Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Win32/FakeChrome.A found by Windows Defender


  • This topic is locked This topic is locked
15 replies to this topic

#1 badasscurlz

badasscurlz

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 17 July 2014 - 01:16 PM

Hi, I recently acquired a new laptop which is approximately a week old. I have Spybot Search & Destroy, Malwarebytes and Windows defender enabled by default, all of which are the free version.

Since yesterday, Windows Defender has been periodically informing me about a new infection(about once everyday) ;Trojan.Win32/FakeChrome.A.

 

I'm running Windows 8.1 Home edition which is probably why I'm unable to run DDS(stated in the preparatory guide) It gives me an error about compatibility issues.

 

I have ran a full scan with Spybot Search and Destroy, Malwarebytes and Windows Defender.

Spybot Search and Destroy came up with multiple results, Malwarebytes and Windows Defender empty.(This is post removal of the trojan via Windows Defender)

 

Thanks in advance! :)


Edited by badasscurlz, 17 July 2014 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 22 July 2014 - 01:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/541324 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 badasscurlz

badasscurlz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 22 July 2014 - 01:56 PM

Yes, I still need help! Thank you!

 

1. Windows defender seems to find a Trojan.Win32/FakeChrome.A on a daily basis. I scanned my computer daily with Malwarebytes, Spyboy Search and Destroy along with Windows defender and i get no results. Now whenever i log on, my screen turns blacks for a split second and turns back on.

2.I'm using Windows 8.1. I read that DDS isn't compatible.

3.No, no recovery backup disc or whatsoever

 

 

Thanks!



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 23 July 2014 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#5 badasscurlz

badasscurlz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 23 July 2014 - 01:00 PM

# AdwCleaner v3.216 - Report created 24/07/2014 at 02:00:27
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username :
# Running from : C:\Users\Downloads\adwcleaner_3.216.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [958 octets] - [24/07/2014 01:57:34]
AdwCleaner[S0].txt - [886 octets] - [24/07/2014 02:00:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [945 octets] ##########

Edited by badasscurlz, 23 July 2014 - 01:03 PM.


#6 badasscurlz

badasscurlz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 23 July 2014 - 01:13 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-07-2014 01
Ran by (administrator) on CURLZ on 24-07-2014 02:04:27
Running from C:\Users\\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Dropbox, Inc.) C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Hotkey\hkysound.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4681216 2014-01-02] (VIA)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10464536 2014-07-03] (Logitech Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3595608 2014-07-11] (Electronic Arts)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-04] (BillP Studios)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.xin.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6800D4A5EB9CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-11]
CHR Extension: (Google Drive) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
CHR Extension: (YouTube) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-11]
CHR Extension: (Adblock Plus) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-11]
CHR Extension: (Google Search) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-11]
CHR Extension: (Google Wallet) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-11]
CHR Extension: (Gmail) - C:\Users\\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-11]
 
==================== Services (Whitelisted) =================
 
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-13] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-12] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [23552 2014-01-16] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-27] (Insyde Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [445656 2013-11-08] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-20] (Synaptics Incorporated)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows ® Win 7 DDK provider)
R3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [33456 2013-12-16] (Creative Technology Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-07-11] (Basil Projects)
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-24 02:04 - 2014-07-24 02:04 - 00015716 _____ () C:\Users\\Desktop\FRST.txt
2014-07-24 02:04 - 2014-07-24 02:04 - 00000000 ____D () C:\FRST
2014-07-24 01:57 - 2014-07-24 02:00 - 00000000 ____D () C:\AdwCleaner
2014-07-24 01:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-24 01:54 - 2014-07-24 01:54 - 02091520 _____ (Farbar) C:\Users\\Desktop\FRST64.exe
2014-07-24 01:53 - 2014-07-24 01:54 - 01354223 _____ () C:\Users\\Desktop\adwcleaner_3.216.exe
2014-07-23 03:04 - 2014-07-23 03:29 - 00000000 ____D () C:\Users\\AppData\Local\DayZ
2014-07-23 03:04 - 2014-07-23 03:21 - 00000000 ____D () C:\Users\\Documents\DayZ
2014-07-22 02:13 - 2014-07-22 02:13 - 01133552 _____ () C:\Windows\Minidump\072214-19734-01.dmp
2014-07-21 22:29 - 2014-07-24 02:03 - 00000000 __RDO () C:\Users\\OneDrive
2014-07-21 18:36 - 2014-07-19 00:41 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140721-183649.backup
2014-07-19 00:41 - 2014-07-17 16:10 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140719-004129.backup
2014-07-18 20:13 - 2014-07-18 20:18 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-07-18 20:13 - 2014-07-18 20:18 - 00000776 _____ () C:\Windows\LkmdfCoInst.log
2014-07-18 20:13 - 2014-07-18 20:13 - 00000000 ____D () C:\Users\\AppData\Local\Logitech
2014-07-18 20:13 - 2014-07-18 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-18 20:13 - 2014-07-18 20:13 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-07-18 20:12 - 2014-07-18 20:13 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-07-18 20:12 - 2014-07-18 20:12 - 00000000 ____D () C:\Users\\AppData\Roaming\Logitech
2014-07-18 20:12 - 2014-07-18 20:12 - 00000000 ____D () C:\Users\\AppData\Roaming\Logishrd
2014-07-17 16:10 - 2014-07-12 01:53 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140717-161034.backup
2014-07-16 17:14 - 2014-07-24 02:03 - 00000000 ___RD () C:\Users\\Dropbox
2014-07-16 16:25 - 2014-07-16 16:25 - 00000000 ____D () C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-16 16:19 - 2014-07-24 02:03 - 00000000 ____D () C:\Users\\AppData\Roaming\Dropbox
2014-07-16 12:06 - 2014-07-16 12:06 - 00000000 ____D () C:\Users\\Desktop\Wight Loss
2014-07-16 12:03 - 2014-07-16 12:03 - 00019456 ___SH () C:\Users\\Desktop\Thumbs.db
2014-07-15 01:49 - 2014-07-15 01:49 - 00000000 ____D () C:\Users\\AppData\Roaming\WinPatrol
2014-07-15 01:49 - 2014-07-15 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-07-15 01:49 - 2014-07-15 01:49 - 00000000 ____D () C:\ProgramData\InstallMate
2014-07-15 01:49 - 2014-07-15 01:49 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-07-14 22:55 - 2014-07-16 17:18 - 00000000 ____D () C:\Users\\Desktop\SIM
2014-07-14 20:28 - 2014-07-14 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS+AC3 Filter
2014-07-14 20:28 - 2014-07-14 20:28 - 00000000 ____D () C:\Program Files (x86)\DtsFilter
2014-07-14 20:26 - 2014-07-14 20:28 - 00000000 ____D () C:\Users\\Desktop\Torrents
2014-07-14 11:00 - 2014-07-22 02:13 - 700512488 _____ () C:\Windows\MEMORY.DMP
2014-07-14 11:00 - 2014-07-22 02:13 - 00000000 ____D () C:\Windows\Minidump
2014-07-14 11:00 - 2014-07-14 11:01 - 00990640 _____ () C:\Windows\Minidump\071414-30718-01.dmp
2014-07-14 10:55 - 2014-07-14 10:55 - 00000000 ____D () C:\ProgramData\Steam
2014-07-14 04:59 - 2014-07-14 04:59 - 00000000 ____D () C:\Users\\AppData\Roaming\Wolfenstein - The New Order
2014-07-14 04:59 - 2014-07-14 04:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein - The New Order
2014-07-14 04:14 - 2014-07-14 04:14 - 00002988 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI
2014-07-14 04:10 - 2014-07-14 04:58 - 00000000 ____D () C:\Program Files (x86)\Wolfenstein - The New Order
2014-07-14 04:08 - 2014-07-14 04:08 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-07-14 04:08 - 2014-07-14 04:08 - 00000000 ____D () C:\Program Files\MSBuild
2014-07-14 04:08 - 2014-07-14 04:08 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-07-14 04:07 - 2013-08-03 12:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2014-07-14 04:07 - 2013-08-03 12:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-07-14 04:07 - 2013-08-03 12:48 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-07-14 04:07 - 2013-08-03 12:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2014-07-14 04:07 - 2013-08-03 12:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-07-14 04:07 - 2013-08-03 12:41 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-07-14 03:44 - 2014-07-14 03:12 - 2657026048 _____ () C:\Users\\Desktop\[R.G. Mechanics] Wolfenstein - The New Order - Copy.iso
2014-07-14 00:57 - 2014-07-14 00:57 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-13 14:47 - 2014-07-13 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-07-13 14:47 - 2014-07-13 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-13 14:46 - 2014-07-14 04:08 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-07-13 14:46 - 2014-07-13 14:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-13 14:46 - 2014-07-13 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-07-13 14:45 - 2014-07-13 14:45 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-13 14:43 - 2014-07-13 14:43 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-13 14:43 - 2014-07-13 14:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-13 14:43 - 2014-07-13 14:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-07-13 14:42 - 2014-07-15 11:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-13 14:42 - 2014-07-14 23:15 - 00000000 ____D () C:\Users\\AppData\Local\Microsoft Help
2014-07-13 14:42 - 2014-07-13 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-13 14:42 - 2014-07-13 14:42 - 00000000 __RHD () C:\MSOCache
2014-07-13 01:33 - 2014-07-13 01:33 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-07-13 01:23 - 2014-07-13 01:23 - 00000000 ____D () C:\Users\\AppData\Local\PunkBuster
2014-07-13 01:21 - 2014-07-13 01:30 - 00000000 ____D () C:\Users\\Documents\Battlefield 4
2014-07-13 00:38 - 2014-07-13 00:38 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 00:38 - 2014-07-13 00:38 - 00000000 ____D () C:\Users\\AppData\Roaming\Apple Computer
2014-07-13 00:38 - 2014-07-13 00:38 - 00000000 ____D () C:\Users\\AppData\Local\Apple Computer
2014-07-13 00:38 - 2014-07-13 00:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-13 00:38 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-13 00:37 - 2014-07-13 00:38 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 00:37 - 2014-07-13 00:38 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 00:37 - 2014-07-13 00:38 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-13 00:37 - 2014-07-13 00:37 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-13 00:37 - 2014-07-13 00:37 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 00:34 - 2014-07-13 00:34 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Users\\AppData\Local\Apple
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\ProgramData\Apple
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-13 00:31 - 2014-07-13 00:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-13 00:30 - 2014-07-14 10:55 - 00000000 ____D () C:\Users\\AppData\Roaming\NVIDIA
2014-07-12 20:51 - 2014-07-12 20:51 - 00000000 ____D () C:\Users\\Documents\WB Games
2014-07-12 20:47 - 2014-07-12 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Arkham Origins Cold Cold Heart
2014-07-12 20:41 - 2014-07-12 20:47 - 00000000 ____D () C:\Program Files (x86)\Batman Arkham Origins Cold Cold Heart
2014-07-12 19:37 - 2014-07-12 19:37 - 00000000 ____D () C:\Users\\Documents\Assassin's Creed III
2014-07-12 19:37 - 2014-07-12 19:37 - 00000000 ____D () C:\Users\\AppData\Roaming\Theta
2014-07-12 19:35 - 2014-07-12 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed III
2014-07-12 19:34 - 2014-07-12 19:34 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-12 19:33 - 2014-07-12 19:34 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-12 19:19 - 2014-07-12 19:35 - 00000000 ____D () C:\Program Files (x86)\Assassins Creed III
2014-07-12 19:15 - 2014-07-11 23:30 - 1416038400 _____ () C:\Users\\Desktop\BB-AC3.iso
2014-07-12 02:36 - 2014-06-27 04:55 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-12 02:36 - 2014-06-27 04:55 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-12 02:33 - 2014-07-12 02:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 02:27 - 2014-04-14 11:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-12 02:18 - 2014-03-24 10:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-07-12 02:18 - 2014-03-24 10:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-07-12 02:18 - 2014-03-24 10:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-07-12 02:17 - 2014-07-12 02:21 - 00000000 ____D () C:\Users\\Desktop\Supernatural season 9
2014-07-12 02:16 - 2014-05-09 07:06 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-07-12 02:05 - 2014-07-12 02:05 - 00000000 ____D () C:\Users\\AppData\Local\ESN
2014-07-12 01:53 - 2013-08-22 21:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140712-015333.backup
2014-07-12 01:44 - 2014-07-12 02:34 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-07-12 01:43 - 2014-07-24 01:34 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-12 01:43 - 2014-07-23 01:59 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-12 01:43 - 2014-07-12 01:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-12 01:43 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-07-12 01:43 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-07-12 01:43 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-07-12 01:43 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-07-12 01:43 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-07-12 01:43 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-07-12 01:43 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-07-12 01:43 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-07-12 01:43 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-07-12 01:43 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-07-12 01:43 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-07-12 01:43 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-07-12 01:43 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-07-12 01:43 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-07-12 01:43 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-07-12 01:43 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-07-12 01:43 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-07-12 01:43 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-07-12 01:43 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-07-12 01:43 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-07-12 01:43 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-07-12 01:43 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-07-12 01:43 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-07-12 01:43 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-07-12 01:43 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-07-12 01:43 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-07-12 01:43 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-07-12 01:43 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-07-12 01:43 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-07-12 01:43 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-07-12 01:43 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-07-12 01:43 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-07-12 01:43 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-07-12 01:43 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-07-12 01:43 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-07-12 01:43 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-07-12 01:43 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-07-12 01:43 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-07-12 01:43 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-07-12 01:43 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-07-12 01:43 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-07-12 01:43 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-07-12 01:43 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-07-12 01:43 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-07-12 01:43 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-07-12 01:43 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-07-12 01:43 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-07-12 01:43 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-07-12 01:43 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-07-12 01:43 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-07-12 01:43 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-07-12 01:43 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-07-12 01:43 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-07-12 01:43 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-07-12 01:43 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-07-12 01:43 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-07-12 01:43 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-07-12 01:43 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-07-12 01:43 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-07-12 01:43 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-07-12 01:43 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-07-12 01:43 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-07-12 01:43 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-07-12 01:43 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-07-12 01:43 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-07-12 01:43 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-07-12 01:43 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-07-12 01:43 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-07-12 01:43 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-07-12 01:43 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-07-12 01:43 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-07-12 01:43 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-07-12 01:43 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-07-12 01:43 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-07-12 01:43 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-07-12 01:43 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-07-12 01:43 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-07-12 01:43 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-07-12 01:43 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-07-12 01:43 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-07-12 01:43 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-07-12 01:43 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-07-12 01:43 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-07-12 01:43 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-07-12 01:43 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-07-12 01:43 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-07-12 01:43 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-07-12 01:43 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-07-12 01:43 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-07-12 01:43 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-07-12 01:43 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-07-12 01:43 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-07-12 01:43 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-07-12 01:43 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-07-12 01:43 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-07-12 01:43 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-07-12 01:43 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-07-12 01:43 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-07-12 01:43 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-07-12 01:43 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-07-12 01:43 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-07-12 01:43 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-07-12 01:43 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-07-12 01:43 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-07-12 01:43 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-07-12 01:43 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-07-12 01:43 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-07-12 01:43 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-07-12 01:43 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-07-12 01:43 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-07-12 01:43 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-07-12 01:43 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-07-12 01:43 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-07-12 01:43 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-07-12 01:43 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-07-12 01:43 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-07-12 01:43 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-07-12 01:43 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-07-12 01:43 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-07-12 01:43 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-07-12 01:43 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-07-12 01:43 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-07-12 01:43 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-07-12 01:43 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-07-12 01:43 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-07-12 01:43 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-07-12 01:43 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-07-12 01:43 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-07-12 01:43 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-07-12 01:43 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-07-12 01:43 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-07-12 01:43 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-07-12 01:43 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-07-12 01:43 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-07-12 01:43 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-07-12 01:43 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-07-12 01:43 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-07-12 01:43 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-07-12 01:43 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-07-12 01:43 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-07-12 01:42 - 2014-07-23 03:04 - 00028280 _____ () C:\Windows\DirectX.log
2014-07-12 01:42 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-07-12 01:42 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-07-12 01:42 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-07-12 01:42 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-07-12 01:42 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-07-12 01:42 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-07-12 01:42 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-07-12 01:42 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-07-12 01:42 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-07-12 01:42 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-07-12 01:42 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-07-12 01:42 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-07-12 01:42 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-07-12 01:42 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-07-12 01:42 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-07-12 01:42 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-07-12 01:42 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-07-12 01:42 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-07-12 01:42 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-07-12 01:42 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-07-12 01:42 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-07-12 01:42 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-07-12 01:42 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-07-12 01:42 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-07-12 01:24 - 2014-07-12 01:24 - 00000000 ____D () C:\ProgramData\GRETECH
2014-07-12 01:23 - 2014-07-12 01:23 - 00000000 ____D () C:\Users\\AppData\Roaming\GRETECH
2014-07-12 01:23 - 2014-07-12 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2014-07-12 01:22 - 2014-07-12 01:22 - 00000000 ____D () C:\Program Files (x86)\GRETECH
2014-07-12 01:18 - 2014-07-01 06:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-12 01:18 - 2014-06-28 15:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-12 01:18 - 2014-06-28 15:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-12 01:04 - 2014-03-13 15:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-07-12 01:04 - 2014-03-13 14:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-07-12 00:58 - 2014-04-09 06:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-07-12 00:58 - 2014-04-09 06:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-07-12 00:58 - 2014-04-09 02:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-07-12 00:58 - 2014-04-09 02:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-07-11 23:22 - 2014-07-11 23:22 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-11 23:21 - 2014-07-17 16:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-11 23:21 - 2014-07-11 23:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-11 23:21 - 2014-07-11 23:21 - 00001410 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-11 23:21 - 2014-07-11 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-11 23:21 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-07-11 23:19 - 2014-07-11 23:19 - 00003716 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
2014-07-11 23:19 - 2014-07-11 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-07-11 23:19 - 2014-07-11 23:19 - 00000000 ____D () C:\Program Files\KMSpico
2014-07-11 23:14 - 2014-07-11 23:14 - 00000000 ____D () C:\Users\\Desktop\Hallowennpsycho KMS
2014-07-11 18:16 - 2014-07-11 18:17 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-11 18:15 - 2014-07-12 02:37 - 00000000 ____D () C:\Users\\AppData\Roaming\Origin
2014-07-11 18:15 - 2014-07-11 18:16 - 00000000 ____D () C:\Users\\AppData\Local\Origin
2014-07-11 18:14 - 2014-07-24 02:02 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-11 18:14 - 2014-07-23 20:32 - 00000000 ____D () C:\ProgramData\Origin
2014-07-11 18:14 - 2014-07-12 02:19 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-11 18:14 - 2014-07-11 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-11 18:10 - 2014-07-23 19:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-11 18:10 - 2014-07-11 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-11 18:06 - 2014-07-11 18:06 - 00000000 ____D () C:\Users\\AppData\Local\qBittorrent
2014-07-11 18:04 - 2014-05-30 07:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-11 18:04 - 2014-05-30 07:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-11 18:03 - 2014-07-11 18:24 - 00000000 ____D () C:\Users\\AppData\Roaming\qBittorrent
2014-07-11 18:03 - 2014-07-11 18:03 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2014-07-11 17:59 - 2014-07-21 18:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-11 17:59 - 2014-07-11 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-11 17:59 - 2014-07-11 17:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-11 17:59 - 2014-07-11 17:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-11 17:59 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-11 17:59 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-11 17:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-11 17:53 - 2014-06-17 06:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-11 17:53 - 2014-06-17 06:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 17:53 - 2014-06-06 22:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 17:53 - 2014-05-30 11:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-11 17:53 - 2014-05-29 20:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-11 17:53 - 2014-05-29 15:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-11 17:53 - 2014-05-29 14:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-11 17:53 - 2014-05-29 14:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-11 17:53 - 2014-05-29 13:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-11 17:53 - 2014-05-29 13:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-11 17:53 - 2014-05-10 11:46 - 02151424 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-07-11 17:53 - 2014-05-10 11:22 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-07-11 17:53 - 2014-05-05 12:02 - 03360256 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-11 17:53 - 2014-04-30 19:16 - 01336648 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-07-11 17:53 - 2014-04-30 11:51 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-07-11 17:53 - 2014-04-03 15:59 - 02518872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-07-11 17:53 - 2014-04-03 15:59 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-07-11 17:52 - 2014-04-11 11:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-07-11 17:52 - 2014-04-11 11:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-07-11 17:52 - 2014-04-11 11:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-11 17:52 - 2014-04-11 11:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-11 17:52 - 2014-04-11 11:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-11 17:52 - 2014-04-11 10:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-07-11 17:52 - 2014-04-11 10:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-07-11 17:52 - 2014-04-11 10:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-11 17:51 - 2014-06-19 09:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 17:51 - 2014-06-19 08:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-11 17:51 - 2014-06-19 08:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 17:51 - 2014-06-19 07:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 17:51 - 2014-06-19 07:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 17:51 - 2014-06-19 07:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-11 17:51 - 2014-06-19 07:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-11 17:51 - 2014-06-19 06:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-11 17:51 - 2014-06-19 06:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-11 17:51 - 2014-06-19 06:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-11 17:51 - 2014-05-19 14:31 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
2014-07-11 17:51 - 2014-05-19 14:21 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2014-07-11 17:51 - 2014-05-19 13:23 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-07-11 17:51 - 2014-04-18 22:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-07-11 17:51 - 2014-04-18 22:44 - 01466856 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-07-11 17:51 - 2014-04-18 21:29 - 01200288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-07-11 17:51 - 2014-04-18 17:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2014-07-11 17:51 - 2014-04-18 16:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-07-11 17:51 - 2014-04-18 16:21 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-07-11 17:51 - 2014-04-18 16:09 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-07-11 17:51 - 2014-04-18 15:51 - 00836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-07-11 17:51 - 2014-04-18 15:49 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-07-11 17:51 - 2014-04-14 17:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2014-07-11 17:51 - 2014-04-14 16:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-07-11 17:51 - 2014-04-11 14:13 - 01200128 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-07-11 17:51 - 2014-04-11 12:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-07-11 17:51 - 2014-04-11 12:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-07-11 17:51 - 2014-04-11 11:30 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-07-11 17:51 - 2014-04-09 19:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-07-11 17:51 - 2014-04-09 14:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-07-11 17:51 - 2014-04-09 13:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-07-11 17:51 - 2014-04-09 11:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2014-07-11 17:51 - 2014-04-08 10:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-07-11 17:51 - 2014-04-07 00:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-07-11 17:51 - 2014-04-07 00:34 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-07-11 17:51 - 2014-04-07 00:32 - 00125496 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-07-11 17:51 - 2014-04-07 00:31 - 21268952 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-07-11 17:51 - 2014-04-07 00:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2014-07-11 17:51 - 2014-04-07 00:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2014-07-11 17:51 - 2014-04-07 00:20 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 00467496 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 00463256 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 00244880 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-07-11 17:51 - 2014-04-07 00:20 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-07-11 17:51 - 2014-04-07 00:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-07-11 17:51 - 2014-04-06 23:23 - 00098584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-07-11 17:51 - 2014-04-06 23:22 - 18755672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-07-11 17:51 - 2014-04-06 23:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2014-07-11 17:51 - 2014-04-06 23:16 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-07-11 17:51 - 2014-04-06 23:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-07-11 17:51 - 2014-04-06 23:16 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-07-11 17:51 - 2014-04-06 23:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-07-11 17:51 - 2014-04-06 23:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-07-11 17:51 - 2014-04-06 23:16 - 00406504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-07-11 17:51 - 2014-04-06 23:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-07-11 17:51 - 2014-04-06 23:16 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-07-11 17:51 - 2014-04-06 23:16 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-07-11 17:51 - 2014-04-06 20:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-07-11 17:51 - 2014-04-06 20:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-07-11 17:51 - 2014-04-06 20:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2014-07-11 17:51 - 2014-04-06 20:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-07-11 17:51 - 2014-04-06 20:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-07-11 17:51 - 2014-04-06 19:55 - 16872448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-07-11 17:51 - 2014-04-06 19:54 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-07-11 17:51 - 2014-04-06 19:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2014-07-11 17:51 - 2014-04-06 19:20 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-07-11 17:51 - 2014-04-06 19:01 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-07-11 17:51 - 2014-04-06 18:52 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-07-11 17:51 - 2014-04-06 18:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-07-11 17:51 - 2014-04-06 18:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-07-11 17:51 - 2014-04-06 18:36 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-07-11 17:51 - 2014-04-06 18:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2014-07-11 17:51 - 2014-04-06 17:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-07-11 17:51 - 2014-04-03 16:12 - 02124840 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-07-11 17:51 - 2014-04-03 16:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-07-11 17:51 - 2014-04-03 16:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2014-07-11 17:51 - 2014-04-03 12:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-07-11 17:51 - 2014-04-03 12:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2014-07-11 17:51 - 2014-04-03 11:53 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-07-11 17:51 - 2014-04-03 10:53 - 04269056 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-07-11 17:51 - 2014-04-03 10:53 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-07-11 17:51 - 2014-04-03 10:51 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-07-11 17:51 - 2014-04-03 10:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-07-11 17:51 - 2014-04-03 10:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-07-11 17:51 - 2014-04-03 10:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2014-07-11 17:51 - 2014-04-01 14:23 - 00384856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-07-11 17:51 - 2014-03-31 13:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-11 17:51 - 2014-03-31 08:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-07-11 17:51 - 2014-03-31 08:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-07-11 17:51 - 2014-03-31 07:43 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-07-11 17:51 - 2014-03-31 06:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-07-11 17:51 - 2014-03-31 06:49 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-07-11 17:51 - 2014-03-31 06:35 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-07-11 17:51 - 2014-03-31 06:11 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-07-11 17:51 - 2014-03-31 05:47 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-07-11 17:51 - 2014-03-28 23:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2014-07-11 17:51 - 2014-03-27 14:16 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-07-11 17:51 - 2014-03-27 13:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-07-11 17:51 - 2014-03-27 12:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-07-11 17:51 - 2014-03-27 12:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-07-11 17:51 - 2014-03-27 12:19 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-07-11 17:51 - 2014-03-27 11:46 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-07-11 17:51 - 2014-03-27 11:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-07-11 17:51 - 2014-03-27 11:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-07-11 17:51 - 2014-03-25 06:58 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-07-11 17:51 - 2014-03-20 11:48 - 00263424 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-07-11 17:51 - 2014-03-20 08:44 - 06645248 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-11 17:51 - 2014-03-20 07:33 - 05774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-11 17:51 - 2014-03-19 16:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2014-07-11 17:51 - 2014-03-19 16:07 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-07-11 17:51 - 2014-03-19 15:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-11 17:51 - 2014-03-19 15:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2014-07-11 17:51 - 2014-03-19 14:36 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-11 17:51 - 2014-03-19 13:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-11 17:51 - 2014-03-19 13:45 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-07-11 17:51 - 2014-03-19 13:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-07-11 17:51 - 2014-03-19 13:07 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-07-11 17:51 - 2014-03-19 13:02 - 01527296 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-07-11 17:51 - 2014-03-19 13:00 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-07-11 17:51 - 2014-03-19 12:51 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-07-11 17:51 - 2014-03-19 12:31 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-07-11 17:51 - 2014-03-19 12:18 - 02688000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-07-11 17:51 - 2014-03-18 16:19 - 00077312 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-11 17:51 - 2014-03-18 13:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2014-07-11 17:51 - 2014-03-18 12:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-07-11 17:51 - 2014-03-17 13:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-07-11 17:51 - 2014-03-17 12:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-07-11 17:51 - 2014-03-17 11:01 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-07-11 17:51 - 2014-03-17 10:47 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-11 17:51 - 2014-03-17 10:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-07-11 17:51 - 2014-03-14 14:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2014-07-11 17:51 - 2014-03-14 14:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-07-11 17:51 - 2014-03-06 20:42 - 00310616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-07-11 17:50 - 2014-06-19 08:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 17:50 - 2014-06-19 07:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 17:50 - 2014-06-19 07:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-11 17:50 - 2014-06-19 07:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 17:50 - 2014-06-19 07:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-11 17:50 - 2014-06-19 07:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 17:50 - 2014-06-19 06:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 17:50 - 2014-06-19 06:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-11 17:50 - 2014-06-19 06:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 17:50 - 2014-06-19 06:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-11 17:50 - 2014-06-19 06:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-11 17:50 - 2014-06-19 06:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-11 17:50 - 2014-06-19 06:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 17:50 - 2014-06-19 06:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-11 17:50 - 2014-06-19 06:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-11 17:50 - 2014-06-19 06:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-11 17:50 - 2014-06-19 06:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-11 17:50 - 2014-06-06 21:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 17:50 - 2014-06-06 20:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-11 17:50 - 2014-05-30 17:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 17:50 - 2014-05-30 17:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-11 17:50 - 2014-05-30 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-11 17:50 - 2014-05-30 16:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-11 17:50 - 2014-05-01 21:31 - 03048904 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-07-11 17:50 - 2014-05-01 21:31 - 00055328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2014-07-11 17:50 - 2014-05-01 15:14 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-07-11 17:50 - 2014-05-01 15:05 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-07-11 17:50 - 2014-05-01 14:51 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-07-11 17:50 - 2014-05-01 13:24 - 02834944 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2014-07-11 17:50 - 2014-04-30 12:43 - 01975296 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-07-11 17:50 - 2014-04-30 12:26 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-07-11 17:50 - 2014-04-30 11:47 - 01509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-07-11 17:49 - 2014-05-31 18:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-11 17:49 - 2014-05-31 18:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-11 17:49 - 2014-05-31 11:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-11 17:49 - 2014-05-31 11:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-11 17:49 - 2014-05-31 11:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 17:49 - 2014-05-31 11:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-11 17:49 - 2014-05-31 11:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-11 17:49 - 2014-05-31 11:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 17:49 - 2014-05-31 10:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-11 17:49 - 2014-05-31 10:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-11 17:49 - 2014-05-31 10:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-11 17:49 - 2014-05-31 10:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-11 17:49 - 2014-05-31 10:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-11 17:49 - 2014-05-31 10:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-11 17:49 - 2014-05-31 10:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-11 17:49 - 2014-04-11 16:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-07-11 17:49 - 2014-04-11 14:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-11 17:49 - 2014-04-11 13:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-11 17:49 - 2014-04-11 13:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-11 17:41 - 2014-07-24 02:03 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-11 17:41 - 2014-07-24 01:46 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-11 17:41 - 2014-07-11 17:41 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-11 17:41 - 2014-07-11 17:41 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 ____D () C:\Users\\AppData\Local\Google
2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-11 17:39 - 2014-07-24 01:59 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429218106-2658364167-3459249354-1003
2014-07-11 17:37 - 2014-07-11 23:37 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5FDF66DD-25D9-4020-8D81-5A4247143553}
2014-07-11 17:37 - 2014-07-11 17:37 - 00000000 __SHD () C:\Users\\AppData\Local\EmieUserList
2014-07-11 17:37 - 2014-07-11 17:37 - 00000000 __SHD () C:\Users\\AppData\Local\EmieSiteList
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\Users\\AppData\Roaming\Macromedia
2014-07-11 16:45 - 2014-07-11 16:45 - 00000000 ____D () C:\Users\\Documents\My Received Files
2014-07-11 16:44 - 2014-07-23 20:52 - 00000000 ____D () C:\Users\\AppData\Roaming\Intel
2014-07-11 16:44 - 2014-07-22 03:04 - 00000000 ____D () C:\Users\
2014-07-11 16:44 - 2014-07-22 03:02 - 00000000 ____D () C:\Users\\AppData\Local\Packages
2014-07-11 16:44 - 2014-07-11 18:04 - 00000000 ____D () C:\Users\\AppData\Local\NVIDIA Corporation
2014-07-11 16:44 - 2014-07-11 17:41 - 00000000 ____D () C:\Users\\AppData\Local\NVIDIA
2014-07-11 16:44 - 2014-07-11 16:44 - 00001449 _____ () C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-11 16:44 - 2014-07-11 16:44 - 00000020 ___SH () C:\Users\\ntuser.ini
2014-07-11 16:44 - 2014-07-11 16:44 - 00000000 ____D () C:\Users\\AppData\Roaming\Adobe
2014-07-11 16:44 - 2014-07-11 16:44 - 00000000 ____D () C:\Users\\AppData\Local\VirtualStore
2014-07-11 16:44 - 2014-05-31 13:34 - 00000000 ___RD () C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-11 16:44 - 2014-05-31 13:34 - 00000000 ___RD () C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-11 16:44 - 2014-02-22 12:37 - 00000369 _____ () C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-07-11 16:44 - 2014-02-22 12:37 - 00000369 _____ () C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-07-11 16:44 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-11 16:44 - 2013-08-22 23:36 - 00000000 ____D () C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-11 11:28 - 2014-07-11 11:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2014-07-11 11:28 - 2014-07-11 11:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2014-07-11 11:26 - 2014-07-11 11:26 - 00012188 _____ () C:\Windows\DPINST.LOG
2014-07-11 11:26 - 2014-07-11 11:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-07-11 11:26 - 2014-07-11 11:26 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-07-11 11:26 - 2014-07-11 11:26 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-11 11:21 - 2014-07-11 11:21 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E49806AE-6BE1-4177-A9ED-A3A03E827DDE}
2014-07-11 11:15 - 2014-07-12 19:33 - 00000000 ____D () C:\Temp
2014-07-11 11:15 - 2014-07-11 11:15 - 00000022 _____ () C:\Windows\GPU-Z.INI
 
==================== One Month Modified Files and Folders =======
 
2014-07-24 02:04 - 2014-07-24 02:04 - 00015716 _____ () C:\Users\\Desktop\FRST.txt
2014-07-24 02:04 - 2014-07-24 02:04 - 00000000 ____D () C:\FRST
2014-07-24 02:03 - 2014-07-21 22:29 - 00000000 __RDO () C:\Users\\OneDrive
2014-07-24 02:03 - 2014-07-16 17:14 - 00000000 ___RD () C:\Users\\Dropbox
2014-07-24 02:03 - 2014-07-16 16:19 - 00000000 ____D () C:\Users\\AppData\Roaming\Dropbox
2014-07-24 02:03 - 2014-07-11 17:41 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-24 02:02 - 2014-07-11 18:14 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-24 02:02 - 2013-08-22 22:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-24 02:01 - 2014-03-16 19:39 - 00036316 _____ () C:\Windows\PFRO.log
2014-07-24 02:01 - 2013-08-22 21:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-24 02:00 - 2014-07-24 01:57 - 00000000 ____D () C:\AdwCleaner
2014-07-24 02:00 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-24 01:59 - 2014-07-11 17:39 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429218106-2658364167-3459249354-1003
2014-07-24 01:54 - 2014-07-24 01:54 - 02091520 _____ (Farbar) C:\Users\\Desktop\FRST64.exe
2014-07-24 01:54 - 2014-07-24 01:53 - 01354223 _____ () C:\Users\\Desktop\adwcleaner_3.216.exe
2014-07-24 01:46 - 2014-07-11 17:41 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-24 01:34 - 2014-07-12 01:43 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-24 01:20 - 2014-03-16 18:17 - 01224727 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 01:09 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-23 20:52 - 2014-07-11 16:44 - 00000000 ____D () C:\Users\\AppData\Roaming\Intel
2014-07-23 20:32 - 2014-07-11 18:14 - 00000000 ____D () C:\ProgramData\Origin
2014-07-23 19:37 - 2014-07-11 18:10 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-23 03:29 - 2014-07-23 03:04 - 00000000 ____D () C:\Users\\AppData\Local\DayZ
2014-07-23 03:21 - 2014-07-23 03:04 - 00000000 ____D () C:\Users\\Documents\DayZ
2014-07-23 03:04 - 2014-07-12 01:42 - 00028280 _____ () C:\Windows\DirectX.log
2014-07-23 01:59 - 2014-07-12 01:43 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-22 03:04 - 2014-07-11 16:44 - 00000000 ____D () C:\Users\
2014-07-22 03:02 - 2014-07-11 16:44 - 00000000 ____D () C:\Users\\AppData\Local\Packages
2014-07-22 02:20 - 2014-03-16 18:24 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-22 02:13 - 2014-07-22 02:13 - 01133552 _____ () C:\Windows\Minidump\072214-19734-01.dmp
2014-07-22 02:13 - 2014-07-14 11:00 - 700512488 _____ () C:\Windows\MEMORY.DMP
2014-07-22 02:13 - 2014-07-14 11:00 - 00000000 ____D () C:\Windows\Minidump
2014-07-21 18:35 - 2014-07-11 17:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-19 00:41 - 2014-07-21 18:36 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140721-183649.backup
2014-07-18 20:18 - 2014-07-18 20:13 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-07-18 20:18 - 2014-07-18 20:13 - 00000776 _____ () C:\Windows\LkmdfCoInst.log
2014-07-18 20:13 - 2014-07-18 20:13 - 00000000 ____D () C:\Users\\AppData\Local\Logitech
2014-07-18 20:13 - 2014-07-18 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-18 20:13 - 2014-07-18 20:13 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-07-18 20:13 - 2014-07-18 20:12 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2014-07-18 20:12 - 2014-07-18 20:12 - 00000000 ____D () C:\Users\\AppData\Roaming\Logitech
2014-07-18 20:12 - 2014-07-18 20:12 - 00000000 ____D () C:\Users\\AppData\Roaming\Logishrd
2014-07-18 20:12 - 2014-03-16 19:30 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-17 16:40 - 2014-07-11 23:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-17 16:10 - 2014-07-19 00:41 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140719-004129.backup
2014-07-16 17:18 - 2014-07-14 22:55 - 00000000 ____D () C:\Users\\Desktop\SIM
2014-07-16 16:25 - 2014-07-16 16:25 - 00000000 ____D () C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-16 12:06 - 2014-07-16 12:06 - 00000000 ____D () C:\Users\\Desktop\Wight Loss
2014-07-16 12:03 - 2014-07-16 12:03 - 00019456 ___SH () C:\Users\\Desktop\Thumbs.db
2014-07-16 12:02 - 2014-03-25 13:37 - 00017144 _____ () C:\Windows\setupact.log
2014-07-15 11:50 - 2014-07-13 14:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-15 11:45 - 2013-08-22 23:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-15 11:45 - 2013-08-22 21:25 - 00000167 _____ () C:\Windows\win.ini
2014-07-15 01:49 - 2014-07-15 01:49 - 00000000 ____D () C:\Users\\AppData\Roaming\WinPatrol
2014-07-15 01:49 - 2014-07-15 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-07-15 01:49 - 2014-07-15 01:49 - 00000000 ____D () C:\ProgramData\InstallMate
2014-07-15 01:49 - 2014-07-15 01:49 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-07-15 01:41 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-14 23:15 - 2014-07-13 14:42 - 00000000 ____D () C:\Users\\AppData\Local\Microsoft Help
2014-07-14 20:28 - 2014-07-14 20:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS+AC3 Filter
2014-07-14 20:28 - 2014-07-14 20:28 - 00000000 ____D () C:\Program Files (x86)\DtsFilter
2014-07-14 20:28 - 2014-07-14 20:26 - 00000000 ____D () C:\Users\\Desktop\Torrents
2014-07-14 11:01 - 2014-07-14 11:00 - 00990640 _____ () C:\Windows\Minidump\071414-30718-01.dmp
2014-07-14 11:00 - 2013-08-22 22:44 - 00473392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 10:55 - 2014-07-14 10:55 - 00000000 ____D () C:\ProgramData\Steam
2014-07-14 10:55 - 2014-07-13 00:30 - 00000000 ____D () C:\Users\\AppData\Roaming\NVIDIA
2014-07-14 05:33 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\rescache
2014-07-14 04:59 - 2014-07-14 04:59 - 00000000 ____D () C:\Users\\AppData\Roaming\Wolfenstein - The New Order
2014-07-14 04:59 - 2014-07-14 04:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfenstein - The New Order
2014-07-14 04:58 - 2014-07-14 04:10 - 00000000 ____D () C:\Program Files (x86)\Wolfenstein - The New Order
2014-07-14 04:14 - 2014-07-14 04:14 - 00002988 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1970835742GUI
2014-07-14 04:08 - 2014-07-14 04:08 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-07-14 04:08 - 2014-07-14 04:08 - 00000000 ____D () C:\Program Files\MSBuild
2014-07-14 04:08 - 2014-07-14 04:08 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-07-14 04:08 - 2014-07-13 14:46 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-07-14 03:12 - 2014-07-14 03:44 - 2657026048 _____ () C:\Users\\Desktop\[R.G. Mechanics] Wolfenstein - The New Order - Copy.iso
2014-07-14 00:57 - 2014-07-14 00:57 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-07-13 14:47 - 2014-07-13 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-07-13 14:47 - 2014-07-13 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-07-13 14:46 - 2014-07-13 14:46 - 00000000 ____D () C:\Windows\PCHEALTH
2014-07-13 14:46 - 2014-07-13 14:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-07-13 14:46 - 2014-07-13 14:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-13 14:46 - 2013-08-23 03:11 - 00000000 ____D () C:\Windows\ShellNew
2014-07-13 14:45 - 2014-07-13 14:45 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-07-13 14:45 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-13 14:43 - 2014-07-13 14:43 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-07-13 14:43 - 2014-07-13 14:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-07-13 14:43 - 2014-07-13 14:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-07-13 14:42 - 2014-07-13 14:42 - 00000000 __RHD () C:\MSOCache
2014-07-13 01:33 - 2014-07-13 01:33 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-07-13 01:30 - 2014-07-13 01:21 - 00000000 ____D () C:\Users\\Documents\Battlefield 4
2014-07-13 01:23 - 2014-07-13 01:23 - 00000000 ____D () C:\Users\\AppData\Local\PunkBuster
2014-07-13 00:38 - 2014-07-13 00:38 - 00001802 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-13 00:38 - 2014-07-13 00:38 - 00000000 ____D () C:\Users\\AppData\Roaming\Apple Computer
2014-07-13 00:38 - 2014-07-13 00:38 - 00000000 ____D () C:\Users\\AppData\Local\Apple Computer
2014-07-13 00:38 - 2014-07-13 00:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-13 00:38 - 2014-07-13 00:37 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 00:38 - 2014-07-13 00:37 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 00:38 - 2014-07-13 00:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-13 00:37 - 2014-07-13 00:37 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-13 00:37 - 2014-07-13 00:37 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 00:34 - 2014-07-13 00:34 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Users\\AppData\Local\Apple
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\ProgramData\Apple
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-13 00:34 - 2014-07-13 00:34 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-13 00:31 - 2014-07-13 00:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-12 20:51 - 2014-07-12 20:51 - 00000000 ____D () C:\Users\\Documents\WB Games
2014-07-12 20:48 - 2014-07-12 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman Arkham Origins Cold Cold Heart
2014-07-12 20:47 - 2014-07-12 20:41 - 00000000 ____D () C:\Program Files (x86)\Batman Arkham Origins Cold Cold Heart
2014-07-12 19:37 - 2014-07-12 19:37 - 00000000 ____D () C:\Users\\Documents\Assassin's Creed III
2014-07-12 19:37 - 2014-07-12 19:37 - 00000000 ____D () C:\Users\\AppData\Roaming\Theta
2014-07-12 19:35 - 2014-07-12 19:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assassins Creed III
2014-07-12 19:35 - 2014-07-12 19:19 - 00000000 ____D () C:\Program Files (x86)\Assassins Creed III
2014-07-12 19:34 - 2014-07-12 19:34 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-07-12 19:34 - 2014-07-12 19:33 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-07-12 19:33 - 2014-07-11 11:15 - 00000000 ____D () C:\Temp
2014-07-12 02:37 - 2014-07-11 18:15 - 00000000 ____D () C:\Users\\AppData\Roaming\Origin
2014-07-12 02:34 - 2014-07-12 01:44 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-07-12 02:33 - 2014-07-12 02:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 02:33 - 2013-08-23 03:11 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 02:33 - 2013-08-22 23:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-12 02:33 - 2013-08-22 23:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-07-12 02:33 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-12 02:33 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 02:33 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-12 02:33 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-12 02:33 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-07-12 02:33 - 2013-08-22 21:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-07-12 02:31 - 2014-03-16 18:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 02:21 - 2014-07-12 02:17 - 00000000 ____D () C:\Users\\Desktop\Supernatural season 9
2014-07-12 02:19 - 2014-07-11 18:14 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-12 02:05 - 2014-07-12 02:05 - 00000000 ____D () C:\Users\\AppData\Local\ESN
2014-07-12 01:53 - 2014-07-17 16:10 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140717-161034.backup
2014-07-12 01:43 - 2014-07-12 01:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-12 01:24 - 2014-07-12 01:24 - 00000000 ____D () C:\ProgramData\GRETECH
2014-07-12 01:23 - 2014-07-12 01:23 - 00000000 ____D () C:\Users\\AppData\Roaming\GRETECH
2014-07-12 01:23 - 2014-07-12 01:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2014-07-12 01:22 - 2014-07-12 01:22 - 00000000 ____D () C:\Program Files (x86)\GRETECH
2014-07-11 23:37 - 2014-07-11 17:37 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5FDF66DD-25D9-4020-8D81-5A4247143553}
2014-07-11 23:30 - 2014-07-12 19:15 - 1416038400 _____ () C:\Users\\Desktop\BB-AC3.iso
2014-07-11 23:27 - 2014-07-11 23:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-11 23:22 - 2014-07-11 23:22 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-11 23:21 - 2014-07-11 23:21 - 00001410 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-07-11 23:21 - 2014-07-11 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-07-11 23:19 - 2014-07-11 23:19 - 00003716 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
2014-07-11 23:19 - 2014-07-11 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2014-07-11 23:19 - 2014-07-11 23:19 - 00000000 ____D () C:\Program Files\KMSpico
2014-07-11 23:14 - 2014-07-11 23:14 - 00000000 ____D () C:\Users\\Desktop\Hallowennpsycho KMS
2014-07-11 18:24 - 2014-07-11 18:03 - 00000000 ____D () C:\Users\\AppData\Roaming\qBittorrent
2014-07-11 18:17 - 2014-07-11 18:16 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-11 18:16 - 2014-07-11 18:15 - 00000000 ____D () C:\Users\\AppData\Local\Origin
2014-07-11 18:14 - 2014-07-11 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-07-11 18:10 - 2014-07-11 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-11 18:06 - 2014-07-11 18:06 - 00000000 ____D () C:\Users\\AppData\Local\qBittorrent
2014-07-11 18:04 - 2014-07-11 16:44 - 00000000 ____D () C:\Users\\AppData\Local\NVIDIA Corporation
2014-07-11 18:04 - 2014-03-16 19:19 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-11 18:03 - 2014-07-11 18:03 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2014-07-11 17:59 - 2014-07-11 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-11 17:59 - 2014-07-11 17:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-11 17:59 - 2014-07-11 17:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-11 17:47 - 2013-08-22 21:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-11 17:41 - 2014-07-11 17:41 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-11 17:41 - 2014-07-11 17:41 - 00003660 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 ____D () C:\Users\\AppData\Local\Google
2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-11 17:41 - 2014-07-11 17:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-11 17:41 - 2014-07-11 16:44 - 00000000 ____D () C:\Users\\AppData\Local\NVIDIA
2014-07-11 17:37 - 2014-07-11 17:37 - 00000000 __SHD () C:\Users\\AppData\Local\EmieUserList
2014-07-11 17:37 - 2014-07-11 17:37 - 00000000 __SHD () C:\Users\\AppData\Local\EmieSiteList
2014-07-11 17:36 - 2014-07-11 17:36 - 00000000 ____D () C:\Users\\AppData\Roaming\Macromedia
2014-07-11 16:45 - 2014-07-11 16:45 - 00000000 ____D () C:\Users\\Documents\My Received Files
2014-07-11 16:45 - 2014-03-16 18:18 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-11 16:44 - 2014-07-11 16:44 - 00001449 _____ () C:\Users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-11 16:44 - 2014-07-11 16:44 - 00000020 ___SH () C:\Users\\ntuser.ini
2014-07-11 16:44 - 2014-07-11 16:44 - 00000000 ____D () C:\Users\\AppData\Roaming\Adobe
2014-07-11 16:44 - 2014-07-11 16:44 - 00000000 ____D () C:\Users\\AppData\Local\VirtualStore
2014-07-11 13:19 - 2014-05-31 13:10 - 00000940 _____ () C:\Windows\DtcInstall.log
2014-07-11 13:18 - 2013-08-22 21:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-07-11 11:53 - 2013-08-22 23:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-07-11 11:42 - 2014-03-16 19:17 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429218106-2658364167-3459249354-500
2014-07-11 11:28 - 2014-07-11 11:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmhsf_01011.Wdf
2014-07-11 11:28 - 2014-07-11 11:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2014-07-11 11:28 - 2014-03-16 18:22 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-11 11:27 - 2013-08-22 21:36 - 00000000 __RHD () C:\Users\Default
2014-07-11 11:26 - 2014-07-11 11:26 - 00012188 _____ () C:\Windows\DPINST.LOG
2014-07-11 11:26 - 2014-07-11 11:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-07-11 11:26 - 2014-07-11 11:26 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-07-11 11:26 - 2014-07-11 11:26 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-11 11:26 - 2014-03-16 19:25 - 00000000 ____D () C:\ProgramData\Intel
2014-07-11 11:26 - 2014-03-16 18:22 - 00000000 ____D () C:\Program Files\Intel
2014-07-11 11:21 - 2014-07-11 11:21 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E49806AE-6BE1-4177-A9ED-A3A03E827DDE}
2014-07-11 11:15 - 2014-07-11 11:15 - 00000022 _____ () C:\Windows\GPU-Z.INI
2014-07-01 06:45 - 2014-07-12 01:18 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-28 15:48 - 2014-07-12 01:18 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 15:07 - 2014-07-12 01:18 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-27 04:55 - 2014-07-12 02:36 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-27 04:55 - 2014-07-12 02:36 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-26 17:40 - 2014-03-16 18:36 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7ictp.dll
C:\Users\\AppData\Local\Temp\ose00000.exe
C:\Users\\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-21 19:38
 
==================== End Of Log ============================

Attached Files


Edited by badasscurlz, 23 July 2014 - 01:14 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 23 July 2014 - 01:30 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
C:\Users\\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7ictp.dll
C:\Users\\AppData\Local\Temp\ose00000.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

How is the computer running now?

#8 badasscurlz

badasscurlz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 23 July 2014 - 01:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-07-2014 01
Ran by  at 2014-07-24 02:45:50 Run:1
Running from C:\Users\\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
SearchScopes: HKLM-x32 - DefaultScope value is missing.
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
C:\Users\\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7ictp.dll
C:\Users\\AppData\Local\Temp\ose00000.exe
 
End
*****************
 
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => Key deleted successfully.
"HKLM\Software\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
servicekms => Service deleted succesfully.
cpuz136 => Service deleted successfully.
GPUZ => Service deleted successfully.
"C:\Users\\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7ictp.dll" => File/Directory not found.
"C:\Users\\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
 
==== End of Fixlog ====

Edited by badasscurlz, 23 July 2014 - 01:48 PM.


#9 badasscurlz

badasscurlz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 23 July 2014 - 01:49 PM

 Results of screen317's Security Check version 0.99.86  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Google Chrome 35.0.1916.153  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 WinPatrol winpatrol.exe 
 Spybot Teatimer.exe is disabled! 
 AppData Roaming Dropbox\bin\Dropbox.exe 
 Desktop FRST64.exe  
 Desktop SecurityCheck.exe  
 ~1 AppData Local Temp\RarSFX0\SecurityCheck\Objlist.exe 
 Windows Defender MpCmdRun.exe   
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 


#10 badasscurlz

badasscurlz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 23 July 2014 - 01:53 PM

Hi nasdaq, I done everything you have asked but the pop up regarding the virus being removed only comes in a few hours. If there are additional steps for me to take, do let me know. Otherwise, I'll check back in a day or two to let you know if the virus has been successfully removed.

Thanks :)



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 24 July 2014 - 06:48 AM


Your logs are clean.

I suspect that Windows Defender is finding some remnant item.
You can run this online scan see what it will find.


Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
If the problem persists execute this.


Click the StartBtn.gif button. In the Search box, type Command Prompt, and then, in the list of results, double-click Command Prompt.

at the cursor type:
ipconfig /flushdns <-- (A space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit the Enter key.

You may need to run CMD - Command Prompt on Vista - Windows 7/8 with Elevated Privilege
http://www.bleepingcomputer.com/tutorials/windows-elevated-command-prompt/
<<<>>>

Let me know in a few days how it is.

#12 badasscurlz

badasscurlz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 25 July 2014 - 10:39 AM

C:\Program Files\KMSpico\AutoPico.exe MSIL/HackTool.IdleKMS.C potentially unsafe application deleted - quarantined
C:\Program Files\KMSpico\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application deleted - quarantined
C:\Program Files\KMSpico\Service_KMS.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application deleted - quarantined
C:\Users\\AppData\Roaming\Intel\googleupd.exe a variant of MSIL/CoinMiner.NA trojan cleaned by deleting - quarantined
C:\Users\\Desktop\Hallowennpsycho KMS\Halloweenpsycho KMS.exe MSIL/HackTool.IdleKMS.C potentially unsafe application deleted - quarantined
 
Will update if the trojan gets detected by Windows Defender, so far it has been detected on a daily basis before i ran the scan.


#13 badasscurlz

badasscurlz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 28 July 2014 - 02:57 PM

Hi nasdaq! I'm glad to say that Windows Defender hasn't picked up any chrome related trojan in the past few days! The last ESET scan really did the trick, thank you so much for your help! :)



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:30 PM

Posted 29 July 2014 - 06:50 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#15 badasscurlz

badasscurlz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:30 AM

Posted 29 July 2014 - 12:08 PM

Bookmarked! I will take proactive measures to prevent further infections. Thanks again!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users