Jump to content

Mysterious Ad Audio Playing


Recommended Posts

Hello,

My name is Theodore Tran and, since two months ago, I've been hearing audio ads in the background of my computer. I thought it might of come from somewhere else but clicking on the audio icon showed that it definitely came from my computer but from where, and how, I don't know. There was one incident where I heard ad audio playing but no known software was running. I uninstalled suspected software and since then, I haven't heard any ads. I ran Malwarebytes in safe mode and Avast's boot time scan, both showed no infection. However, I still feel uneasy and I was wondering if I can get help taking another look at my computer.

Link to post
Share on other sites

Hello Theodore_Tran and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

user posted imageGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. user posted image
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

user posted imageMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. user posted image Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

user posted imageInternet Explorer - Click the Tools menu in the upper right-corner of the browser. user posted image Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

user posted imageChange default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....

Next,

Follow the instructions in the following link to show hidden files:

http://www.howtogeek.com/howto/windows-vista/show-hidden-files-and-folders-in-windows-vista/

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Tweaking.com Registry Backup
 
  • Download Tweaking.com Registry Backup from here, and save tweaking.com_registry_backup_portable.zip to your desktop.
  • Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All".
  • Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button.
  • Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract".
  • From the newly extracted files, right click on hPxdDvj.png and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup.(Windows Vista/7/8/10 users: Accept UAC warning if it is enabled.)
  • A screen like this should appear:
    user posted image
     
  • Type a custom name in Backup Name if you want, then choose Backup Now.
  • If backup is successful, a message will appear at the lower half of the screen with an option to view logs.
  • The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings.
  • Close Tweaking.com Registry Backup when done.


Next,
Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

or,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your next reply....

Thank you,

Kevin...
Link to post
Share on other sites

Hello,

Here are the logs that were requested. I would like to mention that I downloaded and ran these software under safe-mode.

RKill==============================================

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/23/2016 02:51:56 PM in x64 mode. (Safe Mode)
Windows Version: Windows 8.1 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 

Tweaking.com Registry Backup==========================

[7/23/2016 - 2:55:29 PM] System Variables
[7/23/2016 - 2:55:29 PM] --------------------------------------------------------------------------------
[7/23/2016 - 2:55:29 PM] Use Fallback Backup Method: 1 (0 = No, 1 = Yes)
[7/23/2016 - 2:55:29 PM] VSS exe To Use: vss_7_8_2008_2012_64.exe
[7/23/2016 - 2:55:29 PM] Windows Drive: C:
[7/23/2016 - 2:55:29 PM] Windows Folder: WINDOWS
[7/23/2016 - 2:55:29 PM] Windows Path: C:\WINDOWS
[7/23/2016 - 2:55:29 PM] Registry File Location: C:\WINDOWS\System32\Config
[7/23/2016 - 2:55:29 PM] Current Profile: C:\Users\Tran Clan Notebook
[7/23/2016 - 2:55:29 PM] Current Profile SID: S-1-5-21-1653603585-3810599995-4057881293-1002
[7/23/2016 - 2:55:29 PM] Current Profile Classes: S-1-5-21-1653603585-3810599995-4057881293-1002_Classes
[7/23/2016 - 2:55:29 PM] Profiles Location: C:\Users
[7/23/2016 - 2:55:29 PM] Profiles Location 2: C:\WINDOWS\ServiceProfiles
[7/23/2016 - 2:55:29 PM] Local Settings AppData: AppData\Local
[7/23/2016 - 2:55:29 PM] Computer Name: TRAN-PC
[7/23/2016 - 2:55:29 PM] OS: Windows 8.1 (64-bit)
[7/23/2016 - 2:55:29 PM] OS Architecture: 64-bit
[7/23/2016 - 2:55:29 PM] OS Version: 6.3.9600
[7/23/2016 - 2:55:29 PM] OS Service Pack: 
[7/23/2016 - 2:55:29 PM] --------------------------------------------------------------------------------

[7/23/2016 - 2:55:29 PM] Backup Location: C:\RegBackup\

[7/23/2016 - 2:55:29 PM] Auto Delete Old Backups Enabled, Working...
[7/23/2016 - 2:55:29 PM] Delete backups 7 Days or older. Keep at least 5 Backups.
[7/23/2016 - 2:55:29 PM] --------------------------------------------------------------------------------
[7/23/2016 - 2:55:29 PM] --------------------------------------------------------------------------------

[7/23/2016 - 2:55:29 PM] Starting Backup...

[7/23/2016 - 2:55:29 PM] Files To Backup: 
[7/23/2016 - 2:55:29 PM] --------------------------------------------------------------------------------
[7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\components
[7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\drivers
[7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\default
[7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\sam
[7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\security
[7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\software
[7/23/2016 - 2:55:29 PM] C:\WINDOWS\System32\Config\system
[7/23/2016 - 2:55:29 PM] C:\Users\Default\ntuser.dat
[7/23/2016 - 2:55:29 PM] C:\Users\Tran Clan Notebook\ntuser.dat
[7/23/2016 - 2:55:29 PM] C:\Users\Tran Clan Notebook\AppData\Local\Microsoft\Windows\UsrClass.dat
[7/23/2016 - 2:55:29 PM] C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat
[7/23/2016 - 2:55:29 PM] C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat
[7/23/2016 - 2:55:29 PM] --------------------------------------------------------------------------------

[7/23/2016 - 2:55:29 PM] Backing Up Registry Files Security Descriptors (SDDL): 
[7/23/2016 - 2:55:29 PM] --------------------------------------------------------------------------------
[7/23/2016 - 2:55:29 PM] "\\?\C:\Users\Default\ntuser.dat",1,"O:SYG:SYD:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FR;;;BU)(A;;FR;;;WD)"
"\\?\C:\Users\Default\ntuser.dat.old",1,"O:SYG:SYD:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FR;;;BU)(A;;FR;;;WD)"
"\\?\C:\Users\Tran Clan Notebook\AppData\Local\Microsoft\Windows\UsrClass.dat",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1653603585-3810599995-4057881293-1002)"
"\\?\C:\Users\Tran Clan Notebook\AppData\Local\Microsoft\Windows\UsrClass.dat.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1653603585-3810599995-4057881293-1002)"
"\\?\C:\Users\Tran Clan Notebook\ntuser.dat",1,"O:S-1-5-21-1653603585-3810599995-4057881293-1002G:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1653603585-3810599995-4057881293-1002)"
"\\?\C:\Users\Tran Clan Notebook\ntuser.dat.old",1,"O:S-1-5-21-1653603585-3810599995-4057881293-1002G:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;S-1-5-21-1653603585-3810599995-4057881293-1002)"
"\\?\C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
"\\?\C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;LS)"
"\\?\C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
"\\?\C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat.old",1,"O:BAG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;FA;;;NS)"
"\\?\C:\WINDOWS\System32\Config\components",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\components.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\default",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\default.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\drivers",1,"O:SYG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\drivers.old",1,"O:SYG:SYD:AIAR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\sam",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\sam.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\security",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\security.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\software",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\software.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\system",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"
"\\?\C:\WINDOWS\System32\Config\system.old",1,"O:SYG:SYD:AR(A;ID;FA;;;SY)(A;ID;FA;;;BA)"

[7/23/2016 - 2:55:29 PM] --------------------------------------------------------------------------------

[7/23/2016 - 2:55:29 PM] Backing Up Files: 
[7/23/2016 - 2:55:29 PM] --------------------------------------------------------------------------------
[7/23/2016 - 2:55:29 PM] Using Fallback Backup Method.

[7/23/2016 - 2:55:29 PM] Backing Up File: C:\WINDOWS\System32\Config\components
[7/23/2016 - 2:55:30 PM] Result: Successful (63.65 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\components

[7/23/2016 - 2:55:30 PM] Backing Up File: C:\WINDOWS\System32\Config\drivers
[7/23/2016 - 2:55:30 PM] Result: Successful (5.41 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\drivers

[7/23/2016 - 2:55:30 PM] Backing Up File: C:\WINDOWS\System32\Config\default
[7/23/2016 - 2:55:30 PM] Result: Successful (272.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\default

[7/23/2016 - 2:55:30 PM] Backing Up File: C:\WINDOWS\System32\Config\sam
[7/23/2016 - 2:55:30 PM] Result: Successful (24.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\sam

[7/23/2016 - 2:55:30 PM] Backing Up File: C:\WINDOWS\System32\Config\security
[7/23/2016 - 2:55:30 PM] Result: Successful (28.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\security

[7/23/2016 - 2:55:30 PM] Backing Up File: C:\WINDOWS\System32\Config\software
[7/23/2016 - 2:55:31 PM] Result: Successful (77.46 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\software

[7/23/2016 - 2:55:31 PM] Backing Up File: C:\WINDOWS\System32\Config\system
[7/23/2016 - 2:55:32 PM] Result: Successful (14.95 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\System32\Config\system

[7/23/2016 - 2:55:32 PM] Backing Up File: C:\Users\Default\ntuser.dat
[7/23/2016 - 2:55:32 PM] Result: Successful (256.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\Users\Default\ntuser.dat

[7/23/2016 - 2:55:32 PM] Backing Up File: C:\Users\Tran Clan Notebook\ntuser.dat
[7/23/2016 - 2:55:32 PM] Result: Successful (1.43 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\Users\Tran Clan Notebook\ntuser.dat

[7/23/2016 - 2:55:32 PM] Backing Up File: C:\Users\Tran Clan Notebook\AppData\Local\Microsoft\Windows\UsrClass.dat
[7/23/2016 - 2:55:32 PM] Result: Successful (7.45 MB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\Users\Tran Clan Notebook\AppData\Local\Microsoft\Windows\UsrClass.dat

[7/23/2016 - 2:55:32 PM] Backing Up File: C:\WINDOWS\ServiceProfiles\LocalService\ntuser.dat
[7/23/2016 - 2:55:32 PM] Result: Successful (156.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\ServiceProfiles\LocalService\ntuser.dat

[7/23/2016 - 2:55:32 PM] Backing Up File: C:\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat
[7/23/2016 - 2:55:32 PM] Result: Successful (152.00 KB) - C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\C\WINDOWS\ServiceProfiles\NetworkService\ntuser.dat

[7/23/2016 - 2:55:32 PM] Total Size: 171.21 MB

[7/23/2016 - 2:55:32 PM] --------------------------------------------------------------------------------

[7/23/2016 - 2:55:32 PM] Creating DOS restore bat file for use in the Windows Recovery Console: 
[7/23/2016 - 2:55:32 PM] --------------------------------------------------------------------------------
[7/23/2016 - 2:55:32 PM] Created: C:\WINDOWS\tweaking.com-regbackup-TRAN-PC-Windows-8.1-(64-bit).dat for use in the dos_restore.cmd file
[7/23/2016 - 2:55:32 PM] Done: C:\RegBackup\TRAN-PC\7.23.2016_2.55.29-PM\dos_restore.cmd
[7/23/2016 - 2:55:32 PM] --------------------------------------------------------------------------------
 

Malwarebytes Anti-Malware=============================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/23/2016
Scan Time: 2:58 PM
Logfile: MByte.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.23.07
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Tran Clan Notebook

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288736
Time Elapsed: 18 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Farbar Recovery Scan Tool=============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2016 02
Ran by Tran Clan Notebook (administrator) on TRAN-PC (23-07-2016 15:24:10)
Running from C:\Users\Tran Clan Notebook\Desktop
Loaded Profiles: Tran Clan Notebook (Available Profiles: Tran Clan Notebook)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2015-01-19] (Synaptics Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-07-22] (AVAST Software)
HKU\S-1-5-21-1653603585-3810599995-4057881293-1002\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-1653603585-3810599995-4057881293-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8810200 2016-06-10] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-22] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{4911CFB9-5881-49C3-9CB5-6E63DF394208}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{D8953E4A-AA6A-4E7F-8D33-8C2B940735F9}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:
==================
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-22] (AVAST Software)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-22] (AVAST Software)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)

FireFox:
========
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Opera: 
=======
OPR Extension: (Adguard) - C:\Users\Tran Clan Notebook\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2016-06-11]
OPR Extension: (WOT) - C:\Users\Tran Clan Notebook\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-12-16]
OPR Extension: (Disconnect) - C:\Users\Tran Clan Notebook\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2016-04-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-22] (AVAST Software)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6666808 2015-06-10] (GOG.com)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-22] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-22] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-22] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-22] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-22] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-22] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [290088 2016-07-22] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2015-05-20] (Advanced Micro Devices)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-30] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-23 15:24 - 2016-07-23 15:24 - 00009792 _____ C:\Users\Tran Clan Notebook\Desktop\FRST.txt
2016-07-23 15:23 - 2016-07-23 15:24 - 00000000 ____D C:\FRST
2016-07-23 15:23 - 2016-07-23 15:23 - 02394112 _____ (Farbar) C:\Users\Tran Clan Notebook\Desktop\FRST64.exe
2016-07-23 15:22 - 2016-07-23 15:22 - 00001053 _____ C:\Users\Tran Clan Notebook\Desktop\MByte.txt
2016-07-23 15:21 - 2016-07-23 15:21 - 00001053 _____ C:\MByte.txt
2016-07-23 15:18 - 2016-07-23 15:18 - 00001064 _____ C:\Users\Tran Clan Notebook\Desktop\Malwarebytes_Log.txt
2016-07-23 14:55 - 2016-07-23 14:55 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-TRAN-PC-Windows-8.1-(64-bit).dat
2016-07-23 14:54 - 2016-07-23 14:55 - 00000000 ____D C:\RegBackup
2016-07-23 14:52 - 2016-07-23 14:52 - 03251071 _____ C:\Users\Tran Clan Notebook\Desktop\tweaking.com_registry_backup_portable.zip
2016-07-23 14:51 - 2016-07-23 14:52 - 00001640 _____ C:\Users\Tran Clan Notebook\Desktop\Rkill.txt
2016-07-23 14:51 - 2016-07-23 14:51 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Tran Clan Notebook\Desktop\rkill.exe
2016-07-23 14:51 - 2016-07-23 14:51 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Tran Clan Notebook\Desktop\rkill64.exe
2016-07-22 21:53 - 2016-07-22 21:53 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-07-22 21:53 - 2016-07-22 21:53 - 00003888 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1469238825
2016-07-22 21:53 - 2016-07-22 21:53 - 00001053 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-07-22 21:53 - 2016-07-22 21:53 - 00001053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-07-22 19:37 - 2016-07-23 15:23 - 00243374 _____ C:\WINDOWS\ntbtlog.txt
2016-07-22 19:37 - 2016-07-23 15:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-22 19:37 - 2016-07-22 19:37 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-22 19:37 - 2016-07-22 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-22 19:37 - 2016-07-22 19:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-22 19:37 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-07-22 19:37 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-22 19:37 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-07-22 19:36 - 2016-07-22 19:36 - 00000000 ____D C:\Users\Tran Clan Notebook\AppData\Roaming\AVAST Software
2016-07-22 19:35 - 2016-07-22 19:35 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-07-22 19:35 - 2016-07-22 19:35 - 00473592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-07-22 19:35 - 2016-07-22 19:35 - 00390984 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-07-22 19:35 - 2016-07-22 19:35 - 00290088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-07-22 19:35 - 2016-07-22 19:35 - 00162904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-07-22 19:35 - 2016-07-22 19:35 - 00108304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-07-22 19:35 - 2016-07-22 19:35 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-07-22 19:35 - 2016-07-22 19:35 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-07-22 19:35 - 2016-07-22 19:35 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-07-22 19:35 - 2016-07-22 19:35 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-07-22 19:35 - 2016-07-22 19:35 - 00001938 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-07-22 19:35 - 2016-07-22 19:35 - 00000350 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2016-07-22 19:35 - 2016-07-22 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-07-22 19:34 - 2016-07-22 21:53 - 00000000 ____D C:\Program Files\AVAST Software
2016-07-22 19:34 - 2016-07-22 19:34 - 06253640 _____ (AVAST Software) C:\Users\Tran Clan Notebook\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-07-22 19:33 - 2016-07-22 19:33 - 22851472 _____ (Malwarebytes ) C:\Users\Tran Clan Notebook\Downloads\mbam-setup-2.2.1.1043.exe
2016-07-22 19:30 - 2016-07-22 19:30 - 00013484 _____ C:\Users\Tran Clan Notebook\Documents\cc_20160722_193041.reg
2016-07-21 23:46 - 2016-07-21 23:46 - 00003618 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-07-21 23:46 - 2016-07-21 23:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-07-21 23:46 - 2016-07-21 23:46 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2016-07-16 11:41 - 2016-07-20 22:50 - 00000000 ____D C:\Users\Tran Clan Notebook\AppData\LocalLow\BitTorrent
2016-07-16 09:32 - 2016-07-16 09:32 - 00000082 _____ C:\Users\Tran Clan Notebook\Documents\cc_20160716_093204.reg
2016-07-14 16:41 - 2016-07-02 00:29 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-07-14 16:41 - 2016-07-02 00:29 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-12 15:08 - 2016-06-11 14:14 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-12 15:08 - 2016-06-11 14:11 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-07-12 15:08 - 2016-06-11 13:56 - 25812992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-07-12 15:08 - 2016-06-11 13:56 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-07-12 15:08 - 2016-06-11 13:42 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-07-12 15:08 - 2016-06-11 13:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-07-12 15:08 - 2016-06-11 13:22 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-07-12 15:08 - 2016-06-11 13:22 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-07-12 15:08 - 2016-06-11 13:21 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-07-12 15:08 - 2016-06-11 13:20 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-07-12 15:08 - 2016-06-11 13:13 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-07-12 15:08 - 2016-06-11 13:12 - 20348928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-07-12 15:08 - 2016-06-11 13:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-07-12 15:08 - 2016-06-11 13:07 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-07-12 15:08 - 2016-06-11 13:03 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-07-12 15:08 - 2016-06-11 13:01 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-07-12 15:08 - 2016-06-11 13:00 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-07-12 15:08 - 2016-06-11 13:00 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-07-12 15:08 - 2016-06-11 12:57 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-07-12 15:08 - 2016-06-11 12:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-07-12 15:08 - 2016-06-11 12:43 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-07-12 15:08 - 2016-06-11 12:38 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-07-12 15:08 - 2016-06-11 12:33 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-07-12 15:08 - 2016-06-11 12:31 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-07-12 15:08 - 2016-06-11 12:31 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-07-12 15:08 - 2016-06-11 12:31 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-07-12 15:08 - 2016-06-11 12:30 - 15409664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-07-12 15:08 - 2016-06-11 12:29 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-07-12 15:08 - 2016-06-11 12:26 - 02869248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-07-12 15:08 - 2016-06-11 12:15 - 13806080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-07-12 15:08 - 2016-06-11 12:12 - 01550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-07-12 15:08 - 2016-06-11 12:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-07-12 15:08 - 2016-06-11 11:59 - 02392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-07-12 15:08 - 2016-06-11 11:56 - 01315840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-07-12 15:08 - 2016-06-11 11:56 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-07-12 15:06 - 2016-06-11 15:45 - 07445856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-12 15:04 - 2016-06-25 16:05 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-07-12 15:04 - 2016-06-25 14:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-07-12 15:04 - 2016-06-25 12:24 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2016-07-12 15:04 - 2016-06-25 12:15 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-07-12 15:04 - 2016-06-25 12:13 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-07-12 15:04 - 2016-06-25 12:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2016-07-12 15:04 - 2016-06-22 09:48 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2016-07-12 15:04 - 2016-06-21 14:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-07-12 15:04 - 2016-06-21 10:12 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-07-12 15:04 - 2016-06-21 09:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-07-12 15:04 - 2016-06-21 09:48 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-07-12 15:04 - 2016-06-21 09:48 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-07-12 15:04 - 2016-06-21 09:48 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-07-12 15:04 - 2016-06-21 09:48 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-07-12 15:04 - 2016-06-21 09:48 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-07-12 15:04 - 2016-06-21 09:48 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-07-12 15:04 - 2016-01-30 15:50 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-07-12 15:04 - 2016-01-30 15:00 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-07-12 15:04 - 2016-01-30 14:48 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-07-12 15:04 - 2016-01-30 14:18 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-07-12 15:04 - 2016-01-30 13:48 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-07-12 15:04 - 2016-01-30 13:41 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-07-12 14:59 - 2016-06-10 17:35 - 04167680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-07-11 00:47 - 2016-07-11 00:47 - 00005630 _____ C:\Users\Tran Clan Notebook\Documents\cc_20160711_004656.reg
2016-07-06 17:35 - 2016-07-10 17:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-06 17:25 - 2016-07-06 17:27 - 00222720 _____ C:\TDSSKiller.3.1.0.9_06.07.2016_17.25.59_log.txt
2016-07-06 17:24 - 2016-07-06 17:24 - 00008398 _____ C:\TDSSKiller.3.1.0.9_06.07.2016_17.24.32_log.txt
2016-06-25 13:09 - 2016-06-25 13:43 - 00000000 ____D C:\Users\Tran Clan Notebook\Documents\Mount&Blade Warband Savegames
2016-06-25 12:18 - 2016-06-25 13:34 - 00000000 ____D C:\Users\Tran Clan Notebook\AppData\Roaming\Mount&Blade Warband
2016-06-25 12:18 - 2016-06-25 13:16 - 00000000 ____D C:\Users\Tran Clan Notebook\Documents\Mount&Blade Warband
2016-06-25 12:17 - 2010-06-02 07:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-06-25 12:17 - 2010-06-02 07:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-06-25 12:17 - 2010-06-02 07:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-06-25 12:17 - 2010-06-02 07:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-06-25 12:17 - 2010-06-02 07:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-06-25 12:17 - 2010-06-02 07:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-06-25 12:17 - 2010-05-26 14:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-06-25 12:17 - 2010-05-26 14:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-06-25 12:17 - 2010-05-26 14:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-06-25 12:17 - 2010-05-26 14:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-06-25 12:17 - 2010-05-26 14:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-06-25 12:17 - 2010-05-26 14:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-06-25 12:17 - 2010-05-26 14:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-06-25 12:17 - 2010-05-26 14:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-06-25 12:17 - 2010-05-26 14:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-06-25 12:17 - 2010-05-26 14:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-06-25 12:17 - 2010-02-04 13:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-06-25 12:17 - 2010-02-04 13:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2016-06-25 12:17 - 2010-02-04 13:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2016-06-25 12:17 - 2010-02-04 13:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-06-25 12:17 - 2010-02-04 13:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-06-25 12:17 - 2010-02-04 13:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2016-06-25 12:17 - 2010-02-04 13:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-06-25 12:17 - 2010-02-04 13:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2016-06-25 12:17 - 2009-09-04 20:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-06-25 12:17 - 2009-09-04 20:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2016-06-25 12:17 - 2009-09-04 20:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2016-06-25 12:17 - 2009-09-04 20:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-06-25 12:17 - 2009-09-04 20:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-06-25 12:17 - 2009-09-04 20:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2016-06-25 12:17 - 2009-09-04 20:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-06-25 12:17 - 2009-09-04 20:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2016-06-25 12:17 - 2009-09-04 20:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-06-25 12:17 - 2009-09-04 20:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-06-25 12:17 - 2009-09-04 20:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-06-25 12:17 - 2009-09-04 20:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-06-25 12:17 - 2009-09-04 20:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-06-25 12:17 - 2009-09-04 20:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-06-25 12:17 - 2009-09-04 20:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-06-25 12:17 - 2009-09-04 20:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2016-06-25 12:17 - 2009-03-16 17:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-06-25 12:17 - 2009-03-16 17:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2016-06-25 12:17 - 2009-03-16 17:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2016-06-25 12:17 - 2009-03-16 17:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-06-25 12:17 - 2009-03-16 17:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-06-25 12:17 - 2009-03-16 17:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2016-06-25 12:17 - 2009-03-09 18:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-06-25 12:17 - 2009-03-09 18:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2016-06-25 12:17 - 2009-03-09 18:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-06-25 12:17 - 2009-03-09 18:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2016-06-25 12:17 - 2009-03-09 18:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-06-25 12:17 - 2009-03-09 18:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2016-06-25 12:17 - 2008-10-27 13:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-06-25 12:17 - 2008-10-27 13:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2016-06-25 12:17 - 2008-10-27 13:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2016-06-25 12:17 - 2008-10-27 13:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-06-25 12:17 - 2008-10-27 13:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-06-25 12:17 - 2008-10-27 13:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2016-06-25 12:17 - 2008-10-27 13:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-06-25 12:17 - 2008-10-27 13:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2016-06-25 12:17 - 2008-10-15 09:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-06-25 12:17 - 2008-10-15 09:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-06-25 12:17 - 2008-10-15 09:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-06-25 12:17 - 2008-10-15 09:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-06-25 12:17 - 2008-10-15 09:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-06-25 12:17 - 2008-10-15 09:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-06-25 12:17 - 2008-07-31 13:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2016-06-25 12:17 - 2008-07-31 13:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-06-25 12:17 - 2008-07-31 13:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-06-25 12:17 - 2008-07-31 13:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-06-25 12:17 - 2008-07-31 13:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-06-25 12:17 - 2008-07-31 13:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-06-25 12:16 - 2008-07-10 14:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-06-25 12:16 - 2008-07-10 14:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-06-25 12:16 - 2008-07-10 14:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-06-25 12:16 - 2008-07-10 14:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-06-25 12:16 - 2008-07-10 14:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-06-25 12:16 - 2008-07-10 14:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-06-25 12:16 - 2008-05-30 17:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2016-06-25 12:16 - 2008-05-30 17:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2016-06-25 12:16 - 2008-05-30 17:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2016-06-25 12:16 - 2008-05-30 17:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2016-06-25 12:16 - 2008-05-30 17:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2016-06-25 12:16 - 2008-05-30 17:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2016-06-25 12:16 - 2008-05-30 17:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2016-06-25 12:16 - 2008-05-30 17:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2016-06-25 12:16 - 2008-05-30 17:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2016-06-25 12:16 - 2008-05-30 17:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2016-06-25 12:16 - 2008-05-30 17:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2016-06-25 12:16 - 2008-05-30 17:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2016-06-25 12:16 - 2008-05-30 17:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2016-06-25 12:16 - 2008-05-30 17:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2016-06-25 12:16 - 2008-03-05 19:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2016-06-25 12:16 - 2008-03-05 19:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2016-06-25 12:16 - 2008-03-05 19:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2016-06-25 12:16 - 2008-03-05 19:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2016-06-25 12:16 - 2008-03-05 19:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2016-06-25 12:16 - 2008-03-05 19:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2016-06-25 12:16 - 2008-03-05 18:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2016-06-25 12:16 - 2008-03-05 18:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2016-06-25 12:16 - 2008-03-05 18:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2016-06-25 12:16 - 2008-03-05 18:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2016-06-25 12:16 - 2008-02-06 02:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2016-06-25 12:16 - 2008-02-06 02:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2016-06-25 12:16 - 2007-10-22 06:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2016-06-25 12:16 - 2007-10-22 06:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2016-06-25 12:16 - 2007-10-22 06:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2016-06-25 12:16 - 2007-10-22 06:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2016-06-25 12:16 - 2007-10-12 18:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2016-06-25 12:16 - 2007-10-12 18:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2016-06-25 12:16 - 2007-10-12 18:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2016-06-25 12:16 - 2007-10-12 18:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2016-06-25 12:16 - 2007-10-02 12:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2016-06-25 12:16 - 2007-10-02 12:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2016-06-25 12:16 - 2007-07-20 03:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2016-06-25 12:16 - 2007-07-20 03:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2016-06-25 12:16 - 2007-07-19 21:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2016-06-25 12:16 - 2007-07-19 21:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2016-06-25 12:16 - 2007-07-19 21:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2016-06-25 12:16 - 2007-07-19 21:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2016-06-25 12:16 - 2007-07-19 21:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2016-06-25 12:16 - 2007-07-19 21:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2016-06-25 12:16 - 2007-06-20 23:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2016-06-25 12:16 - 2007-06-20 23:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2016-06-25 12:16 - 2007-05-16 19:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2016-06-25 12:16 - 2007-05-16 19:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2016-06-25 12:16 - 2007-05-16 19:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2016-06-25 12:16 - 2007-05-16 19:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2016-06-25 12:16 - 2007-05-16 19:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2016-06-25 12:16 - 2007-05-16 19:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2016-06-25 12:16 - 2007-04-04 21:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-06-25 12:16 - 2007-04-04 21:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2016-06-25 12:16 - 2007-04-04 21:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-06-25 12:16 - 2007-04-04 21:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2016-06-25 12:16 - 2007-03-15 19:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-06-25 12:16 - 2007-03-15 19:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2016-06-25 12:16 - 2007-03-12 19:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-06-25 12:16 - 2007-03-12 19:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2016-06-25 12:16 - 2007-03-12 19:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-06-25 12:16 - 2007-03-12 19:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2016-06-25 12:16 - 2007-03-05 15:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-06-25 12:16 - 2007-03-05 15:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2016-06-25 12:16 - 2007-01-24 18:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2016-06-25 12:16 - 2007-01-24 18:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2016-06-25 12:16 - 2006-12-08 15:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2016-06-25 12:16 - 2006-12-08 15:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2016-06-25 12:16 - 2006-11-29 16:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2016-06-25 12:16 - 2006-11-29 16:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2016-06-25 12:16 - 2006-11-29 16:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2016-06-25 12:16 - 2006-11-29 16:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2016-06-25 12:16 - 2006-09-28 19:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2016-06-25 12:16 - 2006-09-28 19:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2016-06-25 12:16 - 2006-09-28 19:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2016-06-25 12:16 - 2006-09-28 19:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2016-06-25 12:16 - 2006-07-28 12:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2016-06-25 12:16 - 2006-07-28 12:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2016-06-25 12:16 - 2006-07-28 12:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2016-06-25 12:16 - 2006-07-28 12:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2016-06-25 12:15 - 2006-05-31 10:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2016-06-25 12:15 - 2006-05-31 10:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2016-06-25 12:15 - 2006-03-31 15:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2016-06-25 12:15 - 2006-03-31 15:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2016-06-25 12:15 - 2006-03-31 15:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2016-06-25 12:15 - 2006-03-31 15:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2016-06-25 12:15 - 2006-03-31 15:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2016-06-25 12:15 - 2006-03-31 15:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2016-06-25 12:15 - 2006-02-03 11:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2016-06-25 12:15 - 2006-02-03 11:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2016-06-25 12:15 - 2006-02-03 11:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2016-06-25 12:15 - 2006-02-03 11:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2016-06-25 12:15 - 2006-02-03 11:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2016-06-25 12:15 - 2006-02-03 11:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2016-06-25 12:15 - 2005-12-05 21:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2016-06-25 12:15 - 2005-12-05 21:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2016-06-25 12:15 - 2005-07-22 22:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2016-06-25 12:15 - 2005-07-22 22:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2016-06-25 12:15 - 2005-05-26 18:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2016-06-25 12:15 - 2005-05-26 18:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2016-06-25 12:15 - 2005-03-18 20:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2016-06-25 12:15 - 2005-03-18 20:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2016-06-25 12:15 - 2005-02-05 22:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2016-06-25 12:15 - 2005-02-05 22:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2016-06-25 12:14 - 2016-06-25 12:14 - 00001799 _____ C:\Users\Public\Desktop\Mount and Blade - Warband.lnk
2016-06-25 12:14 - 2016-06-25 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mount and Blade - Warband [GOG.com]
2016-06-25 12:04 - 2016-06-25 12:04 - 00098746 _____ C:\Users\Tran Clan Notebook\Documents\cc_20160625_090433.reg
2016-06-24 06:02 - 2016-07-22 07:45 - 00003240 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTran Clan Notebook
2016-06-23 00:06 - 2016-06-23 00:06 - 00003888 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1466654770

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-23 15:24 - 2014-11-21 04:44 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-23 15:24 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-07-23 14:34 - 2015-06-10 20:19 - 00000000 ____D C:\Users\Tran Clan Notebook\AppData\Local\ElevatedDiagnostics
2016-07-23 14:20 - 2015-01-21 22:51 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-07-23 14:19 - 2016-01-25 15:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-23 14:19 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-22 21:55 - 2015-01-19 15:37 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1653603585-3810599995-4057881293-1002
2016-07-22 21:53 - 2015-01-21 01:50 - 00000000 ____D C:\ProgramData\AVAST Software
2016-07-22 13:22 - 2016-05-06 18:37 - 00000400 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTran Clan Notebook.job
2016-07-22 13:21 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-07-22 13:16 - 2015-01-20 22:01 - 00000000 ____D C:\Users\Tran Clan Notebook
2016-07-22 12:59 - 2015-01-21 02:00 - 00000466 _____ C:\WINDOWS\Tasks\WpsNotifyTask_Tran Clan Notebook.job
2016-07-22 12:56 - 2015-01-21 02:00 - 00000466 _____ C:\WINDOWS\Tasks\WpsUpdateTask_Tran Clan Notebook.job
2016-07-22 00:00 - 2015-01-26 20:12 - 00000000 ____D C:\Users\Tran Clan Notebook\AppData\Roaming\vlc
2016-07-20 07:27 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-20 07:19 - 2015-04-27 22:50 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-07-20 07:19 - 2015-04-27 22:50 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-07-16 20:30 - 2015-12-16 21:39 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-07-16 11:35 - 2015-01-21 01:52 - 00004180 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-07-15 18:21 - 2015-01-21 01:46 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-15 14:21 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-15 06:30 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-07-14 23:14 - 2015-01-19 15:05 - 00000000 ____D C:\ProgramData\CyberLink
2016-07-14 16:40 - 2013-08-22 10:44 - 00353952 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-14 16:24 - 2015-04-27 22:51 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-07-14 16:24 - 2014-11-21 04:25 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 16:24 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-07-12 23:25 - 2016-01-25 15:17 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-07-12 23:25 - 2015-12-16 21:39 - 00003880 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-07-12 23:24 - 2016-05-12 12:19 - 20466368 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-07-12 23:24 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-07-12 23:24 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-07-12 15:26 - 2015-01-19 16:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-12 15:22 - 2015-01-19 16:39 - 144749672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-07 18:21 - 2016-03-19 19:54 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-07-07 18:21 - 2015-01-21 01:46 - 00003844 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1421819188
2016-07-02 03:20 - 2016-05-26 15:34 - 00015872 _____ C:\Users\Tran Clan Notebook\Documents\Mugs Record Sheet.xls
2016-06-25 12:11 - 2015-06-11 17:16 - 00000000 ____D C:\GOG Games
2016-06-24 13:47 - 2015-01-21 02:03 - 00001200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-06-24 13:47 - 2015-01-21 02:03 - 00001188 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-06-24 13:47 - 2015-01-21 02:03 - 00000000 ____D C:\Program Files\paint.net

==================== Files in the root of some directories =======

2015-02-15 22:43 - 2015-02-15 22:43 - 0007601 _____ () C:\Users\Tran Clan Notebook\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-21 04:34

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-07-2016 02
Ran by Tran Clan Notebook (2016-07-23 15:25:45)
Running from C:\Users\Tran Clan Notebook\Desktop
Windows 8.1 (Update) (X64) (2015-01-21 03:08:13)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1653603585-3810599995-4057881293-500 - Administrator - Disabled)
Guest (S-1-5-21-1653603585-3810599995-4057881293-501 - Limited - Disabled)
Tran Clan Notebook (S-1-5-21-1653603585-3810599995-4057881293-1002 - Administrator - Enabled) => C:\Users\Tran Clan Notebook

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Battle Realms Complete (HKLM-x32\...\GOGPACKBATTLEREALMS_is1) (Version: 2.0.0.9 - GOG.com)
CCleaner (HKLM\...\CCleaner) (Version: 5.19 - Piriform)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.27.17 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.26.37 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Icewind Dale Enhanced Edition (HKLM-x32\...\1207666683_is1) (Version: 2.0.2.3 - GOG.com)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Jade Empire Special Edition (HKLM-x32\...\GOGPACKJADEEMPIRE_is1) (Version: 2.0.0.4 - GOG.com)
K-Lite Codec Pack 12.2.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.2.5 - KLCP)
Legend of Grimrock II (HKLM-x32\...\1207666193_is1) (Version: 2.1.0.5 - GOG.com)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mount and Blade - Warband (HKLM-x32\...\1207666913_is1) (Version: 2.2.0.10 - GOG.com)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. Clear Sky (HKLM-x32\...\GOGPACKSTALKERSTCS_is1) (Version: 2.0.0.8 - GOG.com)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Shadowrun Dragonfall - Director's Cut (HKLM-x32\...\1207660913_is1) (Version: 2.1.0.7 - GOG.com)
SimCity 4 Deluxe Edition (HKLM-x32\...\1207664593_is1) (Version: 2.1.0.9 - GOG.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WPS Office (9.1.0.4746) (HKU\S-1-5-21-1653603585-3810599995-4057881293-1002\...\WPS Office) (Version: 9.1.0.4746 - Kingsoft Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0838799D-81BB-4119-B263-F282890E8C8C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-12] (Microsoft Corporation)
Task: {08C07D78-3E21-4877-B5FA-A7D9C257A8CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {123A3EFE-632A-4EF1-96E0-7C1510BD1D87} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-06-28] (HP Inc.)
Task: {188A114D-07E8-492E-A8C0-E8EDEEAA0DB3} - System32\Tasks\WpsNotifyTask_Tran Clan Notebook => C:\Users\Tran Clan Notebook\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe [2015-01-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {23BB1AA6-7B45-4FD1-9319-1300F214E09F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {2DB4E006-61A3-4BA2-AF78-C813962D0873} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {3236E597-CE13-4572-A63F-1301A80DFF45} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {3318FFCA-E97E-4C65-805E-95F9744B8309} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-07-04] (HP Inc.)
Task: {3B8E42AA-1AF5-4F8F-BA76-FA93783C4373} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-10] (Piriform Ltd)
Task: {400EB783-A74D-4BF7-814D-46FF473364D0} - System32\Tasks\SafeZone scheduled Autoupdate 1460167748 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {8295C02A-C07E-4ACF-8979-944A26BC2FE5} - System32\Tasks\HPCeeScheduleForTran Clan Notebook => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {8A5431FB-9B2E-41E5-80C2-B4F3211062F3} - System32\Tasks\Opera scheduled Autoupdate 1421819188 => C:\Program Files (x86)\Opera\launcher.exe [2016-07-01] (Opera Software)
Task: {8F6FB944-A6C7-4BC4-9E08-6527C853F007} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {90836697-D5D9-4006-B643-55350A465308} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-07-07] ()
Task: {A056C6DD-BA74-462B-88F8-1501049A3D7E} - System32\Tasks\WpsUpdateTask_Tran Clan Notebook => C:\Users\Tran Clan Notebook\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe [2016-03-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {A24FDB01-8528-4AFC-BB84-1B3A8BC4FC6E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-22] (AVAST Software)
Task: {A7174475-25A0-4C41-AFB6-598540CE226C} - System32\Tasks\SafeZone scheduled Autoupdate 1469238825 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {C7FB81F1-C4F4-4AF7-AC9C-75116CFF459C} - System32\Tasks\SafeZone scheduled Autoupdate 1466654770 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {D4813066-7CE3-402F-AA26-451B8EA55F54} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {D869A042-CA13-4250-AC39-E9A8A4338664} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {FA051BF2-DF6B-4F5A-8DA7-DF7A193A741B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-19] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForTran Clan Notebook.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Tran Clan Notebook.job => C:\Users\Tran Clan Notebook\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Tran Clan Notebook.job => C:\Users\Tran Clan Notebook\AppData\Local\Kingsoft\Kingsoft Office\9.1.0.4746\wtoolex\wpsupdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-07 18:21 - 2016-07-07 18:21 - 67945512 _____ () C:\Program Files (x86)\Opera\38.0.2220.41\opera.dll
2016-07-07 18:21 - 2016-07-07 18:20 - 02203176 _____ () C:\Program Files (x86)\Opera\38.0.2220.41\libglesv2.dll
2016-07-07 18:21 - 2016-07-07 18:20 - 00087080 _____ () C:\Program Files (x86)\Opera\38.0.2220.41\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1653603585-3810599995-4057881293-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Tran Clan Notebook\Desktop\photo181123.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Raptr"
HKU\S-1-5-21-1653603585-3810599995-4057881293-1002\...\StartupApproved\Run: => "AppEx Accelerator UI"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EADB2724-0209-48E1-830D-AD68C1856F4D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{60C86478-A87B-4DC7-AAF3-5A529FBA94B8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [TCP Query User{AEFB99D5-8863-4E81-8927-A1834F102D46}C:\gog games\shadowrun dragonfall\dragonfall.exe] => (Block) C:\gog games\shadowrun dragonfall\dragonfall.exe
FirewallRules: [UDP Query User{4A97AF30-8215-4302-AB3D-B79F80789B63}C:\gog games\shadowrun dragonfall\dragonfall.exe] => (Block) C:\gog games\shadowrun dragonfall\dragonfall.exe
FirewallRules: [{D691C838-03C9-4118-9C0E-95172B66E768}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2CC79C00-0CE6-44EB-A5BC-48D03F258C4D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F7BD426F-FF03-475C-800E-14CE1B671361}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{AFC3AC65-7D17-49DF-9BFD-0187E9B6B925}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Wireless Device
Description: Wireless Device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (07/23/2016 03:18:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (07/22/2016 09:52:07 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (07/22/2016 09:52:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4

Error: (07/22/2016 09:48:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (07/21/2016 04:38:06 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/20/2016 10:47:51 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/20/2016 10:47:51 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/20/2016 10:47:51 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/20/2016 10:47:50 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (07/20/2016 10:47:49 PM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application

Details:
    (HRESULT : 0x8e5e0210) (0x8e5e0210)


System errors:
=============
Error: (07/23/2016 03:25:46 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (07/23/2016 03:25:46 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (07/23/2016 03:25:41 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (07/23/2016 03:25:41 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (07/23/2016 03:24:11 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (07/23/2016 03:24:11 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (07/23/2016 03:23:41 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (07/23/2016 03:23:21 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (07/23/2016 03:23:21 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (07/23/2016 03:23:21 PM) (Source: DCOM) (EventID: 10005) (User: Tran-PC)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}


==================== Memory info =========================== 

Processor: AMD A6-4400M APU with Radeon(tm) HD Graphics 
Percentage of memory in use: 31%
Total physical RAM: 3554.26 MB
Available physical RAM: 2438.61 MB
Total Virtual: 7138.26 MB
Available Virtual: 6018.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:439.77 GB) (Free:304.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.78 GB) (Free:2.99 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F2486060)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

There is no obvious malware/infection in those logs, run two more scans with your system in Normal mode:

Go here: https://www.zemana.com/Download download and install Zemana Anti-malware. Allow a shortcut to be saved to your Desktop.. The tool will be active with a 15 day trial....

Right click on user posted image Zemana Antimalware and select "Run as Administrator"

From the GUI select "Settings"

user posted image

In the new window Select 1. Updates, when complete Select 2. Real Time Protection.

user posted image

In the next window make sure 1. all boxes are checkmarked and the action is "Quarantine" and then " 2. Select the home icon.

user posted image

In the new window select "Scan"

user posted image

When the scan completes check each found entry (if any). For "Suspicious Browser Settings" choose REPAIR for all other entries choose QUARANTINE then select the "Next" tab


The action complete window will open, from there select the "Back" tab. That will take you back to the home screen...

On that screen select the "Reports" tab. (Looks like 3 chimneys)

user posted image

On that screen select and highlite the scan details line, then select "Open Report"

user posted image

Copy and paste that log to your reply...

Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....

Thank you,

Kevin....

 

Link to post
Share on other sites

Hello, here are the second logs that were requested.

Zemana AntiMalware==============================================

Zemana AntiMalware 2.21.2.139 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/7/24
Operating System       : Windows 8.1 64-bit
Processor              : 2X AMD A6-4400M APU with Radeon(tm) HD Graphics
BIOS Mode              : UEFI
CUID                   : 12E44D9268B89F4F1EAC7A
Scan Type              : Smart Scan
Duration               : 3m 28s
Scanned Objects        : 10992
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

There are no detected objects
 

Sophos Virus Removal Tool==========================================

No threats found.

Link to post
Share on other sites

You can clean up and remove tools etc that we have used....

To remove ZZemana and Sophos use the following Uninstaller tool...

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.