAC46}] => (Allow) E:\Steam Library\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{551EA730-C67C-4335-AB2D-9D94397164EE}] => (Allow) E:\Steam Library\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{A36C87B2-CC77-4C36-A9D8-1C86DDF6F62E}] => (Allow) E:\Steam Library\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{7EE58FB9-AA39-4A7B-8424-8B800C6585B2}] => (Allow) E:\Steam Library\steamapps\common\PapoYo\Binaries\Win32\PYGame-Win32-Shipping.exe
FirewallRules: [{D8FD8FCB-C420-4EFA-A570-66A8F55C978F}] => (Allow) E:\Steam Library\steamapps\common\PapoYo\Binaries\Win32\PYGame-Win32-Shipping.exe
FirewallRules: [{80B6BF01-C4CB-4889-9745-5C528D106DC4}] => (Allow) E:\Steam Library\steamapps\common\Portal\hl2.exe
FirewallRules: [{1C53D395-1824-498C-9B28-5D674060B2EA}] => (Allow) E:\Steam Library\steamapps\common\Portal\hl2.exe
FirewallRules: [{AFF92E18-69BF-4E95-82F2-4FFB440DCAB8}] => (Allow) E:\Steam Library\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{18CB668B-DE53-452C-BBF2-E61CFB651F9B}] => (Allow) E:\Steam Library\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{A8758EAC-FB37-45AF-AEDD-62042EAEB6A9}] => (Allow) E:\Steam Library\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{47532B69-61AD-4E00-BD95-6248668AB0B4}] => (Allow) E:\Steam Library\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{496E47B0-54B4-4248-99B0-36464F83DF75}] => (Allow) E:\Steam Library\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{64463557-5D11-4498-90DD-443508FA6B37}] => (Allow) E:\Steam Library\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{D876B75A-2A81-4801-9483-4D80C23B3BA3}] => (Allow) E:\Steam Library\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{8625E897-E628-465E-B5AA-96FA00422EAB}] => (Allow) E:\Steam Library\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{6A016036-4B99-4F79-A7D2-6F450822D752}] => (Allow) E:\Steam Library\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{D4730EAF-82B9-4386-9687-22186DB03FA9}] => (Allow) E:\Steam Library\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{FE7B9F89-0E0A-4926-92C0-D18A1E0BAB5A}] => (Allow) E:\Steam Library\steamapps\common\Need for Speed Hot Pursuit\NFS11.exe
FirewallRules: [{5004E664-281C-4047-B775-B60E3C01A97A}] => (Allow) E:\Steam Library\steamapps\common\Need for Speed Hot Pursuit\NFS11.exe
FirewallRules: [{8F9B9401-D521-46B7-9A10-743BAB183F3A}] => (Allow) E:\Steam Library\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F6367432-CDC4-428F-A87E-3B33B59B8CB5}] => (Allow) E:\Steam Library\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{D0E81B9E-0E2E-4BF1-B3F1-BE5652F2919C}] => (Allow) E:\Steam Library\steamapps\common\Supreme Commander\bin\SupremeCommander.exe
FirewallRules: [{00D9F6FC-0B1E-4F26-8C64-DEF3147A891D}] => (Allow) E:\Steam Library\steamapps\common\Supreme Commander\bin\SupremeCommander.exe
FirewallRules: [{C785C890-49E1-4CF8-83F0-08B1404A3AE7}] => (Allow) E:\Steam Library\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe
FirewallRules: [{441BD01C-7266-4C89-A41F-A13F499CF622}] => (Allow) E:\Steam Library\steamapps\common\Supreme Commander Forged Alliance\bin\SupremeCommander.exe
FirewallRules: [{1556EF58-F1BE-4E49-AE37-9D776D5D54B7}] => (Allow) E:\Steam Library\steamapps\common\Overlord\Overlord.exe
FirewallRules: [{E12B8E37-E091-49AE-9FCD-D3282D5BE8EB}] => (Allow) E:\Steam Library\steamapps\common\Overlord\Overlord.exe
FirewallRules: [{797E0FA5-6F97-46A9-A9D4-26A5130D2A70}] => (Allow) E:\Steam Library\steamapps\common\Overlord\Config.exe
FirewallRules: [{5DA98E2E-67A7-439F-A86B-63AF2C8AE2D5}] => (Allow) E:\Steam Library\steamapps\common\Overlord\Config.exe
FirewallRules: [{E84C9367-8AB6-4D72-A5B3-A2D95BD0BBC7}] => (Allow) E:\Steam Library\steamapps\common\Overlord II\Overlord2.exe
FirewallRules: [{4D3A9C9D-F172-43E5-A57D-5E8C4973E7BE}] => (Allow) E:\Steam Library\steamapps\common\Overlord II\Overlord2.exe
FirewallRules: [{E697D6A8-A823-4AF9-97EE-60A9B6EB9A52}] => (Allow) E:\Steam Library\steamapps\common\Overlord II\Config.exe
FirewallRules: [{5A5A42BB-4D8B-44C6-9338-C9B9314411E4}] => (Allow) E:\Steam Library\steamapps\common\Overlord II\Config.exe
FirewallRules: [{3FFFD5DD-63C6-4D6B-899A-BF08266ED9CF}] => (Allow) E:\Steam Library\steamapps\common\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{8FCB7E13-934F-4A23-BB4E-D851E011A554}] => (Allow) E:\Steam Library\steamapps\common\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{ADCD2B15-0C85-4717-80A4-208CA6460843}] => (Allow) E:\Steam Library\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{6E7D2C01-3F1C-427A-BBC3-A03B47A78F5E}] => (Allow) E:\Steam Library\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{9CC98D3F-338F-4521-B34B-E3BE360C517E}] => (Allow) E:\Steam Library\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{DECBE4A7-2143-4F25-8B8B-A0B2393083BE}] => (Allow) E:\Steam Library\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{F1497887-10AF-4A36-BE2D-1B9EE593BA60}] => (Allow) E:\Steam Library\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{3583E412-9D9F-487B-9291-1DD4C7334C04}] => (Allow) E:\Steam Library\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{3FD89BC4-4648-43D7-A393-FA36D8B9339B}] => (Allow) E:\Steam Library\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{FF2799DE-2216-4617-B7E1-D5F612FAB33D}] => (Allow) E:\Steam Library\steamapps\common\the witcher 2\Launcher.exe
FirewallRules: [{60F0660B-FE88-4EB0-946A-5AB73F647833}] => (Allow) E:\Steam Library\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{4C87D5B6-F9EE-4FB0-B2D6-421071A6EAB9}] => (Allow) E:\Steam Library\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{568EC0E1-066B-4E01-A2EC-E11BEE62EDD1}] => (Allow) E:\Steam Library\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{2A0EA38E-412A-447C-89C6-1DAAB184F5F2}] => (Allow) E:\Steam Library\steamapps\common\The Last Remnant\Binaries\TLR.exe
FirewallRules: [{F4D59263-DA9D-40BD-A2D0-5CAAE1B67754}] => (Allow) E:\Steam Library\steamapps\common\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{D706E883-EB2C-4A64-9917-ACCD663D81D8}] => (Allow) E:\Steam Library\steamapps\common\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{0784C84E-36D5-40D0-B51A-4157F2F18196}] => (Allow) E:\Steam Library\steamapps\common\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{0AA84D3F-2711-4711-B9CC-BD7CCA57AEB8}] => (Allow) E:\Steam Library\steamapps\common\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{F8CADEC7-D0DD-4398-A050-36FFA986A18D}] => (Allow) E:\Steam Library\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{5CBAE6C0-8A9F-44AF-92A2-26C2BC9414C1}] => (Allow) E:\Steam Library\steamapps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{2B5F4AC8-F7DC-4B14-AF82-58EC918B61EB}] => (Allow) E:\Steam Library\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{89F3329C-6D06-402B-A529-C35BF673B2AC}] => (Allow) E:\Steam Library\steamapps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{291E771D-30DE-46FC-9D0F-FA8AD223BBB1}] => (Allow) E:\Steam Library\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{0DFD8FD3-A45B-405F-936F-6E19B84DCF6C}] => (Allow) E:\Steam Library\steamapps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{310A2525-5D87-4BF5-BEE1-F8F1EC4E9AA1}] => (Allow) E:\Steam Library\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{E126701B-66E1-4A83-8D5A-EF37FBF15272}] => (Allow) E:\Steam Library\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{6F37A3FB-C486-4B1F-BDEB-BB6E18C3EB67}] => (Allow) E:\Steam Library\steamapps\common\Wargame European Escalation\WarGame.exe
FirewallRules: [{DE6A182D-8B0F-4BBA-BDDF-33AA0FBA5180}] => (Allow) E:\Steam Library\steamapps\common\Wargame European Escalation\WarGame.exe
FirewallRules: [{3D3EA821-3F5A-4CF1-87A4-DDD3169F8ACE}] => (Allow) E:\Steam Library\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{920EF198-136A-43A3-AE1B-FC3F91ABA30D}] => (Allow) E:\Steam Library\steamapps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{AD969CC8-F5D7-4C7E-B728-7EC24F7AC029}] => (Allow) E:\Steam Library\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{B0D4CAC4-8751-4193-8B50-0EAD97D45C7E}] => (Allow) E:\Steam Library\steamapps\common\KOAReckoning\Reckoning.exe
FirewallRules: [{733D10A2-F135-48B1-9954-2E51D2F1843B}] => (Allow) E:\Steam Library\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{DE477013-7BEF-4F81-A85E-39838CFB01B3}] => (Allow) E:\Steam Library\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{5B68420A-5467-4CEB-B91A-99CCB1C0598C}] => (Allow) E:\Steam Library\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{5976EBB8-3F2A-45C8-974E-3867E4C7E84D}] => (Allow) E:\Steam Library\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{D6E2D4BB-5CBB-4A13-BCB0-3A1235223631}] => (Allow) E:\Steam Library\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{1C6E407F-6174-4810-A293-C417ED1B0365}] => (Allow) E:\Steam Library\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{45218CA4-DFD4-4712-8F9A-9B4353D17CF9}] => (Allow) E:\Steam Library\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{6E55AD60-EADF-4057-8618-F2B4D74A04A5}] => (Allow) E:\Steam Library\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{DFB4DE0E-FA35-409D-9738-0653276C7A1F}] => (Allow) E:\Steam Library\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{D58630F1-AC47-4C1C-A714-6B1B434F15EB}] => (Allow) E:\Steam Library\steamapps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{1E2CE0D5-FA56-4483-A3FE-3AD05271E89A}] => (Allow) E:\Steam Library\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{9BFE2DF5-0489-4F57-8EBF-B0EFB03625F2}] => (Allow) E:\Steam Library\steamapps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{7EEB34C1-4DEA-443A-BF19-DD5900B96207}] => (Allow) E:\Steam Library\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{B9116CDB-9A00-40CA-8072-2FDEB22FBA5C}] => (Allow) E:\Steam Library\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{26911E8F-31D4-4363-8435-DA4581453E66}] => (Allow) E:\Steam Library\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{D6AFD940-D8B2-4D15-9E05-EC70B71AC014}] => (Allow) E:\Steam Library\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{B281E2F6-672D-430F-81CA-CDAC4C75F1F6}] => (Allow) E:\Steam Library\steamapps\common\divinity2_dev_cut\Autorun.exe
FirewallRules: [{3EF8F079-2B27-4DA9-86C7-0299A4625A10}] => (Allow) E:\Steam Library\steamapps\common\divinity2_dev_cut\Autorun.exe
FirewallRules: [{B79A3742-C1D1-4AE3-80D3-5B2E0C91A21A}] => (Allow) E:\Steam Library\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{FD064A8F-F3FC-483B-82C1-720DFAE6723F}] => (Allow) E:\Steam Library\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{91B94A17-10B8-4394-8BC1-4DD33E38A335}] => (Allow) E:\Steam Library\steamapps\common\Wargame Airland Battle\WarGame2.exe
FirewallRules: [{7836170E-2F6E-4257-9D7A-3681E2CB1606}] => (Allow) E:\Steam Library\steamapps\common\Wargame Airland Battle\WarGame2.exe
FirewallRules: [{7991BB06-1968-4263-B596-34A5704F90B1}] => (Allow) E:\Steam Library\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{6B4B247D-7674-433C-B9F4-B52E5F0162DD}] => (Allow) E:\Steam Library\steamapps\common\Transistor\x64\Transistor.exe
FirewallRules: [{8C9E29E3-A8F9-4C36-AFBB-A3546FB82978}] => (Allow) E:\Steam Library\steamapps\common\Final Fantasy III\FF3_Launcher.exe
FirewallRules: [{32397635-32E2-4D43-BCFE-E33C5875E309}] => (Allow) E:\Steam Library\steamapps\common\Final Fantasy III\FF3_Launcher.exe
FirewallRules: [{2C08A064-8D9A-4838-9413-BD05142D088B}] => (Allow) E:\Steam Library\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{24D1B9A6-95E4-47CD-B24E-ABC73B7BC1FD}] => (Allow) E:\Steam Library\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{BF0026E3-EFCA-4631-B651-E0E195A6B23C}] => (Allow) E:\Steam Library\steamapps\common\FightTheDragon\FightTheDragon.exe
FirewallRules: [{3FA94BB4-2508-4093-8C26-1B4F184E23A6}] => (Allow) E:\Steam Library\steamapps\common\FightTheDragon\FightTheDragon.exe
FirewallRules: [{39945885-0D9E-4E52-93F0-D5D8ED050371}] => (Allow) E:\Steam Library\steamapps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{5067B22D-ECB2-4C06-A4D2-C3EF07D8A034}] => (Allow) E:\Steam Library\steamapps\common\Trails in the Sky FC\ed6_win.exe
FirewallRules: [{13789572-60FF-4788-B829-E22E02C165A8}] => (Allow) E:\Steam Library\steamapps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{ACD53FDD-C454-423D-AB75-8164F0860E69}] => (Allow) E:\Steam Library\steamapps\common\Trails in the Sky FC\Config.exe
FirewallRules: [{82CFF048-E8F5-4F42-94BF-E8F0ADE052C6}] => (Allow) E:\Steam Library\steamapps\common\deadrising3\deadrising3.exe
FirewallRules: [{CCA9076F-460C-4363-8AF3-F8CEFFF8AE6F}] => (Allow) E:\Steam Library\steamapps\common\deadrising3\deadrising3.exe
FirewallRules: [{F1FDB1E8-9999-48D1-8E43-E03DFA09E4ED}] => (Allow) E:\Steam Library\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{E38E295E-2C9E-400D-BFC5-98E2DBF616ED}] => (Allow) E:\Steam Library\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{47F0D4CB-0227-4C69-9C21-5163B66722C4}] => (Allow) E:\Steam Library\steamapps\common\Final Fantasy IV\FF4_Launcher.exe
FirewallRules: [{8B1EA09B-A8BB-47D1-9E58-E47DB5366630}] => (Allow) E:\Steam Library\steamapps\common\Final Fantasy IV\FF4_Launcher.exe
FirewallRules: [{DE8FB0E9-D674-4F9B-91BE-40170B3C4ADE}] => (Allow) E:\Steam Library\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{009139C6-E284-4F3F-A790-1F7A9DD8F809}] => (Allow) E:\Steam Library\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{F91289CE-9535-4648-B3BC-4FF44DBAB222}] => (Allow) E:\Steam Library\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{82F26CD9-FE45-483F-A800-185E7595B192}] => (Allow) E:\Steam Library\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [TCP Query User{157FFC14-7015-45C6-9E3D-19955DD2EEBC}E:\steam library\steamapps\common\brothers - a tale of two sons\binaries\win32\brothers.exe] => (Allow) E:\steam library\steamapps\common\brothers - a tale of two sons\binaries\win32\brothers.exe
FirewallRules: [UDP Query User{DB3164A7-A126-48C7-81DB-F9909A492C10}E:\steam library\steamapps\common\brothers - a tale of two sons\binaries\win32\brothers.exe] => (Allow) E:\steam library\steamapps\common\brothers - a tale of two sons\binaries\win32\brothers.exe
FirewallRules: [{E0B3A59A-C4C9-4316-8FAC-3873A79E37E2}] => (Allow) E:\Steam Library\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{B1795669-BCB9-4C26-924C-76772D05303C}] => (Allow) E:\Steam Library\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [TCP Query User{4579E674-4CB1-4F8C-9816-146D6B986F81}E:\steam library\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) E:\steam library\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{34EFD824-63C4-46DE-87A6-05F2A8733205}E:\steam library\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) E:\steam library\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{028348D2-2938-4F10-86EA-4575A7800794}E:\steam library\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steam library\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{F6B7E2D6-21D5-461F-B647-075B31465D02}E:\steam library\steamapps\common\the witcher 2\bin\witcher2.exe] => (Allow) E:\steam library\steamapps\common\the witcher 2\bin\witcher2.exe
FirewallRules: [{398FBFD3-6EC7-4226-82D3-4305515BD2F9}] => (Allow) E:\Steam Library\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{66B6A472-930B-41C8-A40D-3B6C20189B43}] => (Allow) E:\Steam Library\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [TCP Query User{764FF29B-FEDD-4687-BAF6-B51B3270B944}E:\steam library\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\steam library\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{DD896524-9C47-4873-B905-8B6010612512}E:\steam library\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) E:\steam library\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{A119109E-2C06-49BF-A353-68AA5AF2CF10}E:\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) E:\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{6CFD2DF6-5DFB-4E8E-8ED2-AEB60F17C4B6}E:\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) E:\steam library\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{62B968B7-7F2C-4291-9F14-5CF1197EA971}] => (Allow) D:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{1EAF46F3-BF16-4BF4-8EC6-1AF428157AF9}] => (Allow) D:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{72ECEB07-1AEB-45C7-AE6D-231E9B184DF7}] => (Allow) C:\Users\Ghosting\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{3BAE21E6-F82F-4207-BD67-2C88274D1A34}] => (Allow) D:\Program Files (x86)\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [{B3E1BCF2-BE29-4BF2-84CE-4E564E2DA9B4}] => (Allow) D:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{C7841BFB-04EA-4233-84D6-5F833EB3ABE8}] => (Allow) D:\Program Files (x86)\Warframe\Downloaded\Public\Warframe.x64.exe
FirewallRules: [{210E224B-B2F6-4F48-9FA6-A7C6481FE337}] => (Allow) C:\Users\Ghosting\AppData\Local\Warframe\Downloaded\Public\Tools\Launcher.exe
FirewallRules: [{1B7FF0EC-6CDC-4608-81F5-61E7D5051CEC}] => (Allow) D:\Program Files (x86)\Warframe\Downloaded\Public\Tools\RemoteCrashSender.exe
FirewallRules: [TCP Query User{15FA76AC-BED5-49E0-9E8D-123112068ADE}E:\games\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\games\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [UDP Query User{2414D5E3-E425-467A-8473-FF8484AF7BBA}E:\games\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe] => (Allow) E:\games\hi-rez studios\hirezgames\smite\binaries\win32\smite.exe
FirewallRules: [{BD055321-7B5A-4AE6-89C3-35E56CB7E194}] => (Allow) E:\Steam Library\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{FC338492-3EA7-4970-980B-97954D3831E4}] => (Allow) E:\Steam Library\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win32\UDK.exe
FirewallRules: [{D41487C8-D9DC-44E7-B404-0B824E834A4E}] => (Allow) E:\Steam Library\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{DBF14EBF-913E-4839-A63C-05E4F40DE036}] => (Allow) E:\Steam Library\steamapps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{F3119CB1-FB89-49D4-B6FB-FD87ED1D5A29}] => (Allow) E:\Steam Library\steamapps\common\Unepic\unepic.exe
FirewallRules: [{F9FC260B-4021-4064-A707-55502FE04887}] => (Allow) E:\Steam Library\steamapps\common\Unepic\unepic.exe
FirewallRules: [{C2990714-F421-4C09-B362-761E09FF75B8}] => (Allow) E:\Steam Library\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{68B6797D-05F3-4701-8FF6-B06FCE273F19}] => (Allow) E:\Steam Library\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{CF1FB3D8-ADDE-4927-A52D-0F991681AE32}] => (Allow) E:\Steam Library\steamapps\common\Oddworld Abes Oddysee\AbeWin.exe
FirewallRules: [{5A95623D-D2D8-46AB-81CA-FC404E4A8AE0}] => (Allow) E:\Steam Library\steamapps\common\Oddworld Abes Oddysee\AbeWin.exe
FirewallRules: [{6A0525BD-55C8-460F-AFD3-6D339A3914D7}] => (Allow) E:\Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{13F5CAFD-3010-4B31-8F9A-D54F9F6FE91E}] => (Allow) E:\Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{A2661429-1CFA-4DE1-9226-2AD69D63FC65}] => (Allow) D:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{8E7C00BF-0D3C-4B2D-8B4F-14F290B6D0A4}] => (Allow) D:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
FirewallRules: [{8EF59C1B-91CE-4D97-938D-75478EB2BA6C}] => (Allow) LPort=2869
FirewallRules: [{02F446C0-38B5-4B2F-83B9-015A22584AB6}] => (Allow) LPort=1900
FirewallRules: [{543322D3-FAA2-48E0-83D3-530C47215AE2}] => (Allow) E:\Steam Library\steamapps\common\Titan Quest Immortal Throne\Tqit.exe
FirewallRules: [{F3865783-B1A0-4C98-ADD1-F6399C5B3324}] => (Allow) E:\Steam Library\steamapps\common\Titan Quest Immortal Throne\Tqit.exe
FirewallRules: [{B508BC1F-296D-4D16-9566-BF901F85D48C}] => (Allow) E:\Steam Library\steamapps\common\Titan Quest\Titan Quest.exe
FirewallRules: [{EDA52203-09A4-46D0-90CD-33E768AD1518}] => (Allow) E:\Steam Library\steamapps\common\Titan Quest\Titan Quest.exe
FirewallRules: [{FF284311-7100-42A8-B45D-4E50CA752BB3}] => (Allow) E:\Steam Library\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{7A0D9711-20DF-4B47-A26A-D9269D3EE2F7}] => (Allow) E:\Steam Library\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{DD807003-942C-4E15-B52B-4ADBBB6ED449}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A13AC466-F776-4747-8F8C-22A3FA239BF0}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{880D6655-B154-4410-A625-DC49CC84D006}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
 
==================== Restore Points =========================
 
03-04-2016 00:42:26 04-03 Cleaned
03-04-2016 02:43:47 Revo Uninstaller Pro's restore point - Revo Uninstaller 1.95
05-04-2016 11:58:46 Windows Update
09-04-2016 12:05:30 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom 802.11n Network Adapter
Description: Broadcom 802.11n Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/12/2016 01:33:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (04/11/2016 12:52:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/11/2016 03:32:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/10/2016 10:49:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpc-be.exe, version: 1.4.5.787, time stamp: 0x5603a44f
Faulting module name: aticfx32.dll_unloaded, version: 0.0.0.0, time stamp: 0x56464c99
Exception code: 0xc0000005
Fault offset: 0x65d05f4f
Faulting process id: 0x1448
Faulting application start time: 0xmpc-be.exe0
Faulting application path: mpc-be.exe1
Faulting module path: mpc-be.exe2
Report Id: mpc-be.exe3
 
Error: (04/10/2016 10:14:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpc-be.exe, version: 1.4.5.787, time stamp: 0x5603a44f
Faulting module name: aticfx32.dll_unloaded, version: 0.0.0.0, time stamp: 0x56464c99
Exception code: 0xc0000005
Fault offset: 0x65d05f4f
Faulting process id: 0x1e28
Faulting application start time: 0xmpc-be.exe0
Faulting application path: mpc-be.exe1
Faulting module path: mpc-be.exe2
Report Id: mpc-be.exe3
 
Error: (04/10/2016 03:07:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (04/10/2016 03:06:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (04/10/2016 12:54:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/10/2016 03:08:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (04/09/2016 05:00:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mpc-be.exe, version: 1.4.5.787, time stamp: 0x5603a44f
Faulting module name: aticfx32.dll_unloaded, version: 0.0.0.0, time stamp: 0x56464c99
Exception code: 0xc0000005
Fault offset: 0x67605f4f
Faulting process id: 0x9c
Faulting application start time: 0xmpc-be.exe0
Faulting application path: mpc-be.exe1
Faulting module path: mpc-be.exe2
Report Id: mpc-be.exe3
 
 
System errors:
=============
Error: (04/12/2016 01:31:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/12/2016 01:21:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/12/2016 01:11:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/12/2016 01:01:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/12/2016 12:51:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/12/2016 12:41:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/12/2016 12:31:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/12/2016 12:21:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/12/2016 12:11:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (04/12/2016 12:01:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
CodeIntegrity:
===================================
  Date: 2016-04-12 01:34:02.769
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-12 01:23:22.042
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-11 22:12:49.431
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-11 21:26:37.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-11 20:44:23.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-11 20:11:19.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-11 18:15:44.348
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-11 18:08:46.542
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-11 17:24:18.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-11 15:32:22.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 30%
Total physical RAM: 8137.69 MB
Available physical RAM: 5688 MB
Total Virtual: 16273.58 MB
Available Virtual: 13241.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:107.34 GB) (Free:41.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.88 GB) (Free:69.93 GB) NTFS
Drive e: (Media) (Fixed) (Total:3725.9 GB) (Free:825.33 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: 48BBDC56)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: AD894BA3)
Partition 1: (Active) - (Size=107.3 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: 1549F232)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#14 polskamachina

polskamachina

  • Malware Response Team
  • 4,035 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 AM

Posted 13 April 2016 - 11:03 AM

Hi Ghosting :)
 
Your machine appears to be doing fine now. Please continue with the following steps that will remove all the diagnostic tools you used to scan and clean your system. Though you really didn't have any serious malware on your system, these are the final steps I recommend before you resume your normal computer operations.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop.

  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click the Run button.

When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.
 
Below are some security tips to read. Following these guidelines will help you avoid another visit to the Malware Removal Forum. :woot:

Be safe.  :hello:

polskamachina



#15 Ghosting

Ghosting
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 13 April 2016 - 02:24 PM

Thank you for the help.  :thumbsup:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users