Theodore_Tran
Members-
Posts
5 -
Joined
-
Last visited
Reputation
0 Neutral-
Mysterious Ad Audio Playing
Theodore_Tran replied to Theodore_Tran's topic in Resolved Malware Removal Logs
Thank you so much for the help. -
Mysterious Ad Audio Playing
Theodore_Tran replied to Theodore_Tran's topic in Resolved Malware Removal Logs
No concerns. Everything is fine, no ad audios. I was just worried that I wasn't safe doing any online purchasing, banking etc. because of possible threats.Do you recommend anything, basic computer practices that would keep me safe? -
Mysterious Ad Audio Playing
Theodore_Tran replied to Theodore_Tran's topic in Resolved Malware Removal Logs
Hello, here are the second logs that were requested. Zemana AntiMalware============================================== Zemana AntiMalware 2.21.2.139 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2016/7/24 Operating System : Windows 8.1 64-bit Processor : 2X AMD A6-4400M APU with Radeon(tm) HD Graphics BIOS Mode : UEFI CUID : 12E44D9268B89F4F1EAC7A Scan Type : Smart Scan Duration : 3m 28s Scanned Objects : 10992 Detected Objects : 0 Excluded Objects : 0 Read Level : SCSI Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- There are no detected objects Sophos Virus Removal Tool========================================== No threats found. -
Mysterious Ad Audio Playing
Theodore_Tran replied to Theodore_Tran's topic in Resolved Malware Removal Logs
Hello, Here are the logs that were requested. I would like to mention that I downloaded and ran these software under safe-mode. RKill============================================== Rkill 2.8.4 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 07/23/2016 02:51:56 PM in x64 mode. (Safe Mode) Windows Version: Windows 8.1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Tweaking.com Registry Backup========================== [7/23/2016 - 2:55:29 PM] System Variables [7/23/2016 - 2:55:29 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:29 PM] Use Fallback Backup Method: 1 (0 = No, 1 = Yes) [7/23/2016 - 2:55:29 PM] VSS exe To Use: vss_7_8_2008_2012_64.exe [7/23/2016 - 2:55:29 PM] Windows Drive: C: [7/23/2016 - 2:55:29 PM] Windows Folder: WINDOWS [7/23/2016 - 2:55:29 PM] Windows Path: C:\WINDOWS [7/23/2016 - 2:55:29 PM] Registry File Location: C:\WINDOWS\System32\Config [7/23/2016 - 2:55:29 PM] Current Profile: C:\Users\Tran Clan Notebook [7/23/2016 - 2:55:29 PM] Current Profile SID: S-1-5-21-1653603585-3810599995-4057881293-1002 [7/23/2016 - 2:55:29 PM] Current Profile Classes: S-1-5-21-1653603585-3810599995-4057881293-1002_Classes [7/23/2016 - 2:55:29 PM] Profiles Location: C:\Users [7/23/2016 - 2:55:29 PM] Profiles Location 2: C:\WINDOWS\ServiceProfiles [7/23/2016 - 2:55:29 PM] Local Settings AppData: AppData\Local [7/23/2016 - 2:55:29 PM] Computer Name: TRAN-PC [7/23/2016 - 2:55:29 PM] OS: Windows 8.1 (64-bit) [7/23/2016 - 2:55:29 PM] OS Architecture: 64-bit [7/23/2016 - 2:55:29 PM] OS Version: 6.3.9600 [7/23/2016 - 2:55:29 PM] OS Service Pack: [7/23/2016 - 2:55:29 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:29 PM] Backup Location: C:\RegBackup\ [7/23/2016 - 2:55:29 PM] Auto Delete Old Backups Enabled, Working... [7/23/2016 - 2:55:29 PM] Delete backups 7 Days or older. Keep at least 5 Backups. [7/23/2016 - 2:55:29 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:29 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:29 PM] Starting Backup... [7/23/2016 - 2:55:29 PM] Files To Backup: [7/23/2016 - 2:55:29 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\components [7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\drivers [7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\default [7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\sam [7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\security [7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\software [7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\system [7/23/2016 - 2:55:29 PM] C:\Users\Default\ntuser.dat [7/23/2016 - 2:55:29 PM] C:\Users\Tran Clan Notebook\ntuser.dat [7/23/2016 - 2:55:29 PM] C:\Users\Tran Clan Notebook\AppData\Local\Microsoft\Windows\UsrClass.dat [7/23/2016 - 2:55:29 PM] C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat [7/23/2016 - 2:55:29 PM] C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat [7/23/2016 - 2:55:29 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:29 PM] Backing Up Registry Files Security Descriptors (SDDL): [7/23/2016 - 2:55:29 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:29 PM] "\\?\C:\Users\Default\ntuser.dat",1,"O:SYG:SYD:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FR;;;BU)(A;;FR;;;WD)" "\\?\C:\Users\Default\ntuser.dat.old",1,"O:SYG:SYD:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FR;;;BU)(A;;FR;;;WD)" "\\?\C:\Users\Tran Clan Notebook\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1653603585-3810599995-4057881293-1002)" "\\?\C:\Users\Tran Clan Notebook\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1653603585-3810599995-4057881293-1002)" "\\?\C:\Users\Tran Clan Notebook\ntuser.dat",1,"O:S-1-5-21-1653603585-3810599995-4057881293-1002G:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1653603585-3810599995-4057881293-1002)" "\\?\C:\Users\Tran Clan Notebook\ntuser.dat.old",1,"O:S-1-5-21-1653603585-3810599995-4057881293-1002G:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1653603585-3810599995-4057881293-1002)" "\\?\C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)" "\\?\C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)" "\\?\C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)" "\\?\C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)" "\\?\C:\WINDOWS\System32\Config\components",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\components.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\default",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\default.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\drivers",1,"O:SYG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\drivers.old",1,"O:SYG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\sam",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\sam.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\security",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\security.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\software",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\software.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\system",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" "\\?\C:\WINDOWS\System32\Config\system.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)" [7/23/2016 - 2:55:29 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:29 PM] Backing Up Files: [7/23/2016 - 2:55:29 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:29 PM] Using Fallback Backup Method. [7/23/2016 - 2:55:29 PM] Backing Up File: C:\WINDOWS\System32\Config\components [7/23/2016 - 2:55:30 PM] Result: Successful (63.65 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\components [7/23/2016 - 2:55:30 PM] Backing Up File: C:\WINDOWS\System32\Config\drivers [7/23/2016 - 2:55:30 PM] Result: Successful (5.41 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\drivers [7/23/2016 - 2:55:30 PM] Backing Up File: C:\WINDOWS\System32\Config\default [7/23/2016 - 2:55:30 PM] Result: Successful (272.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\default [7/23/2016 - 2:55:30 PM] Backing Up File: C:\WINDOWS\System32\Config\sam [7/23/2016 - 2:55:30 PM] Result: Successful (24.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\sam [7/23/2016 - 2:55:30 PM] Backing Up File: C:\WINDOWS\System32\Config\security [7/23/2016 - 2:55:30 PM] Result: Successful (28.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\security [7/23/2016 - 2:55:30 PM] Backing Up File: C:\WINDOWS\System32\Config\software [7/23/2016 - 2:55:31 PM] Result: Successful (77.46 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\software [7/23/2016 - 2:55:31 PM] Backing Up File: C:\WINDOWS\System32\Config\system [7/23/2016 - 2:55:32 PM] Result: Successful (14.95 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\system [7/23/2016 - 2:55:32 PM] Backing Up File: C:\Users\Default\ntuser.dat [7/23/2016 - 2:55:32 PM] Result: Successful (256.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\Users\Default\ntuser.dat [7/23/2016 - 2:55:32 PM] Backing Up File: C:\Users\Tran Clan Notebook\ntuser.dat [7/23/2016 - 2:55:32 PM] Result: Successful (1.43 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\Users\Tran Clan Notebook\ntuser.dat [7/23/2016 - 2:55:32 PM] Backing Up File: C:\Users\Tran Clan Notebook\AppData\Local\Microsoft\Windows\UsrClass.dat [7/23/2016 - 2:55:32 PM] Result: Successful (7.45 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\Users\Tran Clan Notebook\AppData\Local\Microsoft\Windows\UsrClass.dat [7/23/2016 - 2:55:32 PM] Backing Up File: C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat [7/23/2016 - 2:55:32 PM] Result: Successful (156.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\ServiceProfiles\LocalService\ntuser.dat [7/23/2016 - 2:55:32 PM] Backing Up File: C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat [7/23/2016 - 2:55:32 PM] Result: Successful (152.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat [7/23/2016 - 2:55:32 PM] Total Size: 171.21 MB [7/23/2016 - 2:55:32 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:32 PM] Creating DOS restore bat file for use in the Windows Recovery Console: [7/23/2016 - 2:55:32 PM] -------------------------------------------------------------------------------- [7/23/2016 - 2:55:32 PM] Created: C:\WINDOWS\tweaking.com-regbackup-TRAN-PC-Windows-8.1-(64-bit).dat for use in the dos_restore.cmd file [7/23/2016 - 2:55:32 PM] Done: C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\dos_restore.cmd [7/23/2016 - 2:55:32 PM] -------------------------------------------------------------------------------- Malwarebytes Anti-Malware============================= Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/23/2016 Scan Time: 2:58 PM Logfile: MByte.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.07.23.07 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Tran Clan Notebook Scan Type: Threat Scan Result: Completed Objects Scanned: 288736 Time Elapsed: 18 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Farbar Recovery Scan Tool============================= Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2016 02 Ran by Tran Clan Notebook (administrator) on TRAN-PC (23-07-2016 15:24:10) Running from C:\Users\Tran Clan Notebook\Desktop Loaded Profiles: Tran Clan Notebook (Available Profiles: Tran Clan Notebook) Platform: Windows 8.1 (Update) (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Safe Mode (with Networking) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe (Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2015-01-19] (Synaptics Incorporated) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-22] (AVAST Software) HKU\S-1-5-21-1653603585-3810599995-4057881293-1002\...\Run: [GalaxyClient] => [X] HKU\S-1-5-21-1653603585-3810599995-4057881293-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-22] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 Tcpip\..\Interfaces\{4911CFB9-5881-49C3-9CB5-6E63DF394208}: [DhcpNameServer] 10.0.0.1 Tcpip\..\Interfaces\{D8953E4A-AA6A-4E7F-8D33-8C2B940735F9}: [DhcpNameServer] 75.75.76.76 75.75.75.75 Internet Explorer: ================== BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-22] (AVAST Software) BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-22] (AVAST Software) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP) FireFox: ======== FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-22] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF Opera: ======= OPR Extension: (Adguard) - C:\Users\Tran Clan Notebook\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2016-06-11] OPR Extension: (WOT) - C:\Users\Tran Clan Notebook\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-12-16] OPR Extension: (Disconnect) - C:\Users\Tran Clan Notebook\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2016-04-03] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed] S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-22] (AVAST Software) S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6666808 2015-06-10] (GOG.com) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.) S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.) S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-22] (AVAST Software) S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-22] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-22] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-22] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-22] (AVAST Software) S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-22] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-22] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-22] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-07-22] (AVAST Software) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.) S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-05-20] (Advanced Micro Devices) S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-30] (Microsoft Corporation) S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X] S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-23 15:24 - 2016-07-23 15:24 - 00009792 _____ C:\Users\Tran Clan Notebook\Desktop\FRST.txt 2016-07-23 15:23 - 2016-07-23 15:24 - 00000000 ____D C:\FRST 2016-07-23 15:23 - 2016-07-23 15:23 - 02394112 _____ (Farbar) C:\Users\Tran Clan Notebook\Desktop\FRST64.exe 2016-07-23 15:22 - 2016-07-23 15:22 - 00001053 _____ C:\Users\Tran Clan Notebook\Desktop\MByte.txt 2016-07-23 15:21 - 2016-07-23 15:21 - 00001053 _____ C:\MByte.txt 2016-07-23 15:18 - 2016-07-23 15:18 - 00001064 _____ C:\Users\Tran Clan Notebook\Desktop\Malwarebytes_Log.txt 2016-07-23 14:55 - 2016-07-23 14:55 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-TRAN-PC-Windows-8.1-(64-bit).dat 2016-07-23 14:54 - 2016-07-23 14:55 - 00000000 ____D C:\RegBackup 2016-07-23 14:52 - 2016-07-23 14:52 - 03251071 _____ C:\Users\Tran Clan Notebook\Desktop\tweaking.com_registry_backup_portable.zip 2016-07-23 14:51 - 2016-07-23 14:52 - 00001640 _____ C:\Users\Tran Clan Notebook\Desktop\Rkill.txt 2016-07-23 14:51 - 2016-07-23 14:51 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Tran Clan Notebook\Desktop\rkill.exe 2016-07-23 14:51 - 2016-07-23 14:51 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Tran Clan Notebook\Desktop\rkill64.exe 2016-07-22 21:53 - 2016-07-22 21:53 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2016-07-22 21:53 - 2016-07-22 21:53 - 00003888 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1469238825 2016-07-22 21:53 - 2016-07-22 21:53 - 00001053 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-07-22 21:53 - 2016-07-22 21:53 - 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2016-07-22 19:37 - 2016-07-23 15:23 - 00243374 _____ C:\WINDOWS\ntbtlog.txt 2016-07-22 19:37 - 2016-07-23 15:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-07-22 19:37 - 2016-07-22 19:37 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-07-22 19:37 - 2016-07-22 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-07-22 19:37 - 2016-07-22 19:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-07-22 19:37 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-07-22 19:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-07-22 19:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-07-22 19:36 - 2016-07-22 19:36 - 00000000 ____D C:\Users\Tran Clan Notebook\AppData\Roaming\AVAST Software 2016-07-22 19:35 - 2016-07-22 19:35 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2016-07-22 19:35 - 2016-07-22 19:35 - 00473592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2016-07-22 19:35 - 2016-07-22 19:35 - 00390984 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2016-07-22 19:35 - 2016-07-22 19:35 - 00290088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2016-07-22 19:35 - 2016-07-22 19:35 - 00162904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys 2016-07-22 19:35 - 2016-07-22 19:35 - 00108304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2016-07-22 19:35 - 2016-07-22 19:35 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2016-07-22 19:35 - 2016-07-22 19:35 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2016-07-22 19:35 - 2016-07-22 19:35 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2016-07-22 19:35 - 2016-07-22 19:35 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2016-07-22 19:35 - 2016-07-22 19:35 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-07-22 19:35 - 2016-07-22 19:35 - 00000350 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2016-07-22 19:35 - 2016-07-22 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2016-07-22 19:34 - 2016-07-22 21:53 - 00000000 ____D C:\Program Files\AVAST Software 2016-07-22 19:34 - 2016-07-22 19:34 - 06253640 _____ (AVAST Software) C:\Users\Tran Clan Notebook\Downloads\avast_free_antivirus_setup_online_cnet_2.exe 2016-07-22 19:33 - 2016-07-22 19:33 - 22851472 _____ (Malwarebytes ) C:\Users\Tran Clan Notebook\Downloads\mbam-setup-2.2.1.1043.exe 2016-07-22 19:30 - 2016-07-22 19:30 - 00013484 _____ C:\Users\Tran Clan Notebook\Documents\cc_20160722_193041.reg 2016-07-21 23:46 - 2016-07-21 23:46 - 00003618 _____ C:\WINDOWS\System32\Tasks\klcp_update 2016-07-21 23:46 - 2016-07-21 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack 2016-07-21 23:46 - 2016-07-21 23:46 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2016-07-16 11:41 - 2016-07-20 22:50 - 00000000 ____D C:\Users\Tran Clan Notebook\AppData\LocalLow\BitTorrent 2016-07-16 09:32 - 2016-07-16 09:32 - 00000082 _____ C:\Users\Tran Clan Notebook\Documents\cc_20160716_093204.reg 2016-07-14 16:41 - 2016-07-02 00:29 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-07-14 16:41 - 2016-07-02 00:29 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-07-12 15:08 - 2016-06-11 14:14 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-07-12 15:08 - 2016-06-11 14:11 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-07-12 15:08 - 2016-06-11 13:56 - 25812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-07-12 15:08 - 2016-06-11 13:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-07-12 15:08 - 2016-06-11 13:42 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-07-12 15:08 - 2016-06-11 13:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-07-12 15:08 - 2016-06-11 13:22 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-07-12 15:08 - 2016-06-11 13:22 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2016-07-12 15:08 - 2016-06-11 13:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2016-07-12 15:08 - 2016-06-11 13:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2016-07-12 15:08 - 2016-06-11 13:13 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-07-12 15:08 - 2016-06-11 13:12 - 20348928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-07-12 15:08 - 2016-06-11 13:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-07-12 15:08 - 2016-06-11 13:07 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-07-12 15:08 - 2016-06-11 13:03 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-07-12 15:08 - 2016-06-11 13:01 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-07-12 15:08 - 2016-06-11 13:00 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-07-12 15:08 - 2016-06-11 13:00 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-07-12 15:08 - 2016-06-11 12:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-07-12 15:08 - 2016-06-11 12:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2016-07-12 15:08 - 2016-06-11 12:43 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2016-07-12 15:08 - 2016-06-11 12:38 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-07-12 15:08 - 2016-06-11 12:33 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-07-12 15:08 - 2016-06-11 12:31 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-07-12 15:08 - 2016-06-11 12:31 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-07-12 15:08 - 2016-06-11 12:31 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-07-12 15:08 - 2016-06-11 12:30 - 15409664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-07-12 15:08 - 2016-06-11 12:29 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-07-12 15:08 - 2016-06-11 12:26 - 02869248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-07-12 15:08 - 2016-06-11 12:15 - 13806080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-07-12 15:08 - 2016-06-11 12:12 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-07-12 15:08 - 2016-06-11 12:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-07-12 15:08 - 2016-06-11 11:59 - 02392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-07-12 15:08 - 2016-06-11 11:56 - 01315840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-07-12 15:08 - 2016-06-11 11:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-07-12 15:06 - 2016-06-11 15:45 - 07445856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-07-12 15:04 - 2016-06-25 16:05 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-07-12 15:04 - 2016-06-25 14:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll 2016-07-12 15:04 - 2016-06-25 12:24 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll 2016-07-12 15:04 - 2016-06-25 12:15 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2016-07-12 15:04 - 2016-06-25 12:13 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2016-07-12 15:04 - 2016-06-25 12:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll 2016-07-12 15:04 - 2016-06-22 09:48 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll 2016-07-12 15:04 - 2016-06-21 14:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2016-07-12 15:04 - 2016-06-21 10:12 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2016-07-12 15:04 - 2016-06-21 09:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-07-12 15:04 - 2016-06-21 09:48 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-07-12 15:04 - 2016-06-21 09:48 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-07-12 15:04 - 2016-06-21 09:48 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-07-12 15:04 - 2016-06-21 09:48 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-07-12 15:04 - 2016-06-21 09:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-07-12 15:04 - 2016-06-21 09:48 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-07-12 15:04 - 2016-01-30 15:50 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2016-07-12 15:04 - 2016-01-30 15:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll 2016-07-12 15:04 - 2016-01-30 14:48 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll 2016-07-12 15:04 - 2016-01-30 14:18 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2016-07-12 15:04 - 2016-01-30 13:48 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll 2016-07-12 15:04 - 2016-01-30 13:41 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll 2016-07-12 14:59 - 2016-06-10 17:35 - 04167680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-07-11 00:47 - 2016-07-11 00:47 - 00005630 _____ C:\Users\Tran Clan Notebook\Documents\cc_20160711_004656.reg 2016-07-06 17:35 - 2016-07-10 17:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-07-06 17:25 - 2016-07-06 17:27 - 00222720 _____ C:\TDSSKiller.3.1.0.9_06.07.2016_17.25.59_log.txt 2016-07-06 17:24 - 2016-07-06 17:24 - 00008398 _____ C:\TDSSKiller.3.1.0.9_06.07.2016_17.24.32_log.txt 2016-06-25 13:09 - 2016-06-25 13:43 - 00000000 ____D C:\Users\Tran Clan Notebook\Documents\Mount&Blade Warband Savegames 2016-06-25 12:18 - 2016-06-25 13:34 - 00000000 ____D C:\Users\Tran Clan Notebook\AppData\Roaming\Mount&Blade Warband 2016-06-25 12:18 - 2016-06-25 13:16 - 00000000 ____D C:\Users\Tran Clan Notebook\Documents\Mount&Blade Warband 2016-06-25 12:17 - 2010-06-02 07:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2016-06-25 12:17 - 2010-06-02 07:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2016-06-25 12:17 - 2010-06-02 07:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll 2016-06-25 12:17 - 2010-06-02 07:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2016-06-25 12:17 - 2010-06-02 07:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2016-06-25 12:17 - 2010-06-02 07:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2016-06-25 12:17 - 2010-05-26 14:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2016-06-25 12:17 - 2010-05-26 14:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2016-06-25 12:17 - 2010-05-26 14:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2016-06-25 12:17 - 2010-05-26 14:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll 2016-06-25 12:17 - 2010-05-26 14:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2016-06-25 12:17 - 2010-05-26 14:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2016-06-25 12:17 - 2010-05-26 14:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2016-06-25 12:17 - 2010-05-26 14:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll 2016-06-25 12:17 - 2010-05-26 14:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2016-06-25 12:17 - 2010-05-26 14:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2016-06-25 12:17 - 2010-02-04 13:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll 2016-06-25 12:17 - 2010-02-04 13:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll 2016-06-25 12:17 - 2010-02-04 13:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll 2016-06-25 12:17 - 2010-02-04 13:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll 2016-06-25 12:17 - 2010-02-04 13:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll 2016-06-25 12:17 - 2010-02-04 13:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll 2016-06-25 12:17 - 2010-02-04 13:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll 2016-06-25 12:17 - 2010-02-04 13:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll 2016-06-25 12:17 - 2009-09-04 20:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll 2016-06-25 12:17 - 2009-09-04 20:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll 2016-06-25 12:17 - 2009-09-04 20:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll 2016-06-25 12:17 - 2009-09-04 20:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll 2016-06-25 12:17 - 2009-09-04 20:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll 2016-06-25 12:17 - 2009-09-04 20:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll 2016-06-25 12:17 - 2009-09-04 20:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll 2016-06-25 12:17 - 2009-09-04 20:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll 2016-06-25 12:17 - 2009-09-04 20:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll 2016-06-25 12:17 - 2009-09-04 20:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll 2016-06-25 12:17 - 2009-09-04 20:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll 2016-06-25 12:17 - 2009-09-04 20:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll 2016-06-25 12:17 - 2009-09-04 20:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2016-06-25 12:17 - 2009-09-04 20:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2016-06-25 12:17 - 2009-09-04 20:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll 2016-06-25 12:17 - 2009-09-04 20:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll 2016-06-25 12:17 - 2009-03-16 17:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll 2016-06-25 12:17 - 2009-03-16 17:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll 2016-06-25 12:17 - 2009-03-16 17:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll 2016-06-25 12:17 - 2009-03-16 17:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll 2016-06-25 12:17 - 2009-03-16 17:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll 2016-06-25 12:17 - 2009-03-16 17:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll 2016-06-25 12:17 - 2009-03-09 18:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll 2016-06-25 12:17 - 2009-03-09 18:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll 2016-06-25 12:17 - 2009-03-09 18:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll 2016-06-25 12:17 - 2009-03-09 18:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll 2016-06-25 12:17 - 2009-03-09 18:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll 2016-06-25 12:17 - 2009-03-09 18:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll 2016-06-25 12:17 - 2008-10-27 13:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll 2016-06-25 12:17 - 2008-10-27 13:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll 2016-06-25 12:17 - 2008-10-27 13:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll 2016-06-25 12:17 - 2008-10-27 13:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll 2016-06-25 12:17 - 2008-10-27 13:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll 2016-06-25 12:17 - 2008-10-27 13:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll 2016-06-25 12:17 - 2008-10-27 13:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll 2016-06-25 12:17 - 2008-10-27 13:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll 2016-06-25 12:17 - 2008-10-15 09:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll 2016-06-25 12:17 - 2008-10-15 09:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll 2016-06-25 12:17 - 2008-10-15 09:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll 2016-06-25 12:17 - 2008-10-15 09:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll 2016-06-25 12:17 - 2008-10-15 09:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll 2016-06-25 12:17 - 2008-10-15 09:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll 2016-06-25 12:17 - 2008-07-31 13:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll 2016-06-25 12:17 - 2008-07-31 13:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll 2016-06-25 12:17 - 2008-07-31 13:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll 2016-06-25 12:17 - 2008-07-31 13:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll 2016-06-25 12:17 - 2008-07-31 13:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll 2016-06-25 12:17 - 2008-07-31 13:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll 2016-06-25 12:16 - 2008-07-10 14:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2016-06-25 12:16 - 2008-07-10 14:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll 2016-06-25 12:16 - 2008-07-10 14:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2016-06-25 12:16 - 2008-07-10 14:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll 2016-06-25 12:16 - 2008-07-10 14:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2016-06-25 12:16 - 2008-07-10 14:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll 2016-06-25 12:16 - 2008-05-30 17:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll 2016-06-25 12:16 - 2008-05-30 17:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll 2016-06-25 12:16 - 2008-05-30 17:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll 2016-06-25 12:16 - 2008-05-30 17:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll 2016-06-25 12:16 - 2008-05-30 17:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll 2016-06-25 12:16 - 2008-05-30 17:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll 2016-06-25 12:16 - 2008-05-30 17:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll 2016-06-25 12:16 - 2008-05-30 17:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll 2016-06-25 12:16 - 2008-05-30 17:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll 2016-06-25 12:16 - 2008-05-30 17:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll 2016-06-25 12:16 - 2008-05-30 17:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll 2016-06-25 12:16 - 2008-05-30 17:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll 2016-06-25 12:16 - 2008-05-30 17:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll 2016-06-25 12:16 - 2008-05-30 17:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll 2016-06-25 12:16 - 2008-03-05 19:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll 2016-06-25 12:16 - 2008-03-05 19:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll 2016-06-25 12:16 - 2008-03-05 19:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll 2016-06-25 12:16 - 2008-03-05 19:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll 2016-06-25 12:16 - 2008-03-05 19:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll 2016-06-25 12:16 - 2008-03-05 19:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll 2016-06-25 12:16 - 2008-03-05 18:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll 2016-06-25 12:16 - 2008-03-05 18:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll 2016-06-25 12:16 - 2008-03-05 18:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll 2016-06-25 12:16 - 2008-03-05 18:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll 2016-06-25 12:16 - 2008-02-06 02:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll 2016-06-25 12:16 - 2008-02-06 02:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll 2016-06-25 12:16 - 2007-10-22 06:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll 2016-06-25 12:16 - 2007-10-22 06:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll 2016-06-25 12:16 - 2007-10-22 06:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll 2016-06-25 12:16 - 2007-10-22 06:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll 2016-06-25 12:16 - 2007-10-12 18:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll 2016-06-25 12:16 - 2007-10-12 18:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll 2016-06-25 12:16 - 2007-10-12 18:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll 2016-06-25 12:16 - 2007-10-12 18:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll 2016-06-25 12:16 - 2007-10-02 12:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll 2016-06-25 12:16 - 2007-10-02 12:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll 2016-06-25 12:16 - 2007-07-20 03:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll 2016-06-25 12:16 - 2007-07-20 03:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll 2016-06-25 12:16 - 2007-07-19 21:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll 2016-06-25 12:16 - 2007-07-19 21:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll 2016-06-25 12:16 - 2007-07-19 21:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll 2016-06-25 12:16 - 2007-07-19 21:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll 2016-06-25 12:16 - 2007-07-19 21:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll 2016-06-25 12:16 - 2007-07-19 21:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll 2016-06-25 12:16 - 2007-06-20 23:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll 2016-06-25 12:16 - 2007-06-20 23:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll 2016-06-25 12:16 - 2007-05-16 19:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll 2016-06-25 12:16 - 2007-05-16 19:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll 2016-06-25 12:16 - 2007-05-16 19:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll 2016-06-25 12:16 - 2007-05-16 19:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll 2016-06-25 12:16 - 2007-05-16 19:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll 2016-06-25 12:16 - 2007-05-16 19:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll 2016-06-25 12:16 - 2007-04-04 21:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll 2016-06-25 12:16 - 2007-04-04 21:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll 2016-06-25 12:16 - 2007-04-04 21:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll 2016-06-25 12:16 - 2007-04-04 21:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll 2016-06-25 12:16 - 2007-03-15 19:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll 2016-06-25 12:16 - 2007-03-15 19:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll 2016-06-25 12:16 - 2007-03-12 19:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll 2016-06-25 12:16 - 2007-03-12 19:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll 2016-06-25 12:16 - 2007-03-12 19:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll 2016-06-25 12:16 - 2007-03-12 19:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll 2016-06-25 12:16 - 2007-03-05 15:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll 2016-06-25 12:16 - 2007-03-05 15:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll 2016-06-25 12:16 - 2007-01-24 18:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll 2016-06-25 12:16 - 2007-01-24 18:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll 2016-06-25 12:16 - 2006-12-08 15:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll 2016-06-25 12:16 - 2006-12-08 15:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll 2016-06-25 12:16 - 2006-11-29 16:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll 2016-06-25 12:16 - 2006-11-29 16:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll 2016-06-25 12:16 - 2006-11-29 16:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll 2016-06-25 12:16 - 2006-11-29 16:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll 2016-06-25 12:16 - 2006-09-28 19:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll 2016-06-25 12:16 - 2006-09-28 19:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll 2016-06-25 12:16 - 2006-09-28 19:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll 2016-06-25 12:16 - 2006-09-28 19:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll 2016-06-25 12:16 - 2006-07-28 12:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll 2016-06-25 12:16 - 2006-07-28 12:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll 2016-06-25 12:16 - 2006-07-28 12:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll 2016-06-25 12:16 - 2006-07-28 12:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll 2016-06-25 12:15 - 2006-05-31 10:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll 2016-06-25 12:15 - 2006-05-31 10:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll 2016-06-25 12:15 - 2006-03-31 15:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll 2016-06-25 12:15 - 2006-03-31 15:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll 2016-06-25 12:15 - 2006-03-31 15:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll 2016-06-25 12:15 - 2006-03-31 15:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll 2016-06-25 12:15 - 2006-03-31 15:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll 2016-06-25 12:15 - 2006-03-31 15:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll 2016-06-25 12:15 - 2006-02-03 11:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll 2016-06-25 12:15 - 2006-02-03 11:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll 2016-06-25 12:15 - 2006-02-03 11:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll 2016-06-25 12:15 - 2006-02-03 11:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll 2016-06-25 12:15 - 2006-02-03 11:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll 2016-06-25 12:15 - 2006-02-03 11:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll 2016-06-25 12:15 - 2005-12-05 21:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll 2016-06-25 12:15 - 2005-12-05 21:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll 2016-06-25 12:15 - 2005-07-22 22:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll 2016-06-25 12:15 - 2005-07-22 22:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll 2016-06-25 12:15 - 2005-05-26 18:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll 2016-06-25 12:15 - 2005-05-26 18:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll 2016-06-25 12:15 - 2005-03-18 20:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll 2016-06-25 12:15 - 2005-03-18 20:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll 2016-06-25 12:15 - 2005-02-05 22:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll 2016-06-25 12:15 - 2005-02-05 22:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll 2016-06-25 12:14 - 2016-06-25 12:14 - 00001799 _____ C:\Users\Public\Desktop\Mount and Blade - Warband.lnk 2016-06-25 12:14 - 2016-06-25 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount and Blade - Warband [GOG.com] 2016-06-25 12:04 - 2016-06-25 12:04 - 00098746 _____ C:\Users\Tran Clan Notebook\Documents\cc_20160625_090433.reg 2016-06-24 06:02 - 2016-07-22 07:45 - 00003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTran Clan Notebook 2016-06-23 00:06 - 2016-06-23 00:06 - 00003888 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1466654770 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-23 15:24 - 2014-11-21 04:44 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-07-23 15:24 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf 2016-07-23 14:34 - 2015-06-10 20:19 - 00000000 ____D C:\Users\Tran Clan Notebook\AppData\Local\ElevatedDiagnostics 2016-07-23 14:20 - 2015-01-21 22:51 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2016-07-23 14:19 - 2016-01-25 15:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-07-23 14:19 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-07-22 21:55 - 2015-01-19 15:37 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1653603585-3810599995-4057881293-1002 2016-07-22 21:53 - 2015-01-21 01:50 - 00000000 ____D C:\ProgramData\AVAST Software 2016-07-22 13:22 - 2016-05-06 18:37 - 00000400 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTran Clan Notebook.job 2016-07-22 13:21 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-07-22 13:16 - 2015-01-20 22:01 - 00000000 ____D C:\Users\Tran Clan Notebook 2016-07-22 12:59 - 2015-01-21 02:00 - 00000466 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Tran Clan Notebook.job 2016-07-22 12:56 - 2015-01-21 02:00 - 00000466 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Tran Clan Notebook.job 2016-07-22 00:00 - 2015-01-26 20:12 - 00000000 ____D C:\Users\Tran Clan Notebook\AppData\Roaming\vlc 2016-07-20 07:27 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-07-20 07:19 - 2015-04-27 22:50 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX 2016-07-20 07:19 - 2015-04-27 22:50 - 00000000 ___SD C:\WINDOWS\system32\GWX 2016-07-16 20:30 - 2015-12-16 21:39 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-07-16 11:35 - 2015-01-21 01:52 - 00004180 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2016-07-15 18:21 - 2015-01-21 01:46 - 00000000 ____D C:\Program Files (x86)\Opera 2016-07-15 14:21 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-07-15 06:30 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache 2016-07-14 23:14 - 2015-01-19 15:05 - 00000000 ____D C:\ProgramData\CyberLink 2016-07-14 16:40 - 2013-08-22 10:44 - 00353952 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-07-14 16:24 - 2015-04-27 22:51 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-07-14 16:24 - 2014-11-21 04:25 - 00000000 ____D C:\Program Files\Windows Journal 2016-07-14 16:24 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-07-12 23:25 - 2016-01-25 15:17 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-07-12 23:25 - 2015-12-16 21:39 - 00003880 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-07-12 23:24 - 2016-05-12 12:19 - 20466368 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2016-07-12 23:24 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-07-12 23:24 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-07-12 15:26 - 2015-01-19 16:39 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-07-12 15:22 - 2015-01-19 16:39 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-07-07 18:21 - 2016-03-19 19:54 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2016-07-07 18:21 - 2015-01-21 01:46 - 00003844 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1421819188 2016-07-02 03:20 - 2016-05-26 15:34 - 00015872 _____ C:\Users\Tran Clan Notebook\Documents\Mugs Record Sheet.xls 2016-06-25 12:11 - 2015-06-11 17:16 - 00000000 ____D C:\GOG Games 2016-06-24 13:47 - 2015-01-21 02:03 - 00001200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk 2016-06-24 13:47 - 2015-01-21 02:03 - 00001188 _____ C:\Users\Public\Desktop\paint.net.lnk 2016-06-24 13:47 - 2015-01-21 02:03 - 00000000 ____D C:\Program Files\paint.net ==================== Files in the root of some directories ======= 2015-02-15 22:43 - 2015-02-15 22:43 - 0007601 _____ () C:\Users\Tran Clan Notebook\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-21 04:34 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2016 02 Ran by Tran Clan Notebook (2016-07-23 15:25:45) Running from C:\Users\Tran Clan Notebook\Desktop Windows 8.1 (Update) (X64) (2015-01-21 03:08:13) Boot Mode: Safe Mode (with Networking) ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1653603585-3810599995-4057881293-500 - Administrator - Disabled) Guest (S-1-5-21-1653603585-3810599995-4057881293-501 - Limited - Disabled) Tran Clan Notebook (S-1-5-21-1653603585-3810599995-4057881293-1002 - Administrator - Enabled) => C:\Users\Tran Clan Notebook ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov) Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software) Battle Realms Complete (HKLM-x32\...\GOGPACKBATTLEREALMS_is1) (Version: 2.0.0.9 - GOG.com) CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.) CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.) CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.) CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.) Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform) Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.27.17 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.26.37 - Hewlett-Packard Company) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) Icewind Dale Enhanced Edition (HKLM-x32\...\1207666683_is1) (Version: 2.0.2.3 - GOG.com) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT) Jade Empire Special Edition (HKLM-x32\...\GOGPACKJADEEMPIRE_is1) (Version: 2.0.0.4 - GOG.com) K-Lite Codec Pack 12.2.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.2.5 - KLCP) Legend of Grimrock II (HKLM-x32\...\1207666193_is1) (Version: 2.1.0.5 - GOG.com) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Mount and Blade - Warband (HKLM-x32\...\1207666913_is1) (Version: 2.2.0.10 - GOG.com) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software) paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.) S.T.A.L.K.E.R. Clear Sky (HKLM-x32\...\GOGPACKSTALKERSTCS_is1) (Version: 2.0.0.8 - GOG.com) SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden Shadowrun Dragonfall - Director's Cut (HKLM-x32\...\1207660913_is1) (Version: 2.1.0.7 - GOG.com) SimCity 4 Deluxe Edition (HKLM-x32\...\1207664593_is1) (Version: 2.1.0.9 - GOG.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) WPS Office (9.1.0.4746) (HKU\S-1-5-21-1653603585-3810599995-4057881293-1002\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0838799D-81BB-4119-B263-F282890E8C8C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-12] (Microsoft Corporation) Task: {08C07D78-3E21-4877-B5FA-A7D9C257A8CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.) Task: {123A3EFE-632A-4EF1-96E0-7C1510BD1D87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-06-28] (HP Inc.) Task: {188A114D-07E8-492E-A8C0-E8EDEEAA0DB3} - System32\Tasks\WpsNotifyTask_Tran Clan Notebook => C:\Users\Tran Clan Notebook\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe [2015-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {23BB1AA6-7B45-4FD1-9319-1300F214E09F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {2DB4E006-61A3-4BA2-AF78-C813962D0873} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated) Task: {3236E597-CE13-4572-A63F-1301A80DFF45} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.) Task: {3318FFCA-E97E-4C65-805E-95F9744B8309} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.) Task: {3B8E42AA-1AF5-4F8F-BA76-FA93783C4373} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd) Task: {400EB783-A74D-4BF7-814D-46FF473364D0} - System32\Tasks\SafeZone scheduled Autoupdate 1460167748 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software) Task: {8295C02A-C07E-4ACF-8979-944A26BC2FE5} - System32\Tasks\HPCeeScheduleForTran Clan Notebook => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {8A5431FB-9B2E-41E5-80C2-B4F3211062F3} - System32\Tasks\Opera scheduled Autoupdate 1421819188 => C:\Program Files (x86)\Opera\launcher.exe [2016-07-01] (Opera Software) Task: {8F6FB944-A6C7-4BC4-9E08-6527C853F007} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software) Task: {90836697-D5D9-4006-B643-55350A465308} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-07-07] () Task: {A056C6DD-BA74-462B-88F8-1501049A3D7E} - System32\Tasks\WpsUpdateTask_Tran Clan Notebook => C:\Users\Tran Clan Notebook\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe [2016-03-21] (Zhuhai Kingsoft Office Software Co.,Ltd) Task: {A24FDB01-8528-4AFC-BB84-1B3A8BC4FC6E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-22] (AVAST Software) Task: {A7174475-25A0-4C41-AFB6-598540CE226C} - System32\Tasks\SafeZone scheduled Autoupdate 1469238825 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software) Task: {C7FB81F1-C4F4-4AF7-AC9C-75116CFF459C} - System32\Tasks\SafeZone scheduled Autoupdate 1466654770 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software) Task: {D4813066-7CE3-402F-AA26-451B8EA55F54} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-12] (Adobe Systems Incorporated) Task: {D869A042-CA13-4250-AC39-E9A8A4338664} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink) Task: {FA051BF2-DF6B-4F5A-8DA7-DF7A193A741B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-19] (Synaptics Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForTran Clan Notebook.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Task: C:\WINDOWS\Tasks\WpsNotifyTask_Tran Clan Notebook.job => C:\Users\Tran Clan Notebook\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe Task: C:\WINDOWS\Tasks\WpsUpdateTask_Tran Clan Notebook.job => C:\Users\Tran Clan Notebook\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-07 18:21 - 2016-07-07 18:21 - 67945512 _____ () C:\Program Files (x86)\Opera\38.0.2220.41\opera.dll 2016-07-07 18:21 - 2016-07-07 18:20 - 02203176 _____ () C:\Program Files (x86)\Opera\38.0.2220.41\libglesv2.dll 2016-07-07 18:21 - 2016-07-07 18:20 - 00087080 _____ () C:\Program Files (x86)\Opera\38.0.2220.41\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1653603585-3810599995-4057881293-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tran Clan Notebook\Desktop\photo181123.jpg DNS Servers: 75.75.76.76 - 75.75.75.75 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "Raptr" HKU\S-1-5-21-1653603585-3810599995-4057881293-1002\...\StartupApproved\Run: => "AppEx Accelerator UI" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{EADB2724-0209-48E1-830D-AD68C1856F4D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE FirewallRules: [{60C86478-A87B-4DC7-AAF3-5A529FBA94B8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [TCP Query User{AEFB99D5-8863-4E81-8927-A1834F102D46}C:\gog games\shadowrun dragonfall\dragonfall.exe] => (Block) C:\gog games\shadowrun dragonfall\dragonfall.exe FirewallRules: [UDP Query User{4A97AF30-8215-4302-AB3D-B79F80789B63}C:\gog games\shadowrun dragonfall\dragonfall.exe] => (Block) C:\gog games\shadowrun dragonfall\dragonfall.exe FirewallRules: [{D691C838-03C9-4118-9C0E-95172B66E768}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{2CC79C00-0CE6-44EB-A5BC-48D03F258C4D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{F7BD426F-FF03-475C-800E-14CE1B671361}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{AFC3AC65-7D17-49DF-9BFD-0187E9B6B925}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Wireless Device Description: Wireless Device Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: WUDFRd Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (07/23/2016 03:18:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object. Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. . Error: (07/22/2016 09:52:07 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (07/22/2016 09:52:05 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (07/22/2016 09:48:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: ) Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object. Details: Could not query the status of the EventSystem service. System Error: A system shutdown is in progress. . Error: (07/21/2016 04:38:06 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (07/20/2016 10:47:51 PM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (07/20/2016 10:47:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (07/20/2016 10:47:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (07/20/2016 10:47:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (07/20/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized. Context: Windows Application Details: (HRESULT : 0x8e5e0210) (0x8e5e0210) System errors: ============= Error: (07/23/2016 03:25:46 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/23/2016 03:25:46 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/23/2016 03:25:41 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/23/2016 03:25:41 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/23/2016 03:24:11 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/23/2016 03:24:11 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/23/2016 03:23:41 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/23/2016 03:23:21 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/23/2016 03:23:21 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC) Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8} Error: (07/23/2016 03:23:21 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC) Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030} ==================== Memory info =========================== Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics Percentage of memory in use: 31% Total physical RAM: 3554.26 MB Available physical RAM: 2438.61 MB Total Virtual: 7138.26 MB Available Virtual: 6018.51 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:439.77 GB) (Free:304.14 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (RECOVERY) (Fixed) (Total:24.78 GB) (Free:2.99 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: F2486060) Partition: GPT. ==================== End of Addition.txt ============================ -
Hello, My name is Theodore Tran and, since two months ago, I've been hearing audio ads in the background of my computer. I thought it might of come from somewhere else but clicking on the audio icon showed that it definitely came from my computer but from where, and how, I don't know. There was one incident where I heard ad audio playing but no known software was running. I uninstalled suspected software and since then, I haven't heard any ads. I ran Malwarebytes in safe mode and Avast's boot time scan, both showed no infection. However, I still feel uneasy and I was wondering if I can get help taking another look at my computer.