Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

SomethingClever

Members
  • Content count

    4
  • Joined

  • Last visited

About SomethingClever

  • Rank
    I'm New :)
  1. Fix result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01 Ran by PC (2016-04-12 15:30:47) Run:1 Running from C:\Users\PC\Desktop\FRST64 Loaded Profiles: PC (Available Profiles: PC) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd) Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll" Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll" Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll" Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll" Tcpip\..\Interfaces\{077639f1-6e84-4054-89b7-35834e3074d8}: [DhcpNameServer] 75.75.75.75 75.75.76.76 FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-05] (Google Inc.) 2016-04-07 17:44 - 2016-04-07 17:44 - 00000000 ____D C:\ProgramData\16E97BCE007A98A8290A9D32DB248BD6 2016-04-05 08:16 - 2016-04-05 08:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-04-07 18:26 - 2016-02-07 18:26 - 0000032 ____R () C:\ProgramData\hash.dat C:\ProgramData\hash.dat C:\Users\PC\AppData\Local\Temp\libeay32.dll C:\Users\PC\AppData\Local\Temp\msvcr120.dll C:\Users\PC\AppData\Local\Temp\sqlite3.dll Task: {B85083C4-9332-4DEE-95EA-3BBE0614B098} - \AutoPico Daily Restart -> No File <==== ATTENTION CMD: del c:\windows\prefetch\*.* /f /s /q CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ip reset CMD: netsh winsock reset catalog Hosts: CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state On RemoveProxy: CMD: ipconfig /flushdns Emptytemp: reboot: end ***************** Restore point was successfully created. Processes closed successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => value not found. HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found. HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\napinsp.dll) Winsock: Catalog5 000000000002\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll) Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll) Winsock: Catalog5 000000000004\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll) Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll) Winsock: Catalog5 000000000006\\LibraryPath => restored successfully (%SystemRoot%\System32\winrnr.dll) HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{077639f1-6e84-4054-89b7-35834e3074d8}\\DhcpNameServer => value removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => moved successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => not found. "C:\ProgramData\16E97BCE007A98A8290A9D32DB248BD6" => not found. C:\ProgramData\DP45977C.lfl => moved successfully "C:\ProgramData\hash.dat" => not found. "C:\ProgramData\hash.dat" => not found. "C:\Users\PC\AppData\Local\Temp\libeay32.dll" => not found. "C:\Users\PC\AppData\Local\Temp\msvcr120.dll" => not found. "C:\Users\PC\AppData\Local\Temp\sqlite3.dll" => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B85083C4-9332-4DEE-95EA-3BBE0614B098} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found. ========= del c:\windows\prefetch\*.* /f /s /q ========= Deleted file - c:\windows\prefetch\ADVANCED_PORT_SCANNER.EXE-052D030E.pf Deleted file - c:\windows\prefetch\ADWCLEANER_5.110.EXE-1FF52A7A.pf Deleted file - c:\windows\prefetch\AgAppLaunch.db Deleted file - c:\windows\prefetch\AgCx_SC5.db Deleted file - c:\windows\prefetch\AgGlFaultHistory.db Deleted file - c:\windows\prefetch\AgGlFgAppHistory.db Deleted file - c:\windows\prefetch\AgGlGlobalHistory.db Deleted file - c:\windows\prefetch\AgGlUAD_P_S-1-5-21-2143556981-4036127371-3801377323-1002.db Deleted file - c:\windows\prefetch\AgGlUAD_S-1-5-21-2143556981-4036127371-3801377323-1002.db Deleted file - c:\windows\prefetch\AgRobust.db Deleted file - c:\windows\prefetch\AM_DELTA_PATCH_1.217.1094.0.E-0671A715.pf Deleted file - c:\windows\prefetch\APPLICATIONFRAMEHOST.EXE-8CE9A1EE.pf Deleted file - c:\windows\prefetch\ATIEAH32.EXE-8E994E56.pf Deleted file - c:\windows\prefetch\ATTRIB.EXE-58A07CAF.pf Deleted file - c:\windows\prefetch\AUDIODG.EXE-AB22E9A6.pf Deleted file - c:\windows\prefetch\AU_.EXE-7CF66469.pf Deleted file - c:\windows\prefetch\BACKGROUNDTASKHOST.EXE-3247EF80.pf Deleted file - c:\windows\prefetch\BACKGROUNDTASKHOST.EXE-E53C8876.pf Deleted file - c:\windows\prefetch\BCDEDIT.EXE-FE221428.pf Deleted file - c:\windows\prefetch\CALCULATOR.EXE-C25F0D5B.pf Deleted file - c:\windows\prefetch\CCC.EXE-6C5FA59C.pf Deleted file - c:\windows\prefetch\CCLEANER64.EXE-4469D777.pf Deleted file - c:\windows\prefetch\CCSETUP516.EXE-E863DA5F.pf Deleted file - c:\windows\prefetch\CHROME.EXE-5349D2D7.pf Deleted file - c:\windows\prefetch\CHROME.EXE-5349D2D8.pf Deleted file - c:\windows\prefetch\CHROME.EXE-5349D2D9.pf Deleted file - c:\windows\prefetch\CHROME.EXE-5349D2DE.pf Deleted file - c:\windows\prefetch\CMD.EXE-0BD30981.pf Deleted file - c:\windows\prefetch\CMD.EXE-6D6290C5.pf Deleted file - c:\windows\prefetch\COMPATTELRUNNER.EXE-B7A68ECC.pf Deleted file - c:\windows\prefetch\CONHOST.EXE-0C6456FB.pf Deleted file - c:\windows\prefetch\CONSENT.EXE-40419367.pf Deleted file - c:\windows\prefetch\CSCRIPT.EXE-FCD9ABA9.pf Deleted file - c:\windows\prefetch\DAS_21.EXE-B430C997.pf Deleted file - c:\windows\prefetch\DESURA.EXE-C6349476.pf Deleted file - c:\windows\prefetch\DESURAINSTALLER.EXE-52F73072.pf Deleted file - c:\windows\prefetch\DLLHOST.EXE-0BCCFE33.pf Deleted file - c:\windows\prefetch\DLLHOST.EXE-7D5CE0CA.pf Deleted file - c:\windows\prefetch\DLLHOST.EXE-95797F8F.pf Deleted file - c:\windows\prefetch\DLLHOST.EXE-95A95592.pf Deleted file - c:\windows\prefetch\DLLHOST.EXE-AF704A88.pf Deleted file - c:\windows\prefetch\DLLHOST.EXE-B70C89D1.pf Deleted file - c:\windows\prefetch\DLLHOST.EXE-C1E47265.pf Deleted file - c:\windows\prefetch\DLLHOST.EXE-D200FEC3.pf Deleted file - c:\windows\prefetch\DLLHOST.EXE-DE997741.pf Deleted file - c:\windows\prefetch\DSMUSERTASK.EXE-853A6893.pf Deleted file - c:\windows\prefetch\dynrespri.7db Deleted file - c:\windows\prefetch\ECITY-20150522.EXE-8880D359.pf Deleted file - c:\windows\prefetch\ERUNT.EXE-45966165.pf Deleted file - c:\windows\prefetch\EXPLORER.EXE-D5E97654.pf Deleted file - c:\windows\prefetch\FEAR2.EXE-7811D309.pf Deleted file - c:\windows\prefetch\FIND.EXE-66A35B26.pf Deleted file - c:\windows\prefetch\FINDSTR.EXE-5986D423.pf Deleted file - c:\windows\prefetch\FOOBAR2000.EXE-899D0564.pf Deleted file - c:\windows\prefetch\FOOBAR2000_V1.3.10.EXE-8202A78D.pf Deleted file - c:\windows\prefetch\FRST64.EXE-11E5310D.pf Deleted file - c:\windows\prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf Deleted file - c:\windows\prefetch\GRAPHICSCONFIG.EXE-56D8C95F.pf Deleted file - c:\windows\prefetch\HACKNET.EXE-244198B3.pf Deleted file - c:\windows\prefetch\HELLO WORLD.EXE-3C5AA24A.pf Deleted file - c:\windows\prefetch\HELPPANE.EXE-2CB7BD18.pf Deleted file - c:\windows\prefetch\IEXPLORE.EXE-058FE8F5.pf Deleted file - c:\windows\prefetch\IEXPLORE.EXE-A033F7A2.pf Deleted file - c:\windows\prefetch\INSTALLAGENT.EXE-EEEB215B.pf Deleted file - c:\windows\prefetch\INSTALLMANAGERAPP.EXE-A455C985.pf Deleted file - c:\windows\prefetch\IPCONFIG.EXE-BFEC2AD0.pf Deleted file - c:\windows\prefetch\Layout.ini Deleted file - c:\windows\prefetch\LEMURZIN.EXE-1C159BD5.pf Deleted file - c:\windows\prefetch\LIVESTREAMER-V1.12.2-WIN32-SE-2827F1E6.pf Deleted file - c:\windows\prefetch\LIVESTREAMER-V1.12.2-WIN32-SE-A4FB2708.pf Deleted file - c:\windows\prefetch\LIVESTREAMER.EXE-212A1D34.pf Deleted file - c:\windows\prefetch\LOGONUI.EXE-F639BD7E.pf Deleted file - c:\windows\prefetch\LPKINSTALL.EXE-5734965B.pf Deleted file - c:\windows\prefetch\MBAM-SETUP-2.2.1.1043.TMP-6035C15A.pf Deleted file - c:\windows\prefetch\MBAM-SETUP-2.2.1.1043.TMP-DC5F782A.pf Deleted file - c:\windows\prefetch\MBAM.EXE-67C60411.pf Deleted file - c:\windows\prefetch\MICROSOFT.PHOTOS.EXE-50360CC0.pf Deleted file - c:\windows\prefetch\MICROSOFTEDGE.EXE-14855B87.pf Deleted file - c:\windows\prefetch\MICROSOFTEDGECP.EXE-95E9B1B4.pf Deleted file - c:\windows\prefetch\MMC.EXE-410C5F73.pf Deleted file - c:\windows\prefetch\MOD_FRST.EXE-D328E2AD.pf Deleted file - c:\windows\prefetch\MPC-HC64.EXE-FEF84C9D.pf Deleted file - c:\windows\prefetch\MPCMDRUN.EXE-2C9109F9.pf Deleted file - c:\windows\prefetch\MPSIGSTUB.EXE-5D0450B3.pf Deleted file - c:\windows\prefetch\MSASCUI.EXE-AB5A490C.pf Deleted file - c:\windows\prefetch\MSCONFIG.EXE-690F60C3.pf Deleted file - c:\windows\prefetch\MSHTA.EXE-392EB492.pf Deleted file - c:\windows\prefetch\MSIEXEC.EXE-8FFB1633.pf Deleted file - c:\windows\prefetch\MSIEXEC.EXE-CDBFC0F7.pf Deleted file - c:\windows\prefetch\MSMPENG.EXE-558DCD36.pf Deleted file - c:\windows\prefetch\MSPAINT.EXE-6406C4A1.pf Deleted file - c:\windows\prefetch\MSTSC.EXE-2A83B7D7.pf Deleted file - c:\windows\prefetch\NET.EXE-0225D674.pf Deleted file - c:\windows\prefetch\NETCFGNOTIFYOBJECTHOST.EXE-683437CE.pf Deleted file - c:\windows\prefetch\NETSH.EXE-A596235F.pf Deleted file - c:\windows\prefetch\NETWORKUXBROKER.EXE-16D4969F.pf Deleted file - c:\windows\prefetch\NETWORKUXBROKER.EXE-2E216AA9.pf Deleted file - c:\windows\prefetch\NGEN.EXE-4A8DA13E.pf Deleted file - c:\windows\prefetch\NGENTASK.EXE-849BFD75.pf Deleted file - c:\windows\prefetch\NINITE AUDACITY IMGBURN LIBRE-65D36715.pf Deleted file - c:\windows\prefetch\NINITE.EXE-FE8F7A23.pf Deleted file - c:\windows\prefetch\NIRCMD.EXE-139583F6.pf Deleted file - c:\windows\prefetch\NISSRV.EXE-09946424.pf Deleted file - c:\windows\prefetch\NOTEPAD++.EXE-AF4CC978.pf Deleted file - c:\windows\prefetch\NOTEPAD.EXE-032BB3D8.pf Deleted file - c:\windows\prefetch\NOTEPAD.EXE-C5670914.pf Deleted file - c:\windows\prefetch\NPP.6.9.1.INSTALLER.EXE-5D92C994.pf Deleted file - c:\windows\prefetch\OBS-STUDIO-0.13.4-INSTALLER.E-357170B9.pf Deleted file - c:\windows\prefetch\OBS32.EXE-4F1F13D1.pf Deleted file - c:\windows\prefetch\OBS64.EXE-664DC06B.pf Deleted file - c:\windows\prefetch\Op-EXPLORER.EXE-D5E97654-000000F5.pf Deleted file - c:\windows\prefetch\Op-SEARCHUI.EXE-2E2CF5B6-00000001.pf Deleted file - c:\windows\prefetch\OPENWITH.EXE-8B50D58B.pf Deleted file - c:\windows\prefetch\OSU!.EXE-43491017.pf Deleted file - c:\windows\prefetch\PEVZ.EXE-22353412.pf Deleted file - c:\windows\prefetch\PEVZ.EXE-89FC0C4F.pf Deleted file - c:\windows\prefetch\PEVZ.EXE-C30AE9C6.pf Deleted file - c:\windows\prefetch\PfPre_accd97c2.mkd c:\windows\prefetch\PfPre_acce5d9f.mkd Access is denied. Deleted file - c:\windows\prefetch\PfSvPerfStats.bin Deleted file - c:\windows\prefetch\PING.EXE-4A8A6853.pf Deleted file - c:\windows\prefetch\POST WIN10 SPYBOT-INSTALL.TMP-3F35447C.pf Deleted file - c:\windows\prefetch\POST WIN10 SPYBOT-INSTALL.TMP-906589D2.pf Deleted file - c:\windows\prefetch\POWERSHELL.EXE-CA1AE517.pf Deleted file - c:\windows\prefetch\PROJECT64.EXE-CF4FFA81.pf Deleted file - c:\windows\prefetch\PSCAN24.TMP-A1859889.pf Deleted file - c:\windows\prefetch\RADEONSETTINGS.EXE-524645D3.pf Deleted file - c:\windows\prefetch\RADMIN.EXE-AA8A596D.pf Deleted file - c:\windows\prefetch\RAPTR.EXE-02470396.pf Deleted file - c:\windows\prefetch\RAPTR_IM.EXE-7F7B4857.pf Deleted file - c:\windows\prefetch\REG.EXE-0AC99A87.pf Deleted file - c:\windows\prefetch\REG.EXE-A93A1343.pf Deleted file - c:\windows\prefetch\REGEDIT.EXE-0D49B425.pf Deleted file - c:\windows\prefetch\REGEDIT.EXE-DAB4D60B.pf Deleted file - c:\windows\prefetch\REMOVE.EXE-FD29F2DB.pf Deleted file - c:\windows\prefetch\ResPriHMStaticDb.ebd Deleted file - c:\windows\prefetch\RTKNGUI64.EXE-DFCC4DD4.pf Deleted file - c:\windows\prefetch\RUNDLL32.EXE-73D8365A.pf Deleted file - c:\windows\prefetch\RUNDLL32.EXE-75313621.pf Deleted file - c:\windows\prefetch\RUNDLL32.EXE-A03DB4F3.pf Deleted file - c:\windows\prefetch\RUNDLL32.EXE-A7DB9FAD.pf Deleted file - c:\windows\prefetch\RUNDLL32.EXE-F1A83E00.pf Deleted file - c:\windows\prefetch\RUNDLL32.EXE-F2505049.pf Deleted file - c:\windows\prefetch\RUNTIMEBROKER.EXE-4551A062.pf Deleted file - c:\windows\prefetch\SB.EXE-8B4F5760.pf Deleted file - c:\windows\prefetch\SC.EXE-F4E1A8F7.pf Deleted file - c:\windows\prefetch\SCHTASKS.EXE-8B6144A9.pf Deleted file - c:\windows\prefetch\SCHTASKS.EXE-DC1676CD.pf Deleted file - c:\windows\prefetch\SD2-INSTALLER.TMP-0A0A1BAF.pf Deleted file - c:\windows\prefetch\SD2-INSTALLER.TMP-12B7AA85.pf Deleted file - c:\windows\prefetch\SD2-INSTALLER.TMP-CB5647EF.pf Deleted file - c:\windows\prefetch\SD2-INSTALLER.TMP-D81178EC.pf Deleted file - c:\windows\prefetch\SDFILES.EXE-EE23FE2E.pf Deleted file - c:\windows\prefetch\SDROOTALYZER.EXE-A0CEF5DE.pf Deleted file - c:\windows\prefetch\SDTRAY.EXE-87DBA0BF.pf Deleted file - c:\windows\prefetch\SDUPDATE.EXE-4C875DCE.pf Deleted file - c:\windows\prefetch\SDWELCOME.EXE-851EC643.pf Deleted file - c:\windows\prefetch\SDWSCSVC.EXE-965D8674.pf Deleted file - c:\windows\prefetch\SEARCHFILTERHOST.EXE-44162447.pf Deleted file - c:\windows\prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf Deleted file - c:\windows\prefetch\SEARCHUI.EXE-E37A7C9C.pf Deleted file - c:\windows\prefetch\SECURITYCHECK.EXE-B4923FAD.pf Deleted file - c:\windows\prefetch\SECURITYCHECK.EXE-DCBBED7E.pf Deleted file - c:\windows\prefetch\SED.EXE-B4BBA369.pf Deleted file - c:\windows\prefetch\SETUP PROJECT64 1.6.EXE-480E98F3.pf Deleted file - c:\windows\prefetch\SETUP.EXE-3B16C028.pf Deleted file - c:\windows\prefetch\SHELLEXPERIENCEHOST.EXE-A392A97E.pf Deleted file - c:\windows\prefetch\SHORTCUT.EXE-53277B41.pf Deleted file - c:\windows\prefetch\SHUTDOWN.EXE-1692B741.pf Deleted file - c:\windows\prefetch\SHUTDOWN.EXE-6747E965.pf Deleted file - c:\windows\prefetch\SIHOST.EXE-115B507F.pf Deleted file - c:\windows\prefetch\SNDVOL.EXE-425BC49B.pf Deleted file - c:\windows\prefetch\SNIPPINGTOOL.EXE-B23F9DB3.pf Deleted file - c:\windows\prefetch\SORT.EXE-1E24D331.pf Deleted file - c:\windows\prefetch\SPOOLSV.EXE-BF1C7233.pf Deleted file - c:\windows\prefetch\SPOTIFY.EXE-4ED7C09D.pf Deleted file - c:\windows\prefetch\SPPSVC.EXE-96070FE0.pf Deleted file - c:\windows\prefetch\SPYBOT-2.4.TMP-582D508D.pf Deleted file - c:\windows\prefetch\SPYBOT-2.4.TMP-5E2DA204.pf Deleted file - c:\windows\prefetch\STEAM.EXE-D936A6F2.pf Deleted file - c:\windows\prefetch\STEAMSERVICE.EXE-2A912AE7.pf Deleted file - c:\windows\prefetch\STEAMWEBHELPER.EXE-4F926DC1.pf Deleted file - c:\windows\prefetch\SVCHOST.EXE-117C4441.pf Deleted file - c:\windows\prefetch\SVCHOST.EXE-4B0B02F5.pf Deleted file - c:\windows\prefetch\SVCHOST.EXE-4B98D760.pf Deleted file - c:\windows\prefetch\SVCHOST.EXE-C38EF8DD.pf Deleted file - c:\windows\prefetch\SVCHOST.EXE-D3C9EE4D.pf Deleted file - c:\windows\prefetch\SWREG.EXE-82F0F9BD.pf Deleted file - c:\windows\prefetch\SWXCACLS.EXE-C44A1955.pf Deleted file - c:\windows\prefetch\SYSTEMPROPERTIESPROTECTION.EX-81A2FDE2.pf Deleted file - c:\windows\prefetch\SYSTEMSETTINGS.EXE-1C9B0501.pf Deleted file - c:\windows\prefetch\SYSTEMSETTINGSADMINFLOWS.EXE-F74198E7.pf Deleted file - c:\windows\prefetch\SYSTEMSETTINGSBROKER.EXE-8BBE2894.pf Deleted file - c:\windows\prefetch\TASKENG.EXE-35FA9C06.pf Deleted file - c:\windows\prefetch\TASKHOSTW.EXE-2E5D4B75.pf Deleted file - c:\windows\prefetch\TASKKILL.EXE-0ECD41EC.pf Deleted file - c:\windows\prefetch\TASKMGR.EXE-4C8500BA.pf Deleted file - c:\windows\prefetch\TEST.EXE-26CE7CE7.pf Deleted file - c:\windows\prefetch\TILED.EXE-76DF6AF5.pf Deleted file - c:\windows\prefetch\TIWORKER.EXE-00EC8F00.pf Deleted file - c:\windows\prefetch\TORBROWSER-INSTALL-5.5.4_EN-U-E7AEF2EF.pf Deleted file - c:\windows\prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf Deleted file - c:\windows\prefetch\UNINS000.EXE-9949C075.pf Deleted file - c:\windows\prefetch\UNZIP.EXE-63111936.pf Deleted file - c:\windows\prefetch\UPGRADE.TMP-77A429D3.pf Deleted file - c:\windows\prefetch\UPGRADE.TMP-95B76A9A.pf Deleted file - c:\windows\prefetch\UTORRENT.EXE-89D74107.pf Deleted file - c:\windows\prefetch\VCREDIST_X64.EXE-790BD5CD.pf Deleted file - c:\windows\prefetch\VCREDIST_X86.EXE-641AD1E7.pf Deleted file - c:\windows\prefetch\VCREDIST_X86.EXE-8A862ADA.pf Deleted file - c:\windows\prefetch\VIRTUALBOX.EXE-9E789BB3.pf Deleted file - c:\windows\prefetch\VLC.EXE-73B04BFB.pf Deleted file - c:\windows\prefetch\VMNAT.EXE-B1E121A7.pf Deleted file - c:\windows\prefetch\VMPLAYER.EXE-3D235C97.pf Deleted file - c:\windows\prefetch\VMWARE-TRAY.EXE-88DD09DA.pf Deleted file - c:\windows\prefetch\VMWARE-UNITY-HELPER.EXE-8450D290.pf Deleted file - c:\windows\prefetch\VMWARE-VMX.EXE-638A80A7.pf Deleted file - c:\windows\prefetch\VMWARE-WORKSTATION-FULL-12.1.-06999AA8.pf Deleted file - c:\windows\prefetch\VMWARE.EXE-3F17B2A9.pf Deleted file - c:\windows\prefetch\VSSVC.EXE-6C8F0C66.pf Deleted file - c:\windows\prefetch\W40KWA.EXE-7D49038A.pf Deleted file - c:\windows\prefetch\WATERFOX 44.0.3 SETUP.EXE-7943AE00.pf Deleted file - c:\windows\prefetch\WERFAULT.EXE-155C56CF.pf Deleted file - c:\windows\prefetch\WERFAULT.EXE-661188F3.pf Deleted file - c:\windows\prefetch\WGET.EXE-72EFE500.pf Deleted file - c:\windows\prefetch\WINRAR.EXE-BA8CDB31.pf Deleted file - c:\windows\prefetch\WINSTORE.MOBILE.EXE-042D2254.pf Deleted file - c:\windows\prefetch\WINSTORE.MOBILE.EXE-C2D401C6.pf Deleted file - c:\windows\prefetch\WIRESHARK-WIN64-2.0.2.EXE-738A8C5A.pf Deleted file - c:\windows\prefetch\WLRMDR.EXE-A7C36FDD.pf Deleted file - c:\windows\prefetch\WMIADAP.EXE-BB21CD77.pf Deleted file - c:\windows\prefetch\WMIC.EXE-98223A30.pf Deleted file - c:\windows\prefetch\WMIPRVSE.EXE-39F97B2D.pf Deleted file - c:\windows\prefetch\WMIPRVSE.EXE-E8B8DD29.pf Deleted file - c:\windows\prefetch\WSCRIPT.EXE-7DB9834D.pf Deleted file - c:\windows\prefetch\WUAUCLT.EXE-5D573F0E.pf Deleted file - c:\windows\prefetch\XCOPY.EXE-D1A45190.pf Deleted file - c:\windows\prefetch\XNVIEW-WIN-SMALL.TMP-C96D0466.pf Deleted file - c:\windows\prefetch\XNVIEW.EXE-A8A3D980.pf Deleted file - c:\windows\prefetch\YYCHR.EXE-CD45B051.pf Deleted file - c:\windows\prefetch\ZHPCLEANER.EXE-89B37FC4.pf Deleted file - c:\windows\prefetch\ZOEK.EXE-66BD4DBD.pf Deleted file - c:\windows\prefetch\_IU14D2N.TMP-9A4F594E.pf Deleted file - c:\windows\prefetch\ReadyBoot\rblayout.xin Deleted file - c:\windows\prefetch\ReadyBoot\Trace3.fx Deleted file - c:\windows\prefetch\ReadyBoot\Trace4.fx Deleted file - c:\windows\prefetch\ReadyBoot\Trace5.fx Deleted file - c:\windows\prefetch\ReadyBoot\Trace6.fx Deleted file - c:\windows\prefetch\ReadyBoot\Trace7.fx ========= End of CMD: ========= ========= ipconfig /release ========= Windows IP Configuration Ethernet adapter Ethernet: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2601:185:8200:6ccc::2 IPv6 Address. . . . . . . . . . . : 2601:185:8200:6ccc:d5a8:ae5b:1356:8390 Temporary IPv6 Address. . . . . . : 2601:185:8200:6ccc:5fd:9362:ad46:f106 Link-local IPv6 Address . . . . . : fe80::d5a8:ae5b:1356:8390%3 Default Gateway . . . . . . . . . : fe80::5a23:8cff:fe39:db54%3 Ethernet adapter VirtualBox Host-Only Network: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::6473:37a3:308a:5206%10 IPv4 Address. . . . . . . . . . . : 192.168.56.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::1df3:12ac:66a:2300%7 Default Gateway . . . . . . . . . : Ethernet adapter VMware Network Adapter VMnet8: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::1432:1ef6:4c25:170f%4 Default Gateway . . . . . . . . . : Tunnel adapter Teredo Tunneling Pseudo-Interface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{E3B45422-7616-4318-8DB1-14CEE316F152}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{2D431E40-E286-4F32-B69E-3051C93E270D}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ========= End of CMD: ========= ========= ipconfig /renew ========= Windows IP Configuration An error occurred while renewing interface VMware Network Adapter VMnet1 : unable to contact your DHCP server. Request has timed out. An error occurred while renewing interface VMware Network Adapter VMnet8 : unable to contact your DHCP server. Request has timed out. Ethernet adapter Ethernet: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2601:185:8200:6ccc::2 IPv6 Address. . . . . . . . . . . : 2601:185:8200:6ccc:d5a8:ae5b:1356:8390 Temporary IPv6 Address. . . . . . : 2601:185:8200:6ccc:5fd:9362:ad46:f106 Link-local IPv6 Address . . . . . : fe80::d5a8:ae5b:1356:8390%3 IPv4 Address. . . . . . . . . . . : 10.0.0.20 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : fe80::5a23:8cff:fe39:db54%3 10.0.0.1 Ethernet adapter VirtualBox Host-Only Network: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::6473:37a3:308a:5206%10 IPv4 Address. . . . . . . . . . . : 192.168.56.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::1df3:12ac:66a:2300%7 Autoconfiguration IPv4 Address. . : 169.254.35.0 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : Ethernet adapter VMware Network Adapter VMnet8: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::1432:1ef6:4c25:170f%4 Autoconfiguration IPv4 Address. . : 169.254.23.15 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : Tunnel adapter isatap.{2D431E40-E286-4F32-B69E-3051C93E270D}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:90:ba6:cd76:8583 Link-local IPv6 Address . . . . . : fe80::90:ba6:cd76:8583%8 Default Gateway . . . . . . . . . : Tunnel adapter isatap.{E3B45422-7616-4318-8DB1-14CEE316F152}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{9E0238F0-55A4-46F1-8326-FDDDDFE984DE}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Tunnel adapter isatap.{077639F1-6E84-4054-89B7-35834E3074D8}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : ========= End of CMD: ========= ========= netsh int ip reset ========= Resetting Global, OK! Resetting Interface, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting , failed. Access is denied. Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state On ========= Ok. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => 34.3 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 15:35:15 ====
  2. Oh? sorry about that... here you go...... # AdwCleaner v5.110 - Logfile created 12/04/2016 at 14:42:16 # Updated 10/04/2016 by Xplode # Database : 2016-04-11.4 [Server] # Operating system : Windows 10 Home (X64) # Username : PC - DESKTOP-27EEDT1 # Running from : C:\Users\PC\Downloads\adwcleaner_5.110.exe # Option : Scan # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [912 bytes] - [12/04/2016 14:27:53] C:\AdwCleaner\AdwCleaner[S1].txt - [751 bytes] - [12/04/2016 14:26:30] C:\AdwCleaner\AdwCleaner[S2].txt - [745 bytes] - [12/04/2016 14:42:16] ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [817 bytes] ########## Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01 Ran by PC (2016-04-12 14:30:55) Running from C:\Users\PC\Downloads Windows 10 Home Version 1511 (X64) (2016-04-06 00:18:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2143556981-4036127371-3801377323-500 - Administrator - Enabled) DefaultAccount (S-1-5-21-2143556981-4036127371-3801377323-503 - Limited - Disabled) Guest (S-1-5-21-2143556981-4036127371-3801377323-501 - Limited - Enabled) PC (S-1-5-21-2143556981-4036127371-3801377323-1002 - Administrator - Enabled) => C:\Users\PC ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\uTorrent) (Version: 3.4.6.42094 - BitTorrent Inc.) ACP Application (Version: 2016.0403.2316.14 - Advanced Micro Devices, Inc.) Hidden Advanced Port Scanner 2.4 (HKLM-x32\...\{10F177CF-543F-4BC2-A297-DBF73709D3C5}) (Version: 2.4.2750 - Famatech) AdVenture Capitalist (HKLM\...\Steam App 346900) (Version: - Hyper Hippo Games) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Catalyst Control Center Next Localization BR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve) Desura (HKLM-x32\...\Desura) (Version: 100.64 - Desura) Desura: Hacknet (2012) (HKLM-x32\...\Desura_71360881623072) (Version: Full - Orann) F.E.A.R. 2: Project Origin (HKLM\...\Steam App 16450) (Version: - Monolith) foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski) GameMaker: Studio (HKLM\...\Steam App 214850) (Version: - YoYo Games Ltd.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - ) Lemurzin (HKLM\...\Steam App 415490) (Version: - Kut Stupid) LibreOffice 5.1.2.2 (HKLM\...\{7A6851F9-0867-4CB4-9017-35ECA0CBA162}) (Version: 5.1.2.2 - The Document Foundation) Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version: - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Small Basic v1.2 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.2.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation) MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.13.2 - OBS Project) Oracle VM VirtualBox 5.0.16 (HKLM\...\{F2E958A1-9215-4C7D-9A2E-F0740B8CA5B7}) (Version: 5.0.16 - Oracle Corporation) osu! (HKLM-x32\...\{e51be98e-7a63-4468-a4ac-c3cc5d0258cc}) (Version: latest - ppy Pty Ltd) PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.9.1-r111300-release - Plays.tv, LLC) Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation) Radmin Viewer 3.5 (HKLM-x32\...\{199127DC-7BDB-41AB-825B-4229A86F8F0D}) (Version: 3.50.0000 - Famatech) Raptr (HKLM-x32\...\Raptr) (Version: 5.1.1-r111306-release - Raptr, Inc) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.) Rome: Total War - Alexander (HKLM\...\Steam App 4770) (Version: - The Creative Assembly) Spiral Knights (HKLM\...\Steam App 99900) (Version: - Three Rings) Spotify (HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\Spotify) (Version: 1.0.26.132.ga4e3ccee - Spotify AB) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer) Tiled (HKLM\...\{EEE1AB8A-6254-4692-BFF7-AB2A0BBCEECE}) (Version: 0.16.0 - mapeditor.org) Tropico 5 (HKLM\...\Steam App 245620) (Version: - Haemimont Games) Two Worlds II (HKLM\...\Steam App 7520) (Version: - Reality Pump Studios) VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN) VMware Workstation (HKLM\...\{0AD91785-F9BD-47FD-84F7-9E27B5A1853D}) (Version: 12.1.0 - VMware, Inc.) Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.) Warhammer 40,000: Dawn of War – Winter Assault (HKLM\...\Steam App 9310) (Version: - Relic Entertainment) Waterfox 44.0.3 (x64 en-US) (HKLM\...\Waterfox 44.0.3 (x64 en-US)) (Version: 44.0.3 - Mozilla) WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) XnView 2.35 (HKLM-x32\...\XnView_is1) (Version: 2.35 - Gougelet Pierre-e) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2143556981-4036127371-3801377323-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\PC\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {50A64AC1-B65D-458D-918F-7B93D9F5FD2C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.) Task: {8604C56F-CE11-43D0-A4A2-56C7F9FF4D6D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.) Task: {A9390A16-2E67-4E3D-8E3B-6BA68DCD6B97} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.) Task: {B4EF2644-4F49-48F9-B79E-3B1E8E4E8BEF} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-04-04] (Advanced Micro Devices, Inc.) Task: {B85083C4-9332-4DEE-95EA-3BBE0614B098} - \AutoPico Daily Restart -> No File <==== ATTENTION Task: {CA6A2C4D-9640-41E5-BA3B-9100D0A0842C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05] (Google Inc.) Task: {E1371C23-363B-4C5B-8738-E9299A8A71DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-05] (Google Inc.) Task: {EB156B06-EFD9-4FD3-8EF1-9C5E259F7DC5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-11-25 18:09 - 2015-11-25 18:09 - 12462784 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe 2016-04-05 21:05 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-05 21:05 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-03-28 11:07 - 2016-03-28 11:07 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2016-04-05 21:13 - 2016-04-05 21:13 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-04-05 21:04 - 2016-02-23 01:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-02-13 05:54 - 2016-02-13 05:54 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-02-13 05:54 - 2016-02-13 05:54 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-02-13 05:54 - 2016-02-13 05:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-02-13 05:54 - 2016-02-13 05:54 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-11-24 13:48 - 2015-11-24 13:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd 2015-11-24 13:46 - 2015-11-24 13:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll 2015-11-24 13:48 - 2015-11-24 13:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd 2015-11-24 13:48 - 2015-11-24 13:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd 2015-11-24 13:43 - 2015-11-24 13:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd 2015-11-24 13:48 - 2015-11-24 13:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd 2015-11-24 13:48 - 2015-11-24 13:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd 2015-11-24 13:48 - 2015-11-24 13:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd 2015-11-24 13:43 - 2015-11-24 13:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd 2015-11-24 13:43 - 2015-11-24 13:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd 2015-11-24 13:43 - 2015-11-24 13:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd 2015-11-24 13:46 - 2015-11-24 13:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll 2015-11-24 13:48 - 2015-11-24 13:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd 2015-11-24 13:47 - 2015-11-24 13:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd 2015-12-07 13:57 - 2015-12-07 13:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd 2015-11-24 13:47 - 2015-11-24 13:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd 2015-11-24 13:47 - 2015-11-24 13:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd 2015-11-24 13:47 - 2015-11-24 13:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd 2015-11-24 13:43 - 2015-11-24 13:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd 2016-04-12 09:45 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2016-04-12 09:45 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2016-04-12 09:45 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2016-04-12 09:45 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2015-11-25 18:09 - 2015-11-25 18:09 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll 2015-11-25 18:09 - 2015-11-25 18:09 - 00165056 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll 2015-11-25 18:09 - 2015-11-25 18:09 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll 2015-11-25 18:09 - 2015-11-25 18:09 - 00388800 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll 2016-04-05 21:13 - 2016-04-05 21:13 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-05 20:31 - 2016-03-10 17:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-04-05 20:31 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-04-05 20:31 - 2016-03-31 13:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll 2016-04-05 20:31 - 2016-02-08 16:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-04-05 20:31 - 2016-02-08 16:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-04-05 20:31 - 2016-02-08 16:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-04-05 20:31 - 2016-02-08 16:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-04-05 20:31 - 2016-02-08 16:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-04-05 20:31 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-04-05 20:31 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-04-05 20:31 - 2016-03-31 13:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-04-05 20:31 - 2016-02-17 15:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2016-04-05 20:31 - 2016-02-08 18:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll 2016-04-11 15:28 - 2016-04-06 03:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll 2016-04-11 15:28 - 2016-04-06 03:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-04-05 09:10 - 2016-04-05 09:08 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\PC\Pictures\background.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "PlaysTV" HKLM\...\StartupApproved\Run32: => "Raptr" HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\StartupApproved\Run: => "Spotify" HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\StartupApproved\Run: => "Spotify Web Helper" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{12CC6BF4-A39B-429B-8E25-262047B5BFEB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BAB6856B-C692-4923-AAB2-1EC2F8E98EE8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{8401B3DC-0CBC-478C-9BC7-1006752953EB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{F6847DAE-50B1-4280-AC18-D3AF3D7D7D68}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{C8C56163-5934-47D2-ADA7-B968D588F4E5}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{1C19BD88-5E14-41BC-B018-BB0126294535}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{2FCE5235-E643-418C-867D-598898E6B800}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{B0DBAEB8-275B-4960-A756-13409048EA1C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{F55832E6-4CF0-4549-8831-DBAD4EBE4842}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{E4DE2266-4CA2-4126-8807-D4A5BC2FE8F4}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{8B71DE3E-AE31-4F4D-96BB-B27A00538465}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9A27D433-B4E5-477E-A202-3BB720E0E962}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{013D6B2D-3F27-4F2B-945B-1AAADCE71D8A}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{2D30CD29-8950-423C-B644-7241DFEC375F}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A344ADF7-7BA5-4277-8E51-8DC77DE60A7B}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4EA293E9-E330-4446-A4EB-90F05A557E09}] => (Allow) C:\Users\PC\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{3FDA1004-88FD-4E0B-B819-C316521568EF}] => (Allow) E:\SteamLibrary\steamapps\common\Tropico 5\Tropico5Steam.exe FirewallRules: [{D3CB82A3-A26C-4D5C-AD93-560F2D830B45}] => (Allow) E:\SteamLibrary\steamapps\common\Tropico 5\Tropico5Steam.exe FirewallRules: [{FE63BAA7-6CBE-48C5-B7A5-731C73EF81B8}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{B1D7846D-85A3-4E8B-A929-D9E46B2AE042}] => (Allow) E:\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe FirewallRules: [{C06C416E-107E-4694-A1C8-BB7869FC8881}] => (Allow) E:\SteamLibrary\steamapps\common\Rome Total War Alexander\testappa.exe FirewallRules: [{09D13196-55BB-4D5C-BE8C-4739CE40B178}] => (Allow) E:\SteamLibrary\steamapps\common\Rome Total War Alexander\testappa.exe FirewallRules: [{E3FCB9B4-D297-4862-A38B-69AAC472B844}] => (Allow) E:\SteamLibrary\steamapps\common\FEAR2\FEAR2.exe FirewallRules: [{648EA6DF-5FD8-4B55-966D-5D7613E9AA89}] => (Allow) E:\SteamLibrary\steamapps\common\FEAR2\FEAR2.exe FirewallRules: [{A4049B2B-3AE5-4609-94A5-895D1D90F135}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\gamemaker_studio\GameMakerPlayer.exe FirewallRules: [{682793FE-2447-4040-9412-5BF35042604A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\gamemaker_studio\GameMakerPlayer.exe FirewallRules: [{5A059165-813F-41D8-809F-0CAEF71B029D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spiral Knights\java_vm\bin\javaw.exe FirewallRules: [{5A88BA36-FF64-4ECD-B2FA-67C785CA6782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spiral Knights\java_vm\bin\javaw.exe FirewallRules: [TCP Query User{AE7CFE17-CB15-4B6A-A310-981160C88A4E}C:\users\pc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pc\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{C1105E86-DFD3-4750-AC1F-6B1B8D7793FD}C:\users\pc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pc\appdata\roaming\spotify\spotify.exe FirewallRules: [{D09114C9-E29C-490B-8B64-43E51A97699C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe FirewallRules: [{983A2859-94DE-40EB-8BDD-CB76F60BAAEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AdVenture Capitalist\adventure-capitalist.exe FirewallRules: [{6B7A67A6-6FA4-46DE-ABEE-9050C6EC4497}] => (Allow) E:\SteamLibrary\steamapps\common\Dawn of War Gold\W40kWA.exe FirewallRules: [{EEDBE400-2940-4051-BD1A-EBD02165DD6A}] => (Allow) E:\SteamLibrary\steamapps\common\Dawn of War Gold\W40kWA.exe FirewallRules: [{3D8B7423-46D9-4238-BE0B-F0305D163F97}] => (Allow) E:\SteamLibrary\steamapps\common\Two Worlds II\TwoWorlds2.exe FirewallRules: [{68F14A96-D85C-4E30-A943-EB911A89B8AB}] => (Allow) E:\SteamLibrary\steamapps\common\Two Worlds II\TwoWorlds2.exe FirewallRules: [{F88B31CC-6D36-4268-BAD1-03FAFCA3663D}] => (Allow) E:\SteamLibrary\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe FirewallRules: [{6BFF489A-6048-4A90-8CD1-010F73F492F8}] => (Allow) E:\SteamLibrary\steamapps\common\Two Worlds II\TwoWorlds2_DX10.exe FirewallRules: [{C53B1EBD-69F9-4767-843A-4248C8FBC6D1}] => (Allow) E:\SteamLibrary\steamapps\common\Lemurzin\Lemurzin.exe FirewallRules: [{0A578F56-4030-4712-8DAF-7707A6C79A16}] => (Allow) E:\SteamLibrary\steamapps\common\Lemurzin\Lemurzin.exe FirewallRules: [{17A05482-EA67-4C22-AD8B-06FBF3A6F6E5}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{046F684A-6748-4D6D-B3B1-F857EF34C118}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{F5A40F6A-2A8B-438E-8449-8EA0E307A2E6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{46673DF0-FD43-4B1B-B254-81424DE59DBD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{66053646-02A3-425C-A6DF-88B493E54403}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{45C1355C-F06C-4033-906E-1C9B68279778}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{EA1C27D8-6905-47B4-A88F-1D894422DF14}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4966670D-F40E-4F0F-9A7E-BEC413506174}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{ADEFF7C0-ED57-42DE-9451-ACFF3954C68C}] => (Allow) C:\Program Files\Waterfox\waterfox.exe FirewallRules: [{AD289A42-2C09-427C-8B8C-61E1A2B7CD01}] => (Allow) C:\Program Files\Waterfox\waterfox.exe FirewallRules: [{EEDB100F-CDB1-48FA-8355-192409329983}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 09-04-2016 20:52:13 Installed VMware Workstation 12-04-2016 09:52:49 Windows Modules Installer ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/12/2016 02:16:47 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: desura.exe, version: 0.0.20.2, time stamp: 0x54f16e34 Faulting module name: gmock.dll, version: 0.0.0.0, time stamp: 0x54f16e76 Exception code: 0xc0000005 Fault offset: 0x0001aedc Faulting process id: 0x19c8 Faulting application start time: 0xdesura.exe0 Faulting application path: desura.exe1 Faulting module path: desura.exe2 Report Id: desura.exe3 Faulting package full name: desura.exe4 Faulting package-relative application ID: desura.exe5 Error: (04/12/2016 02:01:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-27EEDT1) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/12/2016 01:03:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-27EEDT1) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/12/2016 01:03:53 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-27EEDT1) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/12/2016 12:29:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-27EEDT1) Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/12/2016 11:53:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: hello world.exe, version: 0.0.0.0, time stamp: 0x570d440b Faulting module name: KERNELBASE.dll, version: 10.0.10586.162, time stamp: 0x56cd45b4 Exception code: 0xe0434352 Fault offset: 0x0000000000071f28 Faulting process id: 0xd7c Faulting application start time: 0xhello world.exe0 Faulting application path: hello world.exe1 Faulting module path: hello world.exe2 Report Id: hello world.exe3 Faulting package full name: hello world.exe4 Faulting package-relative application ID: hello world.exe5 Error: (04/12/2016 11:53:15 AM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: hello world.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.OverflowException at System.Decimal.FCallMultiply(System.Decimal ByRef, System.Decimal ByRef) at Microsoft.SmallBasic.Library.Primitive.Multiply(Microsoft.SmallBasic.Library.Primitive) at _SmallBasicProgram._Main() Error: (04/12/2016 09:59:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-27EEDT1) Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/12/2016 09:59:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-27EEDT1) Description: Activation of app Microsoft.CommsPhone_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/12/2016 09:59:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-27EEDT1) Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (04/12/2016 02:28:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Search service failed to start due to the following error: %%1069 Error: (04/12/2016 02:28:21 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: %%50 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (04/12/2016 02:28:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-27EEDT1) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (04/12/2016 02:28:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-27EEDT1) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (04/12/2016 02:28:06 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-27EEDT1) Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Error: (04/12/2016 02:28:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_2e46d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (04/12/2016 02:28:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (04/12/2016 02:27:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/12/2016 02:27:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (04/12/2016 02:27:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Steam Client Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-04-12 09:54:17.978 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-09 20:52:52.266 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-08 16:17:44.069 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-08 16:17:08.689 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 16:53:18.070 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-06 14:53:06.518 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-05 17:46:06.919 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-04-05 20:37:59.027 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-111298.dll that did not meet the Store signing level requirements. Date: 2016-04-05 20:37:59.020 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Raptr Inc\PlaysTV\ltc_help64-111298.dll that did not meet the Store signing level requirements. Date: 2016-04-05 20:34:46.322 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G Percentage of memory in use: 32% Total physical RAM: 7103.78 MB Available physical RAM: 4805.11 MB Total Virtual: 8255.78 MB Available Virtual: 5666.32 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:51.73 GB) (Free:5.69 GB) NTFS Drive d: (RESERVED) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS Drive e: () (Fixed) (Total:282.99 GB) (Free:208.47 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: E0282187) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=283 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  3. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01 Ran by PC (administrator) on DESKTOP-27EEDT1 (12-04-2016 14:30:22) Running from C:\Users\PC\Downloads Loaded Profiles: PC (Available Profiles: PC) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (VMware, Inc.) C:\Windows\syswow64\vmnat.exe (Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (VMware, Inc.) C:\Windows\syswow64\vmnetdhcp.exe (Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-04-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-03-31] (Plays.tv, LLC) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-01] (Raptr, Inc) HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-11-25] (VMware, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation) HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\Run: [Spotify Web Helper] => C:\Users\PC\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1524336 2016-04-07] (Spotify Ltd) HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\Run: [Spotify] => C:\Users\PC\AppData\Roaming\Spotify\Spotify.exe [6891120 2016-04-07] (Spotify Ltd) HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-2143556981-4036127371-3801377323-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll" Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll" Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll" Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll" Tcpip\..\Interfaces\{077639f1-6e84-4054-89b7-35834e3074d8}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== FireFox: ======== FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\sqrdysbl.default FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-05] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-05] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-05] CHR Extension: (Google Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-05] CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-05] CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-05] CHR Extension: (uBlock) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2016-04-06] CHR Extension: (Google Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-05] CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-05] CHR Extension: (Minimal Modern) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgcdmgdfnieebdpkopialjdofdjbdmcg [2016-04-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05] CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-05] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-04-03] (Advanced Micro Devices) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-03-31] (Plays.tv, LLC) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH) R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12462784 2015-11-25] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [296648 2016-04-03] (Advanced Micro Devices) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-04-03] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102400 2016-04-03] (Advanced Micro Devices) S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-03-26] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-03-26] (Disc Soft Ltd) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-12] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) S3 sscdserd; C:\Windows\System32\drivers\sscdserd.sys [158024 2016-01-08] (MCCI Corporation) S3 ssceserd; C:\Windows\System32\drivers\ssceserd.sys [158024 2016-01-08] (MCCI Corporation) S3 ssuddmgr; C:\Windows\System32\drivers\ssuddmgr.sys [213088 2016-01-08] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudobex; C:\Windows\System32\drivers\ssudobex.sys [213088 2016-01-08] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ssudqcfilter; C:\Windows\System32\drivers\ssudqcfilter.sys [55904 2016-01-08] (QUALCOMM Incorporated) S3 ssudrmnet; C:\Windows\System32\drivers\ssudrmnet.sys [77408 2016-01-08] (DEVGURU Co., LTD.) S3 ssudserd; C:\Windows\System32\drivers\ssudserd.sys [213088 2016-01-08] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [33376 2016-01-08] (DEVGURU Co., LTD.) R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205784 2016-03-04] (Oracle Corporation) R2 VMparport; C:\WINDOWS\system32\drivers\VMparport.sys [31936 2015-11-25] (VMware, Inc.) R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.) R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-12 14:30 - 2016-04-12 14:30 - 03465280 _____ C:\Users\PC\Downloads\adwcleaner_5.110 (1).exe 2016-04-12 14:30 - 2016-04-12 14:30 - 00013190 _____ C:\Users\PC\Downloads\FRST.txt 2016-04-12 14:30 - 2016-04-12 14:30 - 00000000 ____D C:\FRST 2016-04-12 14:27 - 2016-04-12 14:27 - 02375168 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe 2016-04-12 14:25 - 2016-04-12 14:27 - 00000000 ____D C:\AdwCleaner 2016-04-12 14:25 - 2016-04-12 14:25 - 03465280 _____ C:\Users\PC\Downloads\adwcleaner_5.110.exe 2016-04-12 14:17 - 2016-04-12 14:17 - 00000000 ____D C:\Users\PC\Documents\Virtual Machines 2016-04-12 13:56 - 2016-04-12 14:04 - 392167424 _____ C:\Users\PC\Downloads\openSUSE-Tumbleweed-DVD-x86_64-Snapshot20160408-Media.iso 2016-04-12 11:30 - 2016-04-12 11:32 - 00000000 ____D C:\Users\PC\Documents\Small Basic 2016-04-12 11:29 - 2016-04-12 11:29 - 07340032 _____ C:\Users\PC\Downloads\SmallBasic.msi 2016-04-12 11:29 - 2016-04-12 11:29 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Small Basic 2016-04-12 11:29 - 2016-04-12 11:29 - 00000000 ____D C:\Users\PC\AppData\Local\SmallBasic 2016-04-12 11:19 - 2016-04-12 11:19 - 00000000 ____D C:\Users\PC\Documents\C 2016-04-12 11:09 - 2016-04-12 11:09 - 00000000 ____D C:\Users\PC\Documents\ProcAlyzer Dumps 2016-04-12 10:45 - 2016-04-12 10:45 - 00000789 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk 2016-04-12 10:43 - 2016-04-12 10:43 - 43786008 _____ C:\Users\PC\Downloads\torbrowser-install-5.5.4_en-US.exe 2016-04-12 09:45 - 2016-04-12 09:45 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2016-04-12 09:45 - 2016-04-12 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2016-04-12 09:45 - 2015-06-16 17:32 - 00020760 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe 2016-04-11 21:46 - 2016-04-11 21:46 - 00000000 ____H C:\Users\PC\Documents\Default.rdp 2016-04-11 21:33 - 2016-04-11 21:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\PC\Downloads\spybot-2.4.exe 2016-04-11 21:26 - 2016-04-11 21:30 - 47535128 _____ (Wireshark development team) C:\Users\PC\Downloads\Wireshark-win64-2.0.2.exe 2016-04-11 20:57 - 2016-04-11 20:57 - 06868672 _____ (Piriform Ltd) C:\Users\PC\Downloads\ccsetup516.exe 2016-04-11 20:57 - 2016-04-11 20:57 - 00002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2016-04-11 20:57 - 2016-04-11 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-04-11 20:57 - 2016-04-11 20:57 - 00000000 ____D C:\Program Files\CCleaner 2016-04-11 19:00 - 2016-04-11 19:04 - 00000085 _____ C:\WINDOWS\wininit.ini 2016-04-11 16:26 - 2016-04-11 16:27 - 759169024 _____ C:\Users\PC\Downloads\archlinux-2016.04.01-dual.iso 2016-04-10 20:57 - 2016-04-10 20:57 - 87031048 _____ C:\Users\PC\Downloads\OBS-Studio-0.13.2-With-Browser-Installer(1).exe 2016-04-10 19:47 - 2016-04-10 19:47 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA 2016-04-10 19:44 - 2016-04-10 19:44 - 00000000 ____D C:\Users\PC\AppData\Local\Desura 2016-04-10 19:19 - 2016-04-10 19:19 - 00000013 _____ C:\Users\PC\Documents\royal king ip.txt 2016-04-10 17:00 - 2016-04-10 17:00 - 87031048 _____ C:\Users\PC\Downloads\OBS-Studio-0.13.2-With-Browser-Installer.exe 2016-04-10 16:57 - 2016-04-10 16:58 - 00000000 ____D C:\Users\PC\AppData\Roaming\Mozilla 2016-04-10 16:57 - 2016-04-10 16:57 - 00000963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk 2016-04-10 16:57 - 2016-04-10 16:57 - 00000000 ____D C:\Users\PC\AppData\Local\Mozilla 2016-04-10 16:57 - 2016-04-10 16:57 - 00000000 ____D C:\Program Files\Waterfox 2016-04-10 16:56 - 2016-04-10 16:56 - 73671632 _____ C:\Users\PC\Downloads\Waterfox 44.0.3 Setup.exe 2016-04-10 16:34 - 2016-04-10 21:37 - 00000000 ____D C:\Users\PC\AppData\Roaming\obs-studio 2016-04-10 16:32 - 2016-04-10 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio 2016-04-10 16:32 - 2016-04-10 16:32 - 00000000 ____D C:\Program Files (x86)\obs-studio 2016-04-10 16:31 - 2016-04-10 16:31 - 36203480 _____ C:\Users\PC\Downloads\OBS-Studio-0.13.4-Installer.exe 2016-04-10 16:26 - 2016-04-11 23:09 - 00000598 _____ C:\Users\PC\advanced_port_scanner_Favorites.bin 2016-04-10 16:26 - 2016-04-11 22:50 - 00000864 _____ C:\Users\PC\advanced_port_scanner_MAC.bin 2016-04-10 16:05 - 2016-04-10 16:05 - 00000000 ____D C:\Users\PC\AppData\Local\Advanced Port Scanner 2 2016-04-10 16:05 - 2016-04-10 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner v2 2016-04-10 16:05 - 2016-04-10 16:05 - 00000000 ____D C:\Program Files (x86)\Advanced Port Scanner 2016-04-10 16:03 - 2016-04-10 16:03 - 08830152 _____ (Famatech Corp. ) C:\Users\PC\Downloads\pscan24.exe 2016-04-10 16:00 - 2016-04-10 16:00 - 07018045 _____ C:\Users\PC\Downloads\radmin35.zip 2016-04-10 16:00 - 2016-04-10 16:00 - 00000000 ____D C:\Users\PC\AppData\Roaming\Radmin 2016-04-10 16:00 - 2016-04-10 16:00 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Radmin Viewer 3 2016-04-10 16:00 - 2016-04-10 16:00 - 00000000 ____D C:\Program Files (x86)\Radmin Viewer 3 2016-04-10 14:43 - 2016-04-10 14:43 - 00000000 ____D C:\Program Files\Common Files\AV 2016-04-10 14:40 - 2016-04-10 16:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\vlc 2016-04-10 14:37 - 2016-04-10 14:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking 2016-04-10 14:36 - 2016-04-12 09:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-04-10 14:36 - 2016-04-12 09:45 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-04-10 14:36 - 2016-04-10 14:36 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1 2016-04-10 14:36 - 2016-04-10 14:36 - 00000000 ____D C:\Program Files\LibreOffice 5 2016-04-10 14:35 - 2016-04-10 14:35 - 00001950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk 2016-04-10 14:35 - 2016-04-10 14:35 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-04-10 14:35 - 2016-04-10 14:35 - 00001104 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2016-04-10 14:35 - 2016-04-10 14:35 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2016-04-10 14:35 - 2016-04-10 14:35 - 00000000 ____D C:\Users\PC\AppData\Roaming\TeamViewer 2016-04-10 14:35 - 2016-04-10 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-04-10 14:35 - 2016-04-10 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn 2016-04-10 14:35 - 2016-04-10 14:35 - 00000000 ____D C:\Program Files\VideoLAN 2016-04-10 14:35 - 2016-04-10 14:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-04-10 14:35 - 2016-04-10 14:35 - 00000000 ____D C:\Program Files (x86)\Audacity 2016-04-10 14:34 - 2016-04-10 14:35 - 00000000 ____D C:\Program Files (x86)\ImgBurn 2016-04-10 14:34 - 2016-04-10 14:34 - 00307200 _____ (Secure By Design Inc.) C:\Users\PC\Downloads\Ninite Audacity ImgBurn LibreOffice Python Installer.exe 2016-04-10 14:34 - 2016-04-10 14:34 - 00000000 ____D C:\Python27 2016-04-10 14:34 - 2016-04-10 14:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7 2016-04-10 00:20 - 2016-04-10 00:25 - 2945482752 _____ C:\Users\PC\Downloads\kali-linux-2016.1-amd64.iso 2016-04-09 20:54 - 2016-04-12 14:17 - 00000000 ____D C:\Users\PC\AppData\Roaming\VMware 2016-04-09 20:54 - 2016-04-12 14:16 - 00000000 ____D C:\Users\PC\AppData\Local\VMware 2016-04-09 20:53 - 2015-11-25 18:10 - 00934080 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll 2016-04-09 20:53 - 2015-11-25 18:10 - 00392896 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe 2016-04-09 20:53 - 2015-11-25 18:10 - 00358080 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe 2016-04-09 20:53 - 2015-11-25 18:10 - 00066752 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys 2016-04-09 20:53 - 2015-11-25 18:10 - 00033472 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\VMkbd.sys 2016-04-09 20:53 - 2015-11-25 18:10 - 00031936 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\VMparport.sys 2016-04-09 20:53 - 2015-11-25 17:52 - 00026816 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys 2016-04-09 20:53 - 2015-11-06 11:57 - 00062160 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmusb.sys 2016-04-09 20:53 - 2015-11-06 11:57 - 00057536 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys 2016-04-09 20:53 - 2015-11-05 19:25 - 00075512 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys 2016-04-09 20:53 - 2015-11-05 19:25 - 00068288 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll 2016-04-09 20:53 - 2015-11-05 19:25 - 00064192 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll 2016-04-09 20:52 - 2016-04-12 14:28 - 00000000 ____D C:\ProgramData\VMware 2016-04-09 20:52 - 2016-04-09 20:52 - 00896880 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-04-09 20:52 - 2016-04-09 20:52 - 00001024 _____ C:\WINDOWS\SysWOW64\%TMP% 2016-04-09 20:52 - 2016-04-09 20:52 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines 2016-04-09 20:52 - 2016-04-09 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2016-04-09 20:52 - 2016-04-09 20:52 - 00000000 ____D C:\Program Files\Common Files\VMware 2016-04-09 20:52 - 2016-04-09 20:52 - 00000000 ____D C:\Program Files (x86)\VMware 2016-04-09 20:49 - 2016-04-09 20:50 - 307503264 _____ (VMware, Inc.) C:\Users\PC\Downloads\VMware-workstation-full-12.1.0-3272444.exe 2016-04-09 15:49 - 2016-04-12 11:04 - 00000000 ____D C:\Users\PC\Documents\Website 2016-04-09 15:04 - 2016-04-09 15:10 - 780140544 _____ C:\Users\PC\Downloads\lubuntu-15.10-desktop-amd64.iso 2016-04-09 14:27 - 2016-04-09 14:31 - 1581383680 _____ C:\Users\PC\Downloads\linuxmint-17.3-cinnamon-64bit.iso 2016-04-09 10:55 - 2016-04-09 10:55 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Virtual Campus Lda 2016-04-09 10:55 - 2016-04-09 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-04-09 10:48 - 2016-04-09 10:48 - 00000000 ____D C:\ProgramData\Desura 2016-04-09 10:47 - 2016-04-12 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura 2016-04-09 10:47 - 2016-04-09 10:52 - 00000000 ____D C:\Program Files (x86)\Desura 2016-04-09 10:44 - 2016-04-09 10:45 - 41790200 _____ C:\Users\PC\Downloads\DesuraInstaller.exe 2016-04-09 09:47 - 2016-04-09 09:47 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2016-04-09 08:27 - 2016-04-09 08:29 - 00000000 ____D C:\Program Files (x86)\Project64 1.6 2016-04-09 08:27 - 2016-04-09 08:28 - 26999427 _____ C:\Users\PC\Downloads\Legend of Zelda, The - Ocarina of Time (USA).zip 2016-04-09 08:27 - 2016-04-09 08:27 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6 2016-04-09 08:26 - 2016-04-09 08:27 - 02080797 _____ (Project64 ) C:\Users\PC\Downloads\setup Project64 1.6.exe 2016-04-09 00:07 - 2016-04-09 14:29 - 00000000 ____D C:\Users\PC\AppData\Roaming\Notepad++ 2016-04-09 00:07 - 2016-04-09 00:07 - 04203840 _____ C:\Users\PC\Downloads\npp.6.9.1.Installer.exe 2016-04-09 00:07 - 2016-04-09 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2016-04-09 00:07 - 2016-04-09 00:07 - 00000000 ____D C:\Program Files (x86)\Notepad++ 2016-04-09 00:05 - 2016-04-09 00:05 - 04239793 _____ C:\Users\PC\Downloads\livestreamer-v1.12.2-win32-setup (1).exe 2016-04-08 23:59 - 2016-04-09 00:13 - 00000000 ____D C:\Users\PC\AppData\Roaming\livestreamer 2016-04-08 23:59 - 2016-04-08 23:59 - 04239793 _____ C:\Users\PC\Downloads\livestreamer-v1.12.2-win32-setup.exe 2016-04-08 23:59 - 2016-04-08 23:59 - 00000000 ____D C:\Program Files (x86)\Livestreamer 2016-04-08 23:57 - 2016-04-08 23:57 - 00963012 _____ C:\Users\PC\Downloads\livestreamer-develop.zip 2016-04-08 23:40 - 2016-04-08 23:40 - 15786777 _____ C:\Users\PC\Downloads\Hozier - Take Me To Church.mp4 2016-04-08 23:39 - 2016-04-11 20:59 - 00000000 ____D C:\Users\PC\AppData\Roaming\MPC-HC 2016-04-08 23:39 - 2016-04-08 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64 2016-04-08 23:39 - 2016-04-08 23:39 - 00000000 ____D C:\Program Files\MPC-HC 2016-04-08 23:38 - 2016-04-08 23:38 - 13395440 _____ (MPC-HC Team ) C:\Users\PC\Downloads\MPC-HC.1.7.10.x64.exe 2016-04-08 23:33 - 2016-04-11 20:59 - 00000000 ____D C:\Users\PC\AppData\Roaming\XnView 2016-04-08 23:32 - 2016-04-08 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView 2016-04-08 23:32 - 2016-04-08 23:32 - 00000000 ____D C:\Program Files (x86)\XnView 2016-04-08 23:31 - 2016-04-08 23:32 - 03022992 _____ (Gougelet Pierre-e ) C:\Users\PC\Downloads\XnView-win-small.exe 2016-04-08 22:54 - 2016-04-08 23:11 - 00000000 ____D C:\Foobar 2016-04-08 22:28 - 2016-04-08 22:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-04-08 22:14 - 2016-04-08 23:23 - 00000000 ____D C:\Steam unvierse 2016-04-08 19:31 - 2016-04-10 16:20 - 00000029 _____ C:\Users\PC\Documents\mcselfish ip.txt 2016-04-08 18:14 - 2016-04-08 18:14 - 00563506 _____ C:\Users\PC\Downloads\yy-chr20120407_en.zip 2016-04-08 17:29 - 2016-04-12 14:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-04-08 17:29 - 2016-04-08 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-04-08 17:29 - 2016-04-08 17:29 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-04-08 17:29 - 2016-04-08 17:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-04-08 17:29 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-04-08 17:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-04-08 17:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-04-08 17:28 - 2016-04-08 17:28 - 22851472 _____ (Malwarebytes ) C:\Users\PC\Downloads\mbam-setup-2.2.1.1043.exe 2016-04-08 16:29 - 2016-04-08 16:31 - 555634196 _____ C:\Users\PC\Downloads\pcriver.com_Windows_XP_64Bit_Pro.zip 2016-04-08 16:27 - 2016-04-12 12:39 - 00000000 ____D C:\Users\PC\VirtualBox VMs 2016-04-08 16:26 - 2016-04-12 12:54 - 00000000 ____D C:\Users\PC\.VirtualBox 2016-04-08 16:26 - 2016-04-08 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2016-04-08 16:26 - 2016-03-04 17:29 - 00982504 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys 2016-04-08 16:25 - 2016-03-04 17:29 - 00148808 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2016-04-08 16:24 - 2016-04-08 16:25 - 120421344 _____ (Oracle Corporation) C:\Users\PC\Downloads\VirtualBox-5.0.16-105871-Win.exe 2016-04-08 16:17 - 2015-10-29 19:42 - 16736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0001.dll 2016-04-08 16:10 - 2016-04-08 16:10 - 00000000 ____D C:\WINDOWS\SysWOW64\sq-AL 2016-04-08 16:10 - 2016-04-08 16:10 - 00000000 ____D C:\WINDOWS\system32\sq-AL 2016-04-08 16:10 - 2016-04-08 16:10 - 00000000 ____D C:\WINDOWS\sq-AL 2016-04-08 16:09 - 2016-04-08 16:09 - 00001051 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk 2016-04-07 21:08 - 2016-04-12 13:12 - 00000000 ____D C:\Users\PC\AppData\Roaming\foobar2000 2016-04-07 21:08 - 2016-04-07 21:08 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk 2016-04-07 21:08 - 2016-04-07 21:08 - 00000000 ____D C:\Program Files (x86)\foobar2000 2016-04-07 19:44 - 2016-04-07 19:44 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Unity 2016-04-07 19:44 - 2016-04-07 19:44 - 00000000 ____D C:\Users\PC\AppData\LocalLow\Hyper Hippo Productions Ltd_ 2016-04-07 18:26 - 2016-02-07 18:26 - 00000032 ____R C:\ProgramData\hash.dat 2016-04-07 18:19 - 2016-04-08 14:46 - 00000000 ____D C:\Users\PC\AppData\Roaming\Spotify 2016-04-07 18:19 - 2016-04-08 14:46 - 00000000 ____D C:\Users\PC\AppData\Local\Spotify 2016-04-07 18:19 - 2016-04-07 18:19 - 00001821 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2016-04-07 17:44 - 2016-04-07 17:44 - 00000000 ____D C:\ProgramData\16E97BCE007A98A8290A9D32DB248BD6 2016-04-07 17:41 - 2016-04-07 17:41 - 00000000 ____D C:\Users\PC\Documents\GameMaker 2016-04-07 17:40 - 2016-04-07 17:40 - 00000222 _____ C:\Users\PC\Desktop\GameMaker Studio.url 2016-04-07 17:40 - 2016-04-07 17:40 - 00000000 ____D C:\Users\PC\AppData\Local\gamemaker_studio 2016-04-07 17:40 - 2016-04-07 17:40 - 00000000 ____D C:\ProgramData\gamemaker_studio 2016-04-07 17:39 - 2016-04-07 17:39 - 00002833 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tiled.lnk 2016-04-06 16:21 - 2016-04-06 16:21 - 00000000 ____D C:\Users\PC\Documents\WBGames 2016-04-06 15:39 - 2016-04-06 15:39 - 00001020 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\osu!.lnk 2016-04-06 15:37 - 2016-04-06 15:43 - 00000000 ____D C:\Users\PC\AppData\Local\osu! 2016-04-06 15:04 - 2016-04-06 15:16 - 00000000 ____D C:\Users\PC\AppData\Roaming\Tropico 5 2016-04-06 15:01 - 2016-04-06 15:01 - 00000000 ____D C:\Users\PC\AppData\Roaming\Kalypso Media 2016-04-06 15:01 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2016-04-06 15:01 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2016-04-06 15:01 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll 2016-04-06 15:01 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2016-04-06 15:01 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2016-04-06 15:01 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2016-04-06 15:01 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2016-04-06 15:01 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2016-04-06 15:01 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2016-04-06 15:01 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll 2016-04-06 15:01 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2016-04-06 15:01 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll 2016-04-06 15:01 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2016-04-06 15:01 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll 2016-04-06 15:01 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2016-04-06 15:01 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2016-04-06 15:01 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll 2016-04-06 15:01 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll 2016-04-06 15:01 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll 2016-04-06 15:01 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll 2016-04-06 15:01 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll 2016-04-06 15:01 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll 2016-04-06 15:01 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll 2016-04-06 15:01 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll 2016-04-06 15:01 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll 2016-04-06 15:01 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll 2016-04-06 15:01 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll 2016-04-06 15:01 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll 2016-04-06 15:01 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll 2016-04-06 15:01 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll 2016-04-06 15:01 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll 2016-04-06 15:01 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll 2016-04-06 15:01 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll 2016-04-06 15:01 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll 2016-04-06 15:01 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2016-04-06 15:01 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2016-04-06 15:01 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll 2016-04-06 15:01 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll 2016-04-06 15:01 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll 2016-04-06 15:01 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll 2016-04-06 15:01 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll 2016-04-06 15:01 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll 2016-04-06 15:00 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll 2016-04-06 15:00 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll 2016-04-06 15:00 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll 2016-04-06 15:00 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll 2016-04-06 15:00 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll 2016-04-06 15:00 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll 2016-04-06 15:00 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll 2016-04-06 15:00 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll 2016-04-06 15:00 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll 2016-04-06 15:00 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll 2016-04-06 15:00 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll 2016-04-06 15:00 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll 2016-04-06 15:00 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll 2016-04-06 15:00 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll 2016-04-06 15:00 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll 2016-04-06 15:00 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll 2016-04-06 15:00 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll 2016-04-06 15:00 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll 2016-04-06 15:00 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll 2016-04-06 15:00 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll 2016-04-06 15:00 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll 2016-04-06 15:00 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll 2016-04-06 15:00 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll 2016-04-06 15:00 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll 2016-04-06 15:00 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll 2016-04-06 15:00 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll 2016-04-06 15:00 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll 2016-04-06 15:00 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll 2016-04-06 15:00 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll 2016-04-06 15:00 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll 2016-04-06 15:00 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll 2016-04-06 15:00 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll 2016-04-06 15:00 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll 2016-04-06 15:00 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll 2016-04-06 15:00 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll 2016-04-06 15:00 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll 2016-04-06 15:00 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll 2016-04-06 15:00 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll 2016-04-06 15:00 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll 2016-04-06 15:00 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll 2016-04-06 15:00 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll 2016-04-06 15:00 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll 2016-04-06 15:00 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll 2016-04-06 15:00 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll 2016-04-06 15:00 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll 2016-04-06 15:00 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll 2016-04-06 15:00 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll 2016-04-06 15:00 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll 2016-04-06 15:00 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll 2016-04-06 15:00 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll 2016-04-06 15:00 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll 2016-04-06 15:00 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll 2016-04-06 15:00 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll 2016-04-06 15:00 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll 2016-04-06 15:00 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll 2016-04-06 15:00 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll 2016-04-06 15:00 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll 2016-04-06 15:00 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll 2016-04-06 15:00 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll 2016-04-06 15:00 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll 2016-04-06 15:00 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll 2016-04-06 15:00 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll 2016-04-06 15:00 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll 2016-04-06 15:00 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll 2016-04-06 15:00 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll 2016-04-06 15:00 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll 2016-04-06 15:00 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll 2016-04-06 15:00 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll 2016-04-06 15:00 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll 2016-04-06 15:00 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll 2016-04-06 15:00 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll 2016-04-06 15:00 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll 2016-04-06 15:00 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll 2016-04-06 15:00 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll 2016-04-06 15:00 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll 2016-04-06 15:00 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll 2016-04-06 15:00 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll 2016-04-06 15:00 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll 2016-04-06 15:00 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll 2016-04-06 15:00 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll 2016-04-06 15:00 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll 2016-04-06 15:00 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll 2016-04-06 15:00 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll 2016-04-06 15:00 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll 2016-04-06 15:00 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll 2016-04-06 15:00 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll 2016-04-06 15:00 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll 2016-04-06 15:00 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll 2016-04-06 15:00 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll 2016-04-06 15:00 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll 2016-04-06 15:00 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll 2016-04-06 15:00 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll 2016-04-06 15:00 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll 2016-04-06 15:00 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll 2016-04-06 15:00 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll 2016-04-06 15:00 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll 2016-04-06 15:00 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll 2016-04-06 15:00 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll 2016-04-06 15:00 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll 2016-04-06 15:00 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll 2016-04-06 15:00 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll 2016-04-06 15:00 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll 2016-04-06 15:00 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll 2016-04-06 15:00 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll 2016-04-06 15:00 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll 2016-04-06 15:00 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll 2016-04-06 15:00 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll 2016-04-06 15:00 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll 2016-04-06 15:00 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll 2016-04-06 15:00 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll 2016-04-06 15:00 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll 2016-04-06 15:00 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll 2016-04-06 15:00 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll 2016-04-06 15:00 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll 2016-04-06 15:00 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll 2016-04-06 15:00 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll 2016-04-06 15:00 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll 2016-04-06 15:00 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll 2016-04-06 15:00 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll 2016-04-06 15:00 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll 2016-04-06 15:00 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll 2016-04-06 15:00 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll 2016-04-06 15:00 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll 2016-04-06 15:00 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll 2016-04-06 15:00 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll 2016-04-06 15:00 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll 2016-04-06 15:00 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll 2016-04-06 15:00 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll 2016-04-06 15:00 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll 2016-04-06 15:00 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll 2016-04-06 15:00 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll 2016-04-06 15:00 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll 2016-04-06 15:00 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll 2016-04-06 15:00 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll 2016-04-06 15:00 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll 2016-04-06 15:00 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll 2016-04-06 15:00 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll 2016-04-06 15:00 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll 2016-04-06 15:00 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll 2016-04-06 15:00 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll 2016-04-05 21:11 - 2016-04-05 21:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2016-04-05 21:05 - 2016-02-24 02:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-04-05 21:05 - 2016-02-24 02:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-04-05 21:05 - 2016-02-24 02:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-04-05 21:05 - 2016-02-24 02:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2016-04-05 21:05 - 2016-02-24 02:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2016-04-05 21:05 - 2016-02-24 02:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-04-05 21:05 - 2016-02-24 01:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-04-05 21:05 - 2016-02-24 01:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-04-05 21:05 - 2016-02-24 01:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-04-05 21:05 - 2016-02-23 23:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-04-05 21:05 - 2016-02-23 23:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-04-05 21:05 - 2016-02-23 23:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2016-04-05 21:05 - 2016-02-23 23:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-04-05 21:05 - 2016-02-23 23:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-04-05 21:05 - 2016-02-23 23:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-04-05 21:05 - 2016-02-23 23:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-04-05 21:05 - 2016-02-23 22:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-04-05 21:05 - 2016-02-23 22:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll 2016-04-05 21:05 - 2016-02-23 22:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll 2016-04-05 21:05 - 2016-02-23 22:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-04-05 21:05 - 2016-02-23 22:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-04-05 21:05 - 2016-02-23 22:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-04-05 21:05 - 2016-02-23 22:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-04-05 21:05 - 2016-02-23 22:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-04-05 21:05 - 2016-02-23 22:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-04-05 21:05 - 2016-02-23 22:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-04-05 21:05 - 2016-02-23 22:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-04-05 21:05 - 2016-02-23 21:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-04-05 21:05 - 2016-02-23 21:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-04-05 21:05 - 2016-02-23 04:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-05 21:05 - 2016-02-23 04:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-04-05 21:05 - 2016-02-23 03:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-04-05 21:05 - 2016-02-23 03:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-04-05 21:05 - 2016-02-23 03:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-04-05 21:05 - 2016-02-23 03:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-04-05 21:05 - 2016-02-23 03:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2016-04-05 21:05 - 2016-02-23 03:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-04-05 21:05 - 2016-02-23 03:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-04-05 21:05 - 2016-02-23 03:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2016-04-05 21:05 - 2016-02-23 03:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-04-05 21:05 - 2016-02-23 03:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-04-05 21:05 - 2016-02-23 02:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2016-04-05 21:05 - 2016-02-23 02:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-04-05 21:05 - 2016-02-23 02:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-04-05 21:05 - 2016-02-23 02:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2016-04-05 21:05 - 2016-02-23 02:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-04-05 21:05 - 2016-02-23 02:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2016-04-05 21:05 - 2016-02-23 02:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2016-04-05 21:05 - 2016-02-23 02:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-04-05 21:05 - 2016-02-23 02:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-04-05 21:05 - 2016-02-23 02:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll 2016-04-05 21:05 - 2016-02-23 01:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2016-04-05 21:05 - 2016-02-23 01:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll 2016-04-05 21:05 - 2016-02-23 01:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-04-05 21:05 - 2016-02-23 01:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2016-04-05 21:05 - 2016-02-23 01:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-04-05 21:05 - 2016-02-23 01:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-04-05 21:05 - 2016-02-23 01:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-04-05 21:05 - 2016-02-23 01:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-04-05 21:05 - 2016-02-23 01:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-04-05 21:05 - 2016-02-23 00:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2016-04-05 21:05 - 2016-02-23 00:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll 2016-04-05 21:05 - 2016-02-23 00:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-04-05 21:05 - 2016-02-23 00:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-04-05 21:05 - 2016-02-23 00:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-04-05 21:05 - 2016-02-23 00:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-04-05 21:05 - 2016-02-23 00:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-04-05 21:05 - 2016-02-23 00:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-04-05 21:05 - 2016-02-23 00:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-04-05 21:05 - 2016-02-23 00:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-04-05 21:05 - 2016-02-22 23:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-04-05 21:05 - 2016-02-22 23:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2016-04-05 21:05 - 2016-02-22 23:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-04-05 21:05 - 2016-02-22 23:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-04-05 21:05 - 2016-02-22 23:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-04-05 21:05 - 2016-02-22 23:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-04-05 21:05 - 2016-02-22 23:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-04-05 21:05 - 2016-02-22 23:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-04-05 21:05 - 2016-02-22 23:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2016-04-05 21:05 - 2016-02-22 23:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-04-05 21:05 - 2016-02-22 23:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-04-05 21:05 - 2016-02-22 23:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-04-05 21:05 - 2016-02-22 23:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-04-05 21:05 - 2016-02-22 23:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-04-05 21:05 - 2016-02-22 23:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2016-04-05 21:05 - 2016-02-22 23:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-04-05 21:05 - 2016-02-22 23:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-04-05 21:05 - 2016-02-22 23:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-04-05 21:05 - 2016-02-08 20:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-04-05 21:05 - 2016-02-08 20:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-04-05 21:04 - 2016-02-29 22:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-04-05 21:04 - 2016-02-29 22:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-04-05 21:04 - 2016-02-24 02:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-04-05 21:04 - 2016-02-24 02:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-04-05 21:04 - 2016-02-24 01:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-04-05 21:04 - 2016-02-24 01:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2016-04-05 21:04 - 2016-02-24 01:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-04-05 21:04 - 2016-02-24 01:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-04-05 21:04 - 2016-02-24 01:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2016-04-05 21:04 - 2016-02-24 01:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-04-05 21:04 - 2016-02-24 01:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe 2016-04-05 21:04 - 2016-02-24 01:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-04-05 21:04 - 2016-02-24 01:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-04-05 21:04 - 2016-02-24 01:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-04-05 21:04 - 2016-02-24 01:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-04-05 21:04 - 2016-02-24 01:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-04-05 21:04 - 2016-02-24 01:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-04-05 21:04 - 2016-02-24 01:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll 2016-04-05 21:04 - 2016-02-24 01:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-04-05 21:04 - 2016-02-24 01:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-04-05 21:04 - 2016-02-24 01:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2016-04-05 21:04 - 2016-02-24 01:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2016-04-05 21:04 - 2016-02-24 00:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-04-05 21:04 - 2016-02-24 00:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll 2016-04-05 21:04 - 2016-02-24 00:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll 2016-04-05 21:04 - 2016-02-24 00:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-04-05 21:04 - 2016-02-24 00:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2016-04-05 21:04 - 2016-02-24 00:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll 2016-04-05 21:04 - 2016-02-24 00:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll 2016-04-05 21:04 - 2016-02-24 00:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-04-05 21:04 - 2016-02-24 00:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2016-04-05 21:04 - 2016-02-24 00:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll 2016-04-05 21:04 - 2016-02-24 00:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-04-05 21:04 - 2016-02-24 00:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2016-04-05 21:04 - 2016-02-24 00:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2016-04-05 21:04 - 2016-02-24 00:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2016-04-05 21:04 - 2016-02-24 00:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll 2016-04-05 21:04 - 2016-02-24 00:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll 2016-04-05 21:04 - 2016-02-24 00:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-04-05 21:04 - 2016-02-24 00:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll 2016-04-05 21:04 - 2016-02-24 00:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll 2016-04-05 21:04 - 2016-02-24 00:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2016-04-05 21:04 - 2016-02-24 00:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll 2016-04-05 21:04 - 2016-02-24 00:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2016-04-05 21:04 - 2016-02-24 00:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2016-04-05 21:04 - 2016-02-24 00:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll 2016-04-05 21:04 - 2016-02-24 00:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-04-05 21:04 - 2016-02-24 00:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll 2016-04-05 21:04 - 2016-02-24 00:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2016-04-05 21:04 - 2016-02-24 00:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll 2016-04-05 21:04 - 2016-02-24 00:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll 2016-04-05 21:04 - 2016-02-24 00:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-04-05 21:04 - 2016-02-24 00:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll 2016-04-05 21:04 - 2016-02-24 00:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll 2016-04-05 21:04 - 2016-02-24 00:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll 2016-04-05 21:04 - 2016-02-24 00:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2016-04-05 21:04 - 2016-02-24 00:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-04-05 21:04 - 2016-02-24 00:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll 2016-04-05 21:04 - 2016-02-24 00:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-04-05 21:04 - 2016-02-24 00:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll 2016-04-05 21:04 - 2016-02-24 00:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2016-04-05 21:04 - 2016-02-24 00:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll 2016-04-05 21:04 - 2016-02-23 23:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll 2016-04-05 21:04 - 2016-02-23 23:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll 2016-04-05 21:04 - 2016-02-23 23:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-04-05 21:04 - 2016-02-23 23:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll 2016-04-05 21:04 - 2016-02-23 23:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll 2016-04-05 21:04 - 2016-02-23 23:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll 2016-04-05 21:04 - 2016-02-23 23:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll 2016-04-05 21:04 - 2016-02-23 23:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2016-04-05 21:04 - 2016-02-23 23:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll 2016-04-05 21:04 - 2016-02-23 23:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2016-04-05 21:04 - 2016-02-23 23:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll 2016-04-05 21:04 - 2016-02-23 23:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2016-04-05 21:04 - 2016-02-23 23:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll 2016-04-05 21:04 - 2016-02-23 23:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2016-04-05 21:04 - 2016-02-23 23:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll 2016-04-05 21:04 - 2016-02-23 23:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-04-05 21:04 - 2016-02-23 23:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll 2016-04-05 21:04 - 2016-02-23 23:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2016-04-05 21:04 - 2016-02-23 23:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll 2016-04-05 21:04 - 2016-02-23 23:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll 2016-04-05 21:04 - 2016-02-23 23:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll 2016-04-05 21:04 - 2016-02-23 23:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll 2016-04-05 21:04 - 2016-02-23 23:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2016-04-05 21:04 - 2016-02-23 23:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll 2016-04-05 21:04 - 2016-02-23 23:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2016-04-05 21:04 - 2016-02-23 23:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-04-05 21:04 - 2016-02-23 23:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll 2016-04-05 21:04 - 2016-02-23 23:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-04-05 21:04 - 2016-02-23 23:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll 2016-04-05 21:04 - 2016-02-23 23:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll 2016-04-05 21:04 - 2016-02-23 23:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2016-04-05 21:04 - 2016-02-23 23:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2016-04-05 21:04 - 2016-02-23 23:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll 2016-04-05 21:04 - 2016-02-23 23:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-04-05 21:04 - 2016-02-23 23:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2016-04-05 21:04 - 2016-02-23 23:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2016-04-05 21:04 - 2016-02-23 23:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll 2016-04-05 21:04 - 2016-02-23 23:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll 2016-04-05 21:04 - 2016-02-23 23:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-04-05 21:04 - 2016-02-23 23:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll 2016-04-05 21:04 - 2016-02-23 23:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll 2016-04-05 21:04 - 2016-02-23 23:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll 2016-04-05 21:04 - 2016-02-23 23:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll 2016-04-05 21:04 - 2016-02-23 23:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2016-04-05 21:04 - 2016-02-23 23:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll 2016-04-05 21:04 - 2016-02-23 23:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll 2016-04-05 21:04 - 2016-02-23 23:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll 2016-04-05 21:04 - 2016-02-23 23:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll 2016-04-05 21:04 - 2016-02-23 23:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2016-04-05 21:04 - 2016-02-23 23:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2016-04-05 21:04 - 2016-02-23 23:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll 2016-04-05 21:04 - 2016-02-23 23:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-04-05 21:04 - 2016-02-23 23:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2016-04-05 21:04 - 2016-02-23 23:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll 2016-04-05 21:04 - 2016-02-23 23:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll 2016-04-05 21:04 - 2016-02-23 23:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll 2016-04-05 21:04 - 2016-02-23 23:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2016-04-05 21:04 - 2016-02-23 23:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-04-05 21:04 - 2016-02-23 23:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2016-04-05 21:04 - 2016-02-23 23:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll 2016-04-05 21:04 - 2016-02-23 22:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll 2016-04-05 21:04 - 2016-02-23 22:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll 2016-04-05 21:04 - 2016-02-23 04:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-04-05 21:04 - 2016-02-23 04:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-04-05 21:04 - 2016-02-23 04:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-04-05 21:04 - 2016-02-23 04:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-04-05 21:04 - 2016-02-23 04:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-04-05 21:04 - 2016-02-23 04:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2016-04-05 21:04 - 2016-02-23 04:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll 2016-04-05 21:04 - 2016-02-23 04:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-04-05 21:04 - 2016-02-23 03:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-04-05 21:04 - 2016-02-23 03:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-04-05 21:04 - 2016-02-23 03:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-04-05 21:04 - 2016-02-23 03:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-04-05 21:04 - 2016-02-23 03:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-04-05 21:04 - 2016-02-23 03:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2016-04-05 21:04 - 2016-02-23 03:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-04-05 21:04 - 2016-02-23 03:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll 2016-04-05 21:04 - 2016-02-23 03:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2016-04-05 21:04 - 2016-02-23 02:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-04-05 21:04 - 2016-02-23 02:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-04-05 21:04 - 2016-02-23 02:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2016-04-05 21:04 - 2016-02-23 02:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2016-04-05 21:04 - 2016-02-23 02:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-04-05 21:04 - 2016-02-23 02:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll 2016-04-05 21:04 - 2016-02-23 02:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2016-04-05 21:04 - 2016-02-23 02:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys 2016-04-05 21:04 - 2016-02-23 02:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-04-05 21:04 - 2016-02-23 02:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2016-04-05 21:04 - 2016-02-23 02:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll 2016-04-05 21:04 - 2016-02-23 02:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-04-05 21:04 - 2016-02-23 02:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-04-05 21:04 - 2016-02-23 02:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-04-05 21:04 - 2016-02-23 02:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll 2016-04-05 21:04 - 2016-02-23 02:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys 2016-04-05 21:04 - 2016-02-23 02:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-04-05 21:04 - 2016-02-23 02:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-04-05 21:04 - 2016-02-23 01:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-04-05 21:04 - 2016-02-23 01:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-04-05 21:04 - 2016-02-23 01:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll 2016-04-05 21:04 - 2016-02-23 01:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-04-05 21:04 - 2016-02-23 01:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys 2016-04-05 21:04 - 2016-02-23 01:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2016-04-05 21:04 - 2016-02-23 01:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll 2016-04-05 21:04 - 2016-02-23 01:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2016-04-05 21:04 - 2016-02-23 01:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-04-05 21:04 - 2016-02-23 01:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-04-05 21:04 - 2016-02-23 01:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll 2016-04-05 21:04 - 2016-02-23 01:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll 2016-04-05 21:04 - 2016-02-23 01:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2016-04-05 21:04 - 2016-02-23 01:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll 2016-04-05 21:04 - 2016-02-23 01:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll 2016-04-05 21:04 - 2016-02-23 01:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-04-05 21:04 - 2016-02-23 01:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-04-05 21:04 - 2016-02-23 01:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-04-05 21:04 - 2016-02-23 01:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll 2016-04-05 21:04 - 2016-02-23 01:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-04-05 21:04 - 2016-02-23 01:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll 2016-04-05 21:04 - 2016-02-23 01:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2016-04-05 21:04 - 2016-02-23 01:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-04-05 21:04 - 2016-02-23 01:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-04-05 21:04 - 2016-02-23 01:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2016-04-05 21:04 - 2016-02-23 01:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-04-05 21:04 - 2016-02-23 01:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll 2016-04-05 21:04 - 2016-02-23 01:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2016-04-05 21:04 - 2016-02-23 01:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-04-05 21:04 - 2016-02-23 01:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-04-05 21:04 - 2016-02-23 01:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2016-04-05 21:04 - 2016-02-23 01:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2016-04-05 21:04 - 2016-02-23 01:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2016-04-05 21:04 - 2016-02-23 01:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-04-05 21:04 - 2016-02-23 01:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-04-05 21:04 - 2016-02-23 01:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2016-04-05 21:04 - 2016-02-23 01:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2016-04-05 21:04 - 2016-02-23 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-04-05 21:04 - 2016-02-23 01:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-04-05 21:04 - 2016-02-23 01:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-04-05 21:04 - 2016-02-23 01:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-04-05 21:04 - 2016-02-23 01:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-04-05 21:04 - 2016-02-23 01:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-04-05 21:04 - 2016-02-23 01:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-04-05 21:04 - 2016-02-23 01:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-04-05 21:04 - 2016-02-23 01:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-04-05 21:04 - 2016-02-23 01:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-04-05 21:04 - 2016-02-23 01:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2016-04-05 21:04 - 2016-02-23 01:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-04-05 21:04 - 2016-02-23 00:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-04-05 21:04 - 2016-02-23 00:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-04-05 21:04 - 2016-02-23 00:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll 2016-04-05 21:04 - 2016-02-23 00:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2016-04-05 21:04 - 2016-02-23 00:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll 2016-04-05 21:04 - 2016-02-23 00:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll 2016-04-05 21:04 - 2016-02-23 00:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll 2016-04-05 21:04 - 2016-02-23 00:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll 2016-04-05 21:04 - 2016-02-23 00:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2016-04-05 21:04 - 2016-02-23 00:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll 2016-04-05 21:04 - 2016-02-23 00:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-04-05 21:04 - 2016-02-23 00:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-04-05 21:04 - 2016-02-23 00:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2016-04-05 21:04 - 2016-02-23 00:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2016-04-05 21:04 - 2016-02-23 00:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-04-05 21:04 - 2016-02-23 00:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2016-04-05 21:04 - 2016-02-23 00:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-04-05 21:04 - 2016-02-23 00:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-04-05 21:04 - 2016-02-23 00:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2016-04-05 21:04 - 2016-02-23 00:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll 2016-04-05 21:04 - 2016-02-23 00:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-04-05 21:04 - 2016-02-23 00:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-04-05 21:04 - 2016-02-23 00:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-04-05 21:04 - 2016-02-23 00:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2016-04-05 21:04 - 2016-02-23 00:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-04-05 21:04 - 2016-02-23 00:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-04-05 21:04 - 2016-02-22 23:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2016-04-05 21:04 - 2016-02-22 23:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-04-05 21:04 - 2016-02-08 20:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-04-05 21:04 - 2016-02-08 20:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll 2016-04-05 21:04 - 2016-02-08 20:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll 2016-04-05 21:04 - 2016-02-08 20:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2016-04-05 20:45 - 2016-04-07 21:08 - 00000000 ____D C:\Program Files\KMSpico 2016-04-05 20:45 - 2016-04-05 20:45 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe 2016-04-05 20:45 - 2016-04-05 20:45 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll 2016-04-05 20:45 - 2016-04-05 20:45 - 00000000 ____D C:\Users\PC\AppData\Roaming\WinRAR 2016-04-05 20:45 - 2016-04-05 20:45 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-04-05 20:45 - 2016-04-05 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-04-05 20:45 - 2016-04-05 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico 2016-04-05 20:45 - 2016-04-05 20:45 - 00000000 ____D C:\Program Files\WinRAR 2016-04-05 20:45 - 2010-12-05 19:16 - 00090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll 2016-04-05 20:40 - 2016-04-05 20:40 - 00000000 ____D C:\Users\PC\AppData\Roaming\Macromedia 2016-04-05 20:38 - 2016-04-11 20:59 - 00000000 ____D C:\Users\PC\AppData\Roaming\uTorrent 2016-04-05 20:38 - 2016-04-05 20:38 - 00002669 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk 2016-04-05 20:34 - 2016-04-05 20:34 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater 2016-04-05 20:33 - 2016-04-06 14:53 - 00000000 ____D C:\Users\PC\AppData\Roaming\PlaysTV 2016-04-05 20:33 - 2016-04-05 20:34 - 00000000 ____D C:\Users\PC\AppData\Local\Comms 2016-04-05 20:33 - 2016-04-05 20:33 - 00000000 ____D C:\Users\PC\AppData\Roaming\library_dir 2016-04-05 20:33 - 2016-04-05 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr 2016-04-05 20:33 - 2016-04-05 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2016-04-05 20:32 - 2016-04-06 14:53 - 00000000 ____D C:\Users\PC\AppData\Roaming\Raptr 2016-04-05 20:32 - 2016-04-05 20:33 - 00000000 ____D C:\Program Files (x86)\Raptr Inc 2016-04-05 20:32 - 2016-04-05 20:33 - 00000000 ____D C:\Program Files (x86)\Raptr 2016-04-05 20:32 - 2016-04-05 20:32 - 00000000 ____D C:\Users\PC\AppData\Local\Steam 2016-04-05 20:32 - 2016-04-05 20:32 - 00000000 ____D C:\Users\PC\AppData\Local\CEF 2016-04-05 20:32 - 2016-04-05 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.1 2016-04-05 20:32 - 2016-04-05 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings 2016-04-05 20:32 - 2016-04-05 20:32 - 00000000 ____D C:\Program Files (x86)\VulkanRT 2016-04-05 20:32 - 2016-04-05 20:32 - 00000000 ____D C:\Program Files (x86)\AMD 2016-04-05 20:32 - 2016-02-15 16:27 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2016-04-05 20:32 - 2016-02-15 16:26 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll 2016-04-05 20:32 - 2016-02-15 16:25 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe 2016-04-05 20:32 - 2016-02-15 16:25 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2016-04-05 20:30 - 2016-04-12 14:29 - 00000000 ____D C:\Program Files (x86)\Steam 2016-04-05 20:30 - 2016-04-05 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-04-05 20:30 - 2015-12-08 20:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-04-05 20:26 - 2016-04-05 20:26 - 00002259 _____ C:\WINDOWS\epplauncher.mif 2016-04-05 17:25 - 2016-04-05 20:25 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-04-05 17:25 - 2016-04-05 17:25 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-04-05 17:24 - 2016-04-12 09:50 - 00883368 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-05 17:22 - 2016-04-12 14:29 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-05 17:22 - 2016-04-12 14:27 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-05 17:22 - 2016-04-11 15:28 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-05 17:22 - 2016-04-05 17:22 - 00003980 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-04-05 17:22 - 2016-04-05 17:22 - 00003748 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-04-05 17:22 - 2016-04-05 17:22 - 00000000 ____D C:\Program Files (x86)\Google 2016-04-05 17:21 - 2016-04-06 14:59 - 00000000 ____D C:\Users\PC\AppData\Local\Google 2016-04-05 17:21 - 2016-04-05 17:21 - 00002358 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-05 17:21 - 2016-04-05 17:21 - 00000000 ___RD C:\Users\PC\OneDrive 2016-04-05 17:20 - 2016-04-06 15:39 - 00000000 ____D C:\Users\PC\AppData\Local\AMD 2016-04-05 17:20 - 2016-04-05 17:21 - 00000000 ____D C:\Users\PC\AppData\Local\MicrosoftEdge 2016-04-05 17:20 - 2016-04-05 17:20 - 00000000 ____D C:\Users\PC\AppData\Roaming\ATI 2016-04-05 17:20 - 2016-04-05 17:20 - 00000000 ____D C:\Users\PC\AppData\Local\ATI 2016-04-05 17:20 - 2016-04-05 17:20 - 00000000 ____D C:\Users\PC\AppData\Local\ActiveSync 2016-04-05 17:20 - 2016-04-05 17:20 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-04-05 17:19 - 2016-04-10 16:26 - 00000000 ____D C:\Users\PC 2016-04-05 17:19 - 2016-04-09 08:36 - 00000000 ____D C:\Users\PC\AppData\Local\VirtualStore 2016-04-05 17:19 - 2016-04-06 20:24 - 00000000 ____D C:\Users\PC\AppData\Local\Packages 2016-04-05 17:19 - 2016-04-06 14:53 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-04-05 17:19 - 2016-04-05 17:19 - 00000020 ___SH C:\Users\PC\ntuser.ini 2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 _SHDL C:\Users\PC\My Documents 2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 _SHDL C:\Users\PC\Documents\My Videos 2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 _SHDL C:\Users\PC\Documents\My Pictures 2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 _SHDL C:\Users\PC\Documents\My Music 2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 ____D C:\Users\PC\AppData\Roaming\Adobe 2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 ____D C:\Users\PC\AppData\Local\TileDataLayer 2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 ____D C:\Users\PC\AppData\Local\Publishers 2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 ____D C:\ProgramData\USOShared 2016-04-05 09:15 - 2016-04-11 20:59 - 00000000 ___DC C:\WINDOWS\Panther 2016-04-05 09:15 - 2016-04-05 09:15 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-04-05 09:15 - 2016-04-05 09:15 - 00000000 ____D C:\WINDOWS\InfusedApps 2016-04-05 09:15 - 2016-04-05 09:15 - 00000000 _____ C:\Recovery.txt 2016-04-05 09:14 - 2016-04-05 09:14 - 00000000 ____D C:\WINDOWS\Setup 2016-04-05 09:13 - 2016-04-08 16:10 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN 2016-04-05 09:13 - 2016-04-08 16:10 - 00000000 ____D C:\WINDOWS\system32\WCN 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\SysWOW64\0409 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\system32\winrm 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\system32\slmgr 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\system32\0409 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\OCR 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\DigitalLocker 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\Program Files\MSBuild 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-04-05 09:13 - 2016-04-05 09:13 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-04-05 09:11 - 2016-03-08 00:12 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-04-05 09:11 - 2016-03-08 00:12 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-04-05 09:10 - 2016-04-12 11:10 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-04-05 09:10 - 2016-04-10 14:34 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-05 09:10 - 2016-04-09 13:31 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-05 09:10 - 2016-04-08 22:28 - 00000000 ____D C:\WINDOWS\rescache 2016-04-05 09:10 - 2016-04-08 16:10 - 00000000 ___RD C:\WINDOWS\PurchaseDialog 2016-04-05 09:10 - 2016-04-08 16:10 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-04-05 09:10 - 2016-04-08 16:10 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-04-05 09:10 - 2016-04-08 16:10 - 00000000 ___RD C:\WINDOWS\DevicesFlow 2016-04-05 09:10 - 2016-04-08 16:10 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-04-05 09:10 - 2016-04-08 16:10 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2016-04-05 09:10 - 2016-04-08 16:10 - 00000000 ____D C:\Program Files\Windows Defender 2016-04-05 09:10 - 2016-04-08 16:10 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2016-04-05 09:10 - 2016-04-07 14:51 - 00000000 ____D C:\WINDOWS\appcompat 2016-04-05 09:10 - 2016-04-06 14:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 __RSD C:\WINDOWS\Media 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 ____D C:\Program Files\Windows Portable Devices 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 ____D C:\Program Files\Windows Multimedia Platform 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 ____D C:\Program Files\Windows Journal 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices 2016-04-05 09:10 - 2016-04-06 14:50 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform 2016-04-05 09:10 - 2016-04-05 20:33 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-04-05 09:10 - 2016-04-05 17:19 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-04-05 09:10 - 2016-04-05 17:19 - 00000000 ____D C:\ProgramData\USOPrivate 2016-04-05 09:10 - 2016-04-05 09:15 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-04-05 09:10 - 2016-04-05 09:14 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-04-05 09:10 - 2016-04-05 09:14 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-04-05 09:10 - 2016-04-05 09:14 - 00000000 ____D C:\WINDOWS\Provisioning 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\SysWOW64\setup 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\SysWOW64\Com 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\SystemApps 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\system32\setup 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\system32\MUI 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\system32\migwiz 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\system32\Com 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\IME 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\Help 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\Program Files\Common Files\System 2016-04-05 09:10 - 2016-04-05 09:13 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 __SHD C:\Program Files\Windows Sidebar 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 __RHD C:\Users\Public\Libraries 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ___SD C:\WINDOWS\system32\Nui 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ___SD C:\WINDOWS\system32\Configuration 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ___RD C:\WINDOWS\Offline Web Pages 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ___RD C:\WINDOWS\DesktopTileResources 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\Web 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\Vss 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\tracing 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\TAPI 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\ras 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\IME 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SystemResources 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\WinMetadata 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\winevt 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\ras 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\ProximityToast 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\PointOfService 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\MsDtc 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\Ipmi 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\InputMethod 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\IME 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\icsxml 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\ias 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\downlevel 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\config\Journal 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\Bthprops 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\AppLocker 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\System 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SKB 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\ShellNew 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\security 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\schemas 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\SchCache 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\Resources 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\Registration 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\PLA 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\Performance 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\ModemLogs 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\L2Schemas 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\InputMethod 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\Globalization 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\Cursors 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\Branding 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\addins 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\ProgramData\Comms 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\Program Files\Windows NT 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\Program Files\Common Files\Services 2016-04-05 09:10 - 2016-04-05 09:10 - 00000000 ____D C:\Program Files (x86)\Windows NT 2016-04-05 09:10 - 2016-04-05 09:08 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2016-04-05 09:10 - 2016-04-05 09:08 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat 2016-04-05 09:10 - 2016-04-05 09:08 - 00215943 _____ C:\WINDOWS\system32\dssec.dat 2016-04-05 09:10 - 2016-04-05 09:08 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2016-04-05 09:10 - 2016-04-05 09:08 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services 2016-04-05 09:10 - 2016-04-05 09:08 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2016-04-05 09:10 - 2016-04-05 09:08 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat 2016-04-05 09:10 - 2016-04-05 09:08 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat 2016-04-05 09:10 - 2016-04-05 09:08 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam 2016-04-05 09:10 - 2016-04-05 09:08 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat 2016-04-05 09:10 - 2016-04-05 09:08 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat 2016-04-05 09:10 - 2016-04-05 09:08 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol 2016-04-05 09:10 - 2016-04-05 09:08 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json 2016-04-05 09:10 - 2016-04-05 09:08 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT 2016-04-05 09:10 - 2016-04-05 09:08 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT 2016-04-05 09:10 - 2016-04-05 09:08 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks 2016-04-05 09:10 - 2016-04-05 09:08 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config 2016-04-05 09:10 - 2016-04-05 09:08 - 00000219 _____ C:\WINDOWS\system.ini 2016-04-05 09:10 - 2016-04-05 09:08 - 00000092 _____ C:\WINDOWS\win.ini 2016-04-05 09:10 - 2016-04-05 08:18 - 00000000 ____D C:\WINDOWS\system32\spool 2016-04-05 09:10 - 2016-04-05 08:18 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2016-04-05 09:10 - 2016-04-05 08:17 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-04-05 09:09 - 2016-04-12 14:28 - 00000000 ____D C:\WINDOWS\INF 2016-04-05 09:05 - 2016-04-12 09:53 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-04-05 09:00 - 2016-04-12 14:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2016-04-05 09:00 - 2016-04-05 09:13 - 00000000 ____D C:\WINDOWS\servicing 2016-04-05 09:00 - 2016-04-05 09:10 - 00000000 ____D C:\WINDOWS\system32\SMI 2016-04-05 09:00 - 2016-04-05 08:18 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-04-05 09:00 - 2015-10-29 23:33 - 00000164 _____ C:\WINDOWS\system32\config\FP 2016-04-05 08:40 - 2016-04-05 08:40 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2016-04-05 08:40 - 2016-04-05 08:40 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2016-04-05 08:40 - 2015-10-23 18:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-04-05 08:40 - 2015-10-23 18:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-04-05 08:40 - 2015-10-23 18:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-04-05 08:40 - 2015-10-23 18:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2016-04-05 08:40 - 2015-10-23 18:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2016-04-05 08:40 - 2015-10-23 18:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-04-05 08:18 - 2016-04-12 14:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Public\Documents\My Videos 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Public\Documents\My Music 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Default\My Documents 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\Default User 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Users\All Users 2016-04-05 08:18 - 2016-04-05 08:18 - 00000000 _SHDL C:\Documents and Settings 2016-04-05 08:18 - 2015-10-30 00:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-04-05 08:17 - 2016-04-05 20:32 - 00000000 ____D C:\ProgramData\Package Cache 2016-04-05 08:17 - 2016-04-05 20:32 - 00000000 ____D C:\ProgramData\AMD 2016-04-05 08:16 - 2016-04-12 14:28 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2016-04-05 08:16 - 2016-04-11 19:00 - 00269520 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-05 08:16 - 2016-04-05 20:32 - 00000000 ____D C:\Program Files\AMD 2016-04-05 08:16 - 2016-04-05 17:24 - 00000000 ____D C:\AMD 2016-04-05 08:16 - 2016-04-05 08:16 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2016-04-05 08:16 - 2016-04-05 08:16 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2016-04-05 08:16 - 2016-04-05 08:16 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-04-05 08:16 - 2016-04-05 08:16 - 00000000 ____D C:\Program Files\Realtek 2016-04-05 08:16 - 2016-04-05 08:16 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies 2016-04-05 08:16 - 2016-04-05 08:16 - 00000000 _____ C:\WINDOWS\ativpsrm.bin 2016-04-05 05:57 - 2016-04-05 09:15 - 00000000 ___HD C:\$SysReset 2016-04-03 23:27 - 2016-04-03 23:27 - 02412544 _____ C:\WINDOWS\system32\amdacpusl.pdb 2016-04-03 23:16 - 2016-04-03 23:16 - 00364544 _____ (Advanced Micro Devices) C:\WINDOWS\system32\amdacpusl.dll 2016-04-03 23:16 - 2016-04-03 23:16 - 00306176 _____ C:\WINDOWS\system32\amdacpusl.pdb.pub 2016-04-03 23:16 - 2016-04-03 23:16 - 00248832 _____ (Advanced Micro Devices) C:\WINDOWS\SysWOW64\amdacpusl.dll 2016-04-03 21:16 - 2016-04-03 21:16 - 00458472 _____ C:\WINDOWS\system32\amdmiracast.dll 2016-04-03 21:16 - 2016-04-03 21:16 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll 2016-04-03 21:16 - 2016-04-03 21:16 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll 2016-04-03 21:16 - 2016-04-03 21:16 - 00110880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll 2016-04-03 21:16 - 2016-04-03 21:16 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll 2016-04-03 21:16 - 2016-04-03 21:16 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll 2016-04-03 21:16 - 2016-04-03 21:16 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll 2016-04-03 21:16 - 2016-04-03 21:16 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll 2016-04-03 21:16 - 2016-04-03 21:16 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll 2016-04-03 21:15 - 2016-04-03 21:15 - 08585696 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll 2016-04-03 21:15 - 2016-04-03 21:15 - 07392480 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll 2016-04-03 21:15 - 2016-04-03 21:15 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll 2016-04-03 21:12 - 2016-04-03 21:12 - 00296648 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdacpksd.sys 2016-04-03 21:10 - 2016-04-03 21:10 - 00023240 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdkmafd.sys 2016-04-03 20:32 - 2016-04-03 20:32 - 00701440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll 2016-04-03 20:30 - 2016-04-03 20:30 - 00580096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll 2016-04-03 20:29 - 2016-04-03 20:29 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll 2016-04-03 20:28 - 2016-04-03 20:28 - 06884864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll 2016-04-03 20:28 - 2016-04-03 20:28 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll 2016-04-03 20:27 - 2016-04-03 20:27 - 00235008 _____ C:\WINDOWS\system32\clinfo.exe 2016-04-03 20:26 - 2016-04-03 20:26 - 48211968 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll 2016-04-03 20:23 - 2016-04-03 20:23 - 40126976 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll 2016-04-03 20:21 - 2016-04-03 20:21 - 00103424 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll 2016-04-03 20:21 - 2016-04-03 20:21 - 00065024 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2016-04-03 20:21 - 2016-04-03 20:21 - 00059392 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2016-04-03 20:15 - 2016-04-03 20:15 - 26887168 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll 2016-04-03 20:15 - 2016-04-03 20:15 - 21730304 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll 2016-04-03 20:11 - 2016-04-03 20:11 - 06956032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll 2016-04-03 20:02 - 2016-04-03 20:02 - 05398016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll 2016-04-03 20:00 - 2016-04-03 20:00 - 05420032 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll 2016-04-03 19:48 - 2016-04-03 19:48 - 00134656 _____ C:\WINDOWS\system32\amdhdl64.dll 2016-04-03 19:48 - 2016-04-03 19:48 - 00123392 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll 2016-04-03 19:47 - 2016-04-03 19:47 - 30377984 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll 2016-04-03 19:41 - 2016-04-03 19:41 - 00698016 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb 2016-04-03 19:41 - 2016-04-03 19:41 - 00698016 _____ C:\WINDOWS\system32\atiapfxx.blb 2016-04-03 19:41 - 2016-04-03 19:41 - 00097280 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll 2016-04-03 19:41 - 2016-04-03 19:41 - 00089600 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll 2016-04-03 19:37 - 2016-04-03 19:37 - 08473088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll 2016-04-03 19:25 - 2016-04-03 19:25 - 25069056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll 2016-04-03 19:25 - 2016-04-03 19:25 - 00865280 _____ (AMD) C:\WINDOWS\system32\coinst_16.15.dll 2016-04-03 19:22 - 2016-04-03 19:22 - 06667776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll 2016-04-03 19:14 - 2016-04-03 19:14 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe 2016-04-03 19:14 - 2016-04-03 19:14 - 00062464 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll 2016-04-03 19:14 - 2016-04-03 19:14 - 00055808 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll 2016-04-03 19:14 - 2016-04-03 19:14 - 00052224 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll 2016-04-03 19:13 - 2016-04-03 19:13 - 15711744 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll 2016-04-03 19:13 - 2016-04-03 19:13 - 00049152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll 2016-04-03 19:10 - 2016-04-03 19:10 - 14302208 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll 2016-04-03 18:57 - 2016-04-03 18:57 - 00564736 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe 2016-04-03 18:57 - 2016-04-03 18:57 - 00224256 _____ C:\WINDOWS\system32\dgtrayicon.exe 2016-04-03 18:57 - 2016-04-03 18:57 - 00209920 _____ C:\WINDOWS\system32\GameManager64.dll 2016-04-03 18:57 - 2016-04-03 18:57 - 00204800 _____ C:\WINDOWS\system32\amdgfxinfo64.dll 2016-04-03 18:57 - 2016-04-03 18:57 - 00189952 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll 2016-04-03 18:57 - 2016-04-03 18:57 - 00186368 _____ C:\WINDOWS\SysWOW64\GameManager32.dll 2016-04-03 18:57 - 2016-04-03 18:57 - 00162304 _____ C:\WINDOWS\system32\atieah64.exe 2016-04-03 18:57 - 2016-04-03 18:57 - 00145408 _____ C:\WINDOWS\SysWOW64\atieah32.exe 2016-04-03 18:57 - 2016-04-03 18:57 - 00078336 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll 2016-04-03 18:56 - 2016-04-03 18:56 - 00251392 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe 2016-04-03 18:55 - 2016-04-03 18:55 - 00190976 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll 2016-04-03 18:55 - 2016-04-03 18:55 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll 2016-04-03 18:55 - 2016-04-03 18:55 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll 2016-04-03 18:52 - 2016-04-03 18:52 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap 2016-04-03 18:42 - 2016-04-03 18:42 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap 2016-04-03 18:34 - 2016-04-03 18:34 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll 2016-04-03 18:34 - 2016-04-03 18:34 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll 2016-04-03 18:32 - 2016-04-03 18:32 - 00944640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll 2016-04-03 18:32 - 2016-04-03 18:32 - 00944640 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll 2016-04-03 18:32 - 2016-04-03 18:32 - 00157696 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll 2016-04-03 18:32 - 2016-04-03 18:32 - 00142336 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll 2016-04-03 18:32 - 2016-04-03 18:32 - 00075776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll 2016-04-03 18:32 - 2016-04-03 18:32 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll 2016-04-03 18:32 - 2016-04-03 18:32 - 00070144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll 2016-04-03 18:29 - 2016-04-03 18:29 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll 2016-04-03 18:28 - 2016-04-03 18:28 - 00195072 _____ C:\WINDOWS\system32\hsa-thunk64.dll 2016-04-03 18:28 - 2016-04-03 18:28 - 00174592 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll 2016-03-29 19:15 - 2016-01-08 01:51 - 01490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll 2016-03-29 19:15 - 2016-01-08 01:51 - 00708168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller.dll 2016-03-29 19:15 - 2016-01-08 01:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudserd.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudobex.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssuddmgr.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00169288 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscebus.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00169288 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscdbus.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00169288 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadbus.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00158024 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssceserd.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00158024 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscdserd.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00158024 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadserd.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00077408 _____ (DEVGURU Co., LTD.) C:\WINDOWS\system32\Drivers\ssudrmnet.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00055904 _____ (QUALCOMM Incorporated) C:\WINDOWS\system32\Drivers\ssudqcfilter.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00033376 _____ (DEVGURU Co., LTD.) C:\WINDOWS\system32\Drivers\ss_conn_usb_driver.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017736 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscewhnt.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017736 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscewh.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017736 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscdwhnt.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017736 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscdwh.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017736 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadwhnt.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017736 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadwh.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017224 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscecmnt.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017224 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscecm.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017224 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscdcmnt.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017224 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\sscdcm.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017224 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadcmnt.sys 2016-03-29 19:15 - 2016-01-08 01:51 - 00017224 _____ (MCCI Corporation) C:\WINDOWS\system32\Drivers\ssadcm.sys 2016-03-26 15:31 - 2016-03-26 15:31 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys 2016-03-26 15:30 - 2016-03-26 15:30 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys 2016-03-16 03:49 - 2016-03-16 03:49 - 00857576 _____ C:\WINDOWS\system32\amdicdxx.dat ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-03 21:16 - 2015-12-16 18:06 - 00152568 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll 2016-04-03 21:16 - 2015-12-16 18:06 - 00133528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll 2016-04-03 21:15 - 2015-12-16 18:06 - 11625784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll 2016-04-03 21:15 - 2015-12-16 18:06 - 09583808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll 2016-04-03 21:15 - 2015-12-16 18:06 - 09526616 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll 2016-04-03 21:15 - 2015-12-16 18:06 - 08843208 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll 2016-04-03 21:15 - 2015-12-16 18:06 - 01517360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll 2016-04-03 21:15 - 2015-12-16 18:06 - 01245416 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll 2016-04-03 21:15 - 2015-12-16 18:06 - 00120656 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll 2016-04-03 21:09 - 2015-12-16 18:07 - 26345472 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys 2016-04-03 20:22 - 2015-05-28 05:00 - 00102400 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys 2016-04-03 18:57 - 2015-12-16 18:07 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll 2016-04-03 18:33 - 2015-12-16 18:07 - 01276416 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll 2016-04-03 18:31 - 2015-12-16 18:07 - 00676864 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys ==================== Files in the root of some directories ======= 2016-04-05 08:16 - 2016-04-05 08:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-04-07 18:26 - 2016-02-07 18:26 - 0000032 ____R () C:\ProgramData\hash.dat Files to move or delete: ==================== C:\ProgramData\hash.dat Some files in TEMP: ==================== C:\Users\PC\AppData\Local\Temp\libeay32.dll C:\Users\PC\AppData\Local\Temp\msvcr120.dll C:\Users\PC\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-05 08:16 ==================== End of FRST.txt ============================
  4. Hello. I have come here to see if anyone recognizes these rootkits. Type: Key Object: Final Location: HKLM\SYSTEM\CurrentControlSet\Services\ADOVMPPackage\ Details: No admin in ACL Type: Key Object: Final Location: HKLM\SYSTEM\ControlSet001\Services\ADOVMPPackage\ Details: No admin in ACL Type: Key Object: Upgrade Location: HKLM\SOFTWARE\Microsoft\Security Center\Svc\ Details: No admin in ACL Type: Key Object: DuState Location: HKLM\SOFTWARE\Microsoft\InputMethod\Chs\ Details: No admin in ACL I use Windows 10

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!