Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple viruses - Internet website redirects, multiple "explorer.exe's"


  • This topic is locked This topic is locked
18 replies to this topic

#1 Willsor

Willsor

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 15 October 2014 - 04:33 PM

Hi there

 

I am having trouble with many pieces of malware at once I think.

A few days ago I noticed I was being redirected around to different websites (something like www.ads-find-all-you-want.com) about 20% of the time when I clicked on any link. I have tried to get rid of it with malwarebytes, but it didn't go away. Today I noticed the computer slowing donw significantly and I have multiple instances of 300k+ memory usage "explorer.exe" being open and multiple "iexplore.exe" despite me having never used internet explorer.

 

I have tried using the dds tool to make a dds.txt, but it will only generate me the attach.txt  and no dds.txt file no matter the options I select. I visited this forum (or a similar one) many years ago now and was told to make HijackThis logs. Not sure if this is still a thing at all but I made some anyway and i'll attach those.

 

I also took a screengrab of all the explorer.exe's running

http://imgur.com/b945RG0

 

Hope you can help me, and I can provide any other things you need

 

Thanks! :)

 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:25 AM

Posted 15 October 2014 - 05:43 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 Willsor

Willsor
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 16 October 2014 - 02:24 AM

Ran the rool -

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Will (administrator) on WILL-PC on 16-10-2014 08:22:29
Running from C:\Users\Will\Downloads
Loaded Profile: Will (Available profiles: Will)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Spotify Ltd) C:\Users\Will\AppData\Roaming\Spotify\spotify.exe
(Flux Software LLC) C:\Users\Will\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Will\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(LOL Replay) C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Dropbox, Inc.) C:\Users\Will\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M45 Mouse\M45Hid.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Corsair Components  Inc) C:\Program Files (x86)\Corsair\M45 Mouse\CorsTra.exe
() C:\Users\Will\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Will\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Will\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Will\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Will\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ArenaNet) D:\Games\Gw2\Gw2.exe
(Coherent Labs) D:\Games\Gw2\bin\CoherentUI_Host.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Program Files (x86)\PCSX2 1.2.1\pcsx2-r5875.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569624 2014-10-05] (Realtek Semiconductor)
HKLM-x32\...\Run: [Corsair M45 Mouse] => C:\Program Files (x86)\Corsair\M45 Mouse\M45Hid.exe [1768960 2014-02-07] (Corsair Components  Inc)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\...\Run: [Spotify] => C:\Users\Will\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-01] (Spotify Ltd)
HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\...\Run: [f.lux] => C:\Users\Will\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\...\Run: [Spotify Web Helper] => C:\Users\Will\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-01] (Spotify Ltd)
HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\...\Run: [Ikldsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Will\AppData\Local\YlqPack\GdHelpLib.dll
HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\...\Run: [Ozdrics Update] => regsvr32.exe C:\Users\Will\AppData\Local\Ozdrics\UXDPOST.dll
HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\...\MountPoints2: {ab11781c-3f11-11e4-98d9-d850e6d1650a} - E:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\...\MountPoints2: {edc7afcd-3606-11e4-82ed-806e6f6e6963} - E:\.\Bin\ASSETUP.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-09-17] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
ShortcutTarget: LOLRecorder.lnk -> C:\Program Files (x86)\LOLReplay\LOLRecorder.exe (LOL Replay)
Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\diskpart.lnk
ShortcutTarget: diskpart.lnk -> C:\Users\Will\AppData\Roaming\Microsoft\Windows\IEUpdate\diskpart.exe (No File)
Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Will\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Magnify.lnk
ShortcutTarget: Magnify.lnk -> C:\Users\Will\AppData\Roaming\Microsoft\Windows\IEUpdate\Magnify.exe (No File)
Startup: C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskeng.lnk
ShortcutTarget: taskeng.lnk -> C:\Users\Will\AppData\Roaming\Microsoft\Windows\IEUpdate\taskeng.exe (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1D07BEA3-2DD2-4579-A1E4-8F35ED7F6FAF}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{327229F7-2462-4C19-BA4B-8752B430C29F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A3F26ADB-A0B3-4A02-90FA-768B3A6E618D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Reddit Enhancement Suite - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-10-12]
FF Extension: Adblock Plus - C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-12]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.youtube.com/feed/subscriptions/u", "hxxp://www.facebook.com/", "https://mail.google.com/mail/ca/#inbox"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-06]
CHR Extension: (Google Docs) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-06]
CHR Extension: (Google Drive) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-12]
CHR Extension: (YouTube) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-06]
CHR Extension: (QR Code Generator) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\cicimfkkbejhggfjaabggafffgdnjgjp [2014-09-06]
CHR Extension: (Image Downloader) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-09-06]
CHR Extension: (Google Search) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-06]
CHR Extension: (Google Sheets) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-06]
CHR Extension: (AdBlock) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-06]
CHR Extension: (Wolfram|Alpha (Official)) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2014-09-06]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-09-06]
CHR Extension: (Ashish Mishra) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2014-09-06]
CHR Extension: (Google Wallet) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-06]
CHR Extension: (Gmail) - C:\Users\Will\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242912 2014-09-11] (Foxit Software Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [998176 2014-09-21] (Overwolf LTD)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R3 CORM45; C:\Windows\System32\drivers\CORM45.sys [25600 2013-11-28] ( )
S2 dualshock3; C:\Windows\System32\DRIVERS\dualshock3_x64.sys [16256 2014-10-13] () [File not signed]
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-27] (Intel Corporation)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [52832 2014-10-13] (http://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [33792 2005-03-09] () [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 08:22 - 2014-10-16 08:22 - 02111488 _____ (Farbar) C:\Users\Will\Downloads\FRST64.exe
2014-10-16 08:22 - 2014-10-16 08:22 - 00016167 _____ () C:\Users\Will\Downloads\FRST.txt
2014-10-16 08:22 - 2014-10-16 08:22 - 00000000 ____D () C:\FRST
2014-10-15 22:32 - 2014-10-15 22:32 - 00010659 _____ () C:\Users\Will\Desktop\hijackthis.log
2014-10-15 22:30 - 2014-10-15 22:30 - 00003120 _____ () C:\Windows\System32\Tasks\{64922222-AC7B-4E72-BFD8-A7678EBE8FCA}
2014-10-15 22:29 - 2014-10-15 22:30 - 00010659 _____ () C:\Users\Will\Downloads\hijackthis.log
2014-10-15 22:19 - 2014-10-15 22:47 - 00002624 _____ () C:\Users\Will\Desktop\attach.txt
2014-10-15 22:18 - 2014-10-15 22:18 - 00000470 _____ () C:\Users\Will\Downloads\defogger_disable.log
2014-10-15 22:18 - 2014-10-15 22:18 - 00000000 _____ () C:\Users\Will\defogger_reenable
2014-10-15 22:16 - 2014-10-15 22:16 - 00050477 _____ () C:\Users\Will\Downloads\Defogger.exe
2014-10-15 22:14 - 2014-10-15 22:15 - 00688992 ____R (Swearware) C:\Users\Will\Desktop\dds.com
2014-10-15 21:12 - 2014-10-15 21:15 - 10897587 _____ () C:\Users\Will\Desktop\game 4 15-10.lrf
2014-10-15 20:21 - 2014-10-15 20:24 - 06792901 _____ () C:\Users\Will\Desktop\game 3 15-10.lrf
2014-10-15 19:39 - 2014-10-15 19:41 - 08535469 _____ () C:\Users\Will\Desktop\game 2 15-10.lrf
2014-10-15 18:52 - 2014-10-15 18:52 - 08224170 _____ () C:\Users\Will\Downloads\Edinburgh B team Tìd Lucian  (6).lrf
2014-10-15 18:50 - 2014-10-15 18:53 - 06493398 _____ () C:\Users\Will\Desktop\game 1 15-10.lrf
2014-10-15 07:53 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 07:53 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 07:53 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 07:53 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 07:53 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 07:53 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 07:53 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 07:53 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 07:53 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 07:53 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 07:53 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 07:53 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 07:53 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 07:53 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 07:53 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 07:53 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 07:53 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 07:53 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 07:53 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 07:53 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 07:53 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 07:53 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 07:53 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 07:53 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 07:53 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 07:53 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 07:53 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 07:53 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 07:53 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 07:53 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 07:53 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 07:53 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 07:53 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 07:53 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 07:53 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 07:53 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 07:53 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 07:53 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 07:53 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 07:53 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 07:53 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 07:53 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 07:53 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 07:53 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 07:53 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 07:53 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 07:53 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 07:53 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 07:53 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 07:53 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 07:53 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 07:53 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 07:53 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 07:53 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 07:53 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 07:53 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 07:53 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 07:53 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 07:53 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 07:53 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 07:53 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 07:53 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 07:53 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 07:53 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 07:53 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 07:53 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 07:53 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 07:53 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 07:53 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 07:53 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 07:53 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 07:53 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 07:53 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 07:53 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 07:53 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 07:53 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 07:53 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 07:53 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 07:53 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-15 07:53 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-15 07:53 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-15 07:53 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-15 07:53 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-15 07:53 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 07:53 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-15 07:53 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 07:53 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 07:53 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 07:53 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 07:53 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 07:53 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 07:53 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 07:53 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 07:53 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 07:53 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 07:53 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 07:53 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 07:53 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 07:53 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 07:53 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 07:53 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 07:53 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 07:53 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 07:53 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 07:53 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 07:53 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 07:53 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 07:53 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 07:53 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 07:53 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 07:53 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 07:53 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 07:53 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 07:53 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 07:53 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 07:52 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 07:52 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 07:52 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 07:52 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 07:52 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 07:52 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 07:52 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 07:52 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 07:52 - 2014-07-17 03:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 07:52 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 07:52 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 07:52 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 07:52 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 07:52 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 07:52 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 07:52 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 07:52 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 07:52 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 07:52 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 07:52 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 07:52 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 07:52 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 07:52 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-13 20:05 - 2014-10-13 20:05 - 00000000 ____D () C:\ProgramData\Brother
2014-10-13 20:04 - 2014-10-13 20:04 - 05486927 _____ (A.I.SOFT,INC.) C:\Users\Will\Downloads\Y10D_C1-gdi-64-108.EXE
2014-10-13 20:04 - 2014-10-13 20:04 - 00000000 ____D () C:\Users\Will\Downloads\64
2014-10-13 20:04 - 2010-05-10 09:45 - 00103736 _____ (Brother Industries Ltd) C:\Windows\SysWOW64\BRRBTOOL.EXE
2014-10-13 20:04 - 2010-04-02 06:33 - 00025299 _____ (Brother Industries, Ltd) C:\Windows\SysWOW64\BRLM03A.DLL
2014-10-13 20:04 - 2010-02-05 03:42 - 00180224 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BROSNMP.DLL
2014-10-13 20:04 - 2005-01-17 08:10 - 00045056 _____ () C:\Windows\SysWOW64\BRTCPCON.DLL
2014-10-13 20:04 - 2004-08-09 08:00 - 00000114 _____ () C:\Windows\SysWOW64\BRLMW03A.INI
2014-10-13 20:04 - 2004-08-09 07:42 - 00077824 _____ (Brother Industries, Ltd.) C:\Windows\SysWOW64\BRLMW03A.DLL
2014-10-13 20:04 - 1999-10-26 17:00 - 00000050 _____ () C:\Windows\system32\BRADM10A.DAT
2014-10-13 17:34 - 2014-10-13 17:34 - 00000000 ____D () C:\Users\Will\AppData\Roaming\MotioninJoy
2014-10-13 17:34 - 2014-10-13 17:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
2014-10-13 17:34 - 2014-10-13 17:34 - 00000000 ____D () C:\Program Files\MotioninJoy
2014-10-13 17:34 - 2011-12-07 19:42 - 00328712 _____ (Logitech Inc.) C:\Windows\system32\MijFrc.dll
2014-10-13 17:32 - 2014-10-13 17:32 - 02465497 _____ () C:\Users\Will\Downloads\MotioninJoy_060005_amd64_signed.zip
2014-10-13 17:18 - 2014-10-13 17:19 - 04117346 _____ () C:\Users\Will\Downloads\MotioninJoy_071001_signed.zip
2014-10-13 17:04 - 2014-10-13 17:04 - 00021179 _____ () C:\Users\Will\Downloads\ds3drv_1.04.0.13.zip
2014-10-13 17:04 - 2014-10-13 17:04 - 00000000 ____D () C:\Users\Will\Downloads\ps3 controller
2014-10-13 16:57 - 2014-10-13 16:57 - 00052832 _____ (http://libusb-win32.sourceforge.net) C:\Windows\system32\Drivers\libusb0.sys
2014-10-13 16:57 - 2014-10-13 16:57 - 00000398 __RSH () C:\ProgramData\ntuser.pol
2014-10-13 16:56 - 2014-10-13 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SixaxisPairTool
2014-10-13 16:56 - 2014-10-13 16:56 - 00000000 ____D () C:\Program Files (x86)\SixaxisPairTool
2014-10-13 16:55 - 2014-10-13 16:56 - 13591657 _____ (Dancing Pixel Studios ) C:\Users\Will\Downloads\SixaxisPairToolSetup-0.2.5.exe
2014-10-13 16:54 - 2012-01-17 09:40 - 00067680 _____ (http://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2014-10-13 16:54 - 2005-03-09 20:50 - 00033792 _____ () C:\Windows\SysWOW64\Drivers\libusb0.sys
2014-10-12 18:30 - 2014-10-12 18:30 - 00000000 ____D () C:\Users\Will\AppData\Local\Macromedia
2014-10-12 17:28 - 2014-10-12 17:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-12 17:28 - 2014-10-12 17:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-12 17:28 - 2014-10-12 17:28 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-12 13:31 - 2014-10-12 13:31 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-12 13:31 - 2014-10-12 13:31 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-12 13:31 - 2014-10-12 13:31 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Mozilla
2014-10-12 13:31 - 2014-10-12 13:31 - 00000000 ____D () C:\Users\Will\AppData\Local\Mozilla
2014-10-12 13:31 - 2014-10-12 13:31 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-12 13:31 - 2014-10-12 13:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-12 13:31 - 2014-10-12 13:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-12 13:30 - 2014-10-12 13:30 - 00244048 _____ () C:\Users\Will\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-11 16:50 - 2014-10-11 16:50 - 00001231 _____ () C:\Users\Will\Desktop\AmpliTube 3.lnk
2014-10-11 15:03 - 2014-10-11 15:03 - 00056541 _____ () C:\Users\Will\Downloads\Anathema - Untouchable Part 2 (Pro).gp5
2014-10-11 15:00 - 2014-10-11 15:00 - 00092935 _____ () C:\Users\Will\Downloads\Anathema - Dreaming Light (Pro).gp5
2014-10-11 11:56 - 2014-10-16 08:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-11 11:56 - 2014-10-16 07:51 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-11 11:56 - 2014-10-11 11:56 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-11 11:56 - 2014-10-11 11:56 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-11 11:56 - 2014-10-11 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-10 17:30 - 2014-10-10 17:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\Will\Downloads\HijackThis.exe
2014-10-09 19:46 - 2014-10-15 07:49 - 00000000 ____D () C:\Users\Will\AppData\Local\Ozdrics
2014-10-09 19:46 - 2014-10-10 17:41 - 00000000 ____D () C:\Users\Will\AppData\Local\YlqPack
2014-10-09 19:34 - 2014-10-11 12:06 - 00000000 ____D () C:\Users\Will\AppData\Local\BetterDS3
2014-10-09 19:34 - 2014-10-09 19:34 - 00759932 _____ () C:\Users\Will\Downloads\BetterDS3_1.5.3.zip
2014-10-09 19:06 - 2014-10-09 19:06 - 00401920 _____ (Farbar) C:\Users\Will\Downloads\MiniToolBox.exe
2014-10-09 19:06 - 2014-10-09 19:06 - 00031814 _____ () C:\Users\Will\Downloads\Result.txt
2014-10-08 13:20 - 2014-10-08 13:20 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Apple Computer
2014-10-07 17:10 - 2014-10-07 17:10 - 00007965 _____ () C:\Users\Will\sog.at3h
2014-10-07 16:05 - 2014-10-14 23:35 - 00000016 _____ () C:\Users\Will\AppData\Roaming\msregsvv.dll
2014-10-07 16:05 - 2014-10-14 23:35 - 00000016 _____ () C:\ProgramData\autobk.inc
2014-10-07 16:04 - 2014-10-07 16:04 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-10-07 16:04 - 2014-10-07 16:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-10-07 16:04 - 2014-10-07 16:04 - 00000000 ____D () C:\Users\Will\AppData\Local\Apple
2014-10-07 16:04 - 2014-10-07 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-07 16:04 - 2014-10-07 16:04 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-07 16:04 - 2014-10-07 16:04 - 00000000 ____D () C:\ProgramData\Apple
2014-10-07 16:04 - 2014-10-07 16:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-07 16:04 - 2014-10-07 16:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-10-07 16:03 - 2014-10-07 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2014-10-07 16:03 - 2010-12-22 11:33 - 09410736 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4m.dll
2014-10-07 16:03 - 2010-12-22 11:33 - 09210032 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4.dll
2014-10-07 16:03 - 2010-12-22 11:33 - 09078960 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4p.dll
2014-10-07 16:03 - 2010-12-22 11:33 - 09033904 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_p4m3.dll
2014-10-07 16:03 - 2010-12-22 11:33 - 06944944 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_core.dll
2014-10-07 16:03 - 2010-12-22 11:33 - 03868848 _____ (Intel Corporation) C:\Windows\SysWOW64\mkl_intel_thread.dll
2014-10-07 16:03 - 2010-12-22 11:33 - 00530608 _____ (Intel Corporation) C:\Windows\SysWOW64\libiomp5md.dll
2014-10-07 16:03 - 2010-12-22 11:33 - 00354480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-10-07 16:03 - 2010-11-04 11:52 - 12708016 _____ (Intel Corporation) C:\Windows\system32\mkl_def.dll
2014-10-07 16:03 - 2010-11-04 11:52 - 12474544 _____ (Intel Corporation) C:\Windows\system32\mkl_core.dll
2014-10-07 16:03 - 2010-11-04 11:52 - 09917616 _____ (Intel Corporation) C:\Windows\system32\mkl_intel_thread.dll
2014-10-07 16:03 - 2010-11-04 11:52 - 00529072 _____ (Intel Corporation) C:\Windows\system32\libiomp5md.dll
2014-10-07 16:03 - 2009-10-14 16:15 - 00499712 _____ (Microsoft Corporation) C:\Windows\msvcp71.dll
2014-10-07 16:03 - 2009-10-14 16:15 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2014-10-07 16:02 - 2014-10-07 16:05 - 00000000 ____D () C:\Users\Will\Documents\IK Multimedia
2014-10-07 16:02 - 2014-10-07 16:05 - 00000000 ____D () C:\Program Files (x86)\IK Multimedia
2014-10-07 16:02 - 2014-10-07 16:03 - 00000000 ____D () C:\Program Files\VstPlugIns
2014-10-07 16:02 - 2014-10-07 16:03 - 00000000 ____D () C:\Program Files (x86)\VstPlugIns
2014-10-07 15:53 - 2014-10-07 16:02 - 00000000 ____D () C:\Users\Will\Downloads\gutiarfx
2014-10-07 15:48 - 2014-10-07 15:48 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieUserList
2014-10-07 15:48 - 2014-10-07 15:48 - 00000000 __SHD () C:\Users\Will\AppData\Local\EmieSiteList
2014-10-07 15:48 - 2014-10-07 15:48 - 00000000 ____D () C:\Users\Will\Downloads\guitar
2014-10-07 01:09 - 2014-10-07 01:09 - 00000000 ____D () C:\Users\Will\Documents\Guild Wars 2
2014-10-07 00:51 - 2014-10-07 00:54 - 00000000 ____D () C:\Users\Will\AppData\Local\paint.net
2014-10-07 00:51 - 2014-10-07 00:51 - 06272852 _____ () C:\Users\Will\Downloads\paint.net.4.0.3.install.zip
2014-10-07 00:51 - 2014-10-07 00:51 - 00001188 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-10-07 00:51 - 2014-10-07 00:51 - 00001176 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-10-07 00:51 - 2014-10-07 00:51 - 00000000 ____D () C:\Program Files\paint.net
2014-10-06 23:28 - 2014-10-06 23:33 - 00000000 ____D () C:\Users\Will\Downloads\c decompiler
2014-10-06 23:27 - 2014-10-06 23:43 - 09016997 _____ () C:\Users\Will\poo.idb
2014-10-06 23:25 - 2014-10-06 23:25 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Hex-Rays
2014-10-06 23:21 - 2014-10-06 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDA PRO Advanced Edition
2014-10-06 23:20 - 2014-10-06 23:21 - 00000000 ____D () C:\Program Files (x86)\IDA PRO Advanced Edition
2014-10-06 23:19 - 2014-10-06 23:19 - 00000000 ____D () C:\Users\Will\Downloads\ida pro
2014-10-06 23:08 - 2014-10-06 23:08 - 00003134 _____ () C:\Windows\System32\Tasks\{F52234E0-DA14-4694-B93C-E53D27E9ED53}
2014-10-06 23:02 - 2013-09-02 08:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-10-06 23:01 - 2014-10-06 23:01 - 00000036 _____ () C:\Users\Will\AppData\Local\housecall.guid.cache
2014-10-06 17:16 - 2014-10-06 17:19 - 00000000 ____D () C:\Users\Will\Documents\Native Instruments
2014-10-06 17:16 - 2014-10-06 17:16 - 00000000 ____D () C:\Users\Will\AppData\Local\Native Instruments
2014-10-06 17:14 - 2014-10-06 17:20 - 00000000 ____D () C:\ProgramData\Native Instruments
2014-10-06 17:14 - 2014-10-06 17:20 - 00000000 ____D () C:\Program Files\Native Instruments
2014-10-06 17:14 - 2014-10-06 17:20 - 00000000 ____D () C:\Program Files\Common Files\Native Instruments
2014-10-06 17:14 - 2014-10-06 17:14 - 00002990 _____ () C:\Windows\System32\Tasks\elbyExecuteWithUAC
2014-10-06 17:13 - 2014-10-06 17:13 - 01640984 _____ () C:\Users\Will\Downloads\SetupVirtualCloneDrive5470.exe
2014-10-06 17:13 - 2014-10-06 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2014-10-06 17:13 - 2014-10-06 17:13 - 00000000 ____D () C:\Program Files (x86)\Elaborate Bytes
2014-10-06 00:03 - 2014-10-15 22:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-06 00:03 - 2014-10-06 00:03 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-06 00:03 - 2014-10-06 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-06 00:03 - 2014-10-06 00:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-06 00:03 - 2014-10-06 00:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-06 00:03 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-06 00:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-06 00:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-06 00:02 - 2014-10-06 00:02 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Will\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-05 23:18 - 2014-10-06 00:08 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Ucruahza
2014-10-05 22:23 - 2014-10-05 22:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2014-10-05 22:23 - 2014-10-05 22:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_MijXfilt_01009.Wdf
2014-10-05 22:22 - 2012-03-25 10:26 - 00115272 _____ (MotioninJoy) C:\Windows\system32\Drivers\MijXfilt.sys
2014-10-05 22:21 - 2014-10-05 22:21 - 04115757 _____ () C:\Users\Will\Downloads\MotioninJoy_070000_signed.zip
2014-10-05 19:43 - 2014-10-15 19:03 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-10-05 19:14 - 2014-10-05 19:14 - 00003238 _____ () C:\Windows\System32\Tasks\{888853AE-8933-43EC-A83C-86D26E3093CA}
2014-10-05 19:12 - 2014-10-05 19:12 - 00000000 ____D () C:\ProgramData\Avg_Update_0914av
2014-10-05 19:10 - 2014-10-06 00:09 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-05 19:10 - 2014-10-05 23:20 - 00000000 ___HD () C:\$AVG
2014-10-05 19:10 - 2014-10-05 19:10 - 00000000 ____D () C:\Users\Will\AppData\Roaming\TuneUp Software
2014-10-05 19:10 - 2014-10-05 19:10 - 00000000 ____D () C:\Users\Will\AppData\Roaming\AVG2015
2014-10-05 19:08 - 2014-10-06 00:09 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-05 19:08 - 2014-10-05 23:23 - 00000000 ____D () C:\Users\Will\AppData\Local\Avg2015
2014-10-05 19:08 - 2014-10-05 19:08 - 00000000 ____D () C:\Users\Will\AppData\Local\MFAData
2014-10-05 19:07 - 2014-10-05 19:07 - 04579176 _____ (AVG Technologies) C:\Users\Will\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-10-05 19:06 - 2014-10-07 15:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GuitarFX 3
2014-10-05 12:28 - 2014-10-05 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Radar
2014-10-05 12:28 - 2014-10-05 12:28 - 00000000 ____D () C:\Program Files\ASUSTeKcomputer.Inc
2014-10-05 12:27 - 2014-10-05 12:27 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-05 12:27 - 2014-10-05 12:27 - 00000000 ____D () C:\Program Files\Realtek
2014-10-05 12:27 - 2014-10-05 12:23 - 58101760 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-10-05 12:27 - 2014-10-05 12:23 - 28324440 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 14844504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 12889176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2014-10-05 12:27 - 2014-10-05 12:23 - 05751048 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 03937368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 03917272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-10-05 12:27 - 2014-10-05 12:23 - 02832088 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 02798296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 02102576 _____ () C:\Windows\system32\SStudio.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-10-05 12:27 - 2014-10-05 12:23 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01933400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01313368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01168984 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01137240 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01049688 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01048824 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 01019608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00973751 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-10-05 12:27 - 2014-10-05 12:23 - 00956504 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00948440 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00889944 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00889592 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00605496 _____ () C:\Windows\system32\audioLibVc.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00246008 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2014-10-05 12:27 - 2014-10-05 12:23 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-10-05 12:24 - 2014-10-05 12:27 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-10-05 12:24 - 2014-10-05 12:24 - 00000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-05 12:23 - 2014-10-05 12:28 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-10-05 12:23 - 2014-10-05 12:23 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-10-05 12:23 - 2014-10-05 12:22 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-10-05 12:23 - 2014-10-05 12:22 - 00003008 ____N () C:\Windows\system32\Drivers\DTSU2P.DAT
2014-10-05 12:22 - 2014-10-15 19:48 - 00000000 ____D () C:\Users\Will\Downloads\Realtek_Audio_Win7-8-8-1_VER6017218
2014-10-05 12:21 - 2014-10-05 12:22 - 328777557 _____ () C:\Users\Will\Downloads\Realtek_Audio_Win7-8-8-1_VER6017218.zip
2014-10-05 11:18 - 2014-10-11 11:51 - 00000000 ____D () C:\Program Files\Steinberg
2014-10-05 11:18 - 2014-10-05 11:18 - 00422427 _____ () C:\Users\Will\Downloads\ASIO4ALL_2_11_English.exe
2014-10-05 11:18 - 2014-10-05 11:18 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-10-05 11:18 - 2014-10-05 11:18 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-10-04 18:53 - 2014-10-04 18:53 - 00000000 ____D () C:\Users\Will\Downloads\osu
2014-10-04 18:43 - 2014-10-04 18:43 - 00000885 _____ () C:\Users\Public\Desktop\osu!.lnk
2014-10-04 18:43 - 2014-10-04 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\osu!
2014-10-04 18:42 - 2014-10-12 20:20 - 00000000 ____D () C:\Program Files (x86)\osu!
2014-10-04 18:39 - 2014-10-04 18:39 - 74725448 _____ (ppy Pty. Ltd.) C:\Users\Will\Downloads\osu!install.exe
2014-10-04 02:21 - 2014-10-04 02:21 - 00131457 _____ () C:\Users\Will\Downloads\Liquid Tension Experiment - Paradigm Shift (Pro).gp5
2014-10-04 02:21 - 2014-10-04 02:21 - 00092965 _____ () C:\Users\Will\Downloads\Liquid Tension Experiment - Acid Rain (Pro).gp4
2014-10-03 22:53 - 2014-10-03 22:55 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Foxit Software
2014-10-03 22:53 - 2014-10-03 22:53 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-10-03 22:53 - 2014-10-03 22:53 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-10-03 22:51 - 2014-10-03 22:52 - 37963088 _____ (Foxit Software Inc. ) C:\Users\Will\Downloads\FoxitReader703.0916_prom_enu_Setup.exe
2014-10-03 22:51 - 2014-10-03 22:51 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-03 22:46 - 2014-10-03 22:47 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-03 22:46 - 2014-10-03 22:46 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-03 22:46 - 2014-10-03 22:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-03 22:41 - 2014-10-12 19:00 - 00000000 ____D () C:\Users\Will\AppData\Local\Adobe
2014-10-03 22:38 - 2014-10-03 22:39 - 02448688 _____ (Megaify Software ) C:\Users\Will\Downloads\driver_setup.exe
2014-10-03 19:56 - 2014-10-03 19:56 - 04787658 _____ () C:\Users\Will\Downloads\Nv2-PC.zip
2014-10-02 08:26 - 2014-10-02 00:28 - 4188438528 ____N () C:\Users\Will\Downloads\Rogue Galaxy (Europe) (En,Fr,De,Es,It).iso
2014-10-01 23:59 - 2014-10-02 00:28 - 1343282157 _____ () C:\Users\Will\Downloads\Rogue Galaxy (Europe) (En,Fr,De,Es,It).7z
2014-10-01 23:57 - 2011-01-14 20:54 - 00000000 ____D () C:\Users\Will\Downloads\bios
2014-10-01 23:56 - 2014-10-01 23:56 - 10031422 _____ () C:\Users\Will\Downloads\Playstation-2-Bios-Pack.7z
2014-10-01 23:55 - 2014-10-01 23:55 - 00000000 ____D () C:\Users\Will\Documents\PCSX2
2014-10-01 23:27 - 2014-10-13 16:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-01 23:27 - 2014-10-01 23:27 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-10-01 23:26 - 2014-10-01 23:27 - 00000000 ____D () C:\Program Files (x86)\PCSX2 1.2.1
2014-10-01 23:26 - 2014-10-01 23:26 - 10658408 _____ () C:\Users\Will\Downloads\pcsx2-1.2.1-r5875-setup.exe
2014-10-01 23:26 - 2014-10-01 23:26 - 00001989 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1 (r5875).lnk
2014-10-01 23:26 - 2014-10-01 23:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-10-01 23:23 - 2014-10-01 23:23 - 00000000 ____D () C:\ProgramData\Orbit
2014-10-01 08:34 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 08:34 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-28 14:27 - 2014-09-28 14:27 - 00003050 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_IType_exe
2014-09-28 14:26 - 2014-09-28 14:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
2014-09-28 14:26 - 2014-09-28 14:26 - 00000000 ____D () C:\Program Files\Microsoft IntelliType Pro
2014-09-28 14:23 - 2014-09-28 14:23 - 16312192 _____ (Microsoft Corporation) C:\Users\Will\Downloads\ITPx64_1033_8.20.469.0.exe
2014-09-27 12:48 - 2014-10-01 08:35 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-27 12:48 - 2014-09-27 12:48 - 02533568 _____ (PassMark Software ) C:\Users\Will\Downloads\keytest.exe
2014-09-27 12:48 - 2014-09-27 12:48 - 00000000 ____D () C:\ProgramData\PassMark
2014-09-27 12:48 - 2014-09-27 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyboardTest
2014-09-27 12:48 - 2014-09-27 12:48 - 00000000 ____D () C:\Program Files (x86)\KeyboardTest
2014-09-26 21:51 - 2014-09-26 21:51 - 00000000 ____D () C:\Users\Will\AppData\Roaming\NVIDIA
2014-09-26 19:11 - 2014-09-26 19:11 - 00067133 _____ () C:\Users\Will\Downloads\Avenged Sevenfold - Nightmare (Pro).gp4
2014-09-26 18:43 - 2014-09-26 18:43 - 00045127 _____ () C:\Users\Will\Downloads\Anathema - One Last Goodbye (Pro).gp3
2014-09-26 18:34 - 2014-09-26 18:34 - 00022674 _____ () C:\Users\Will\Downloads\Anathema - Closer (Pro).gp4
2014-09-26 18:34 - 2014-09-26 18:34 - 00015852 _____ () C:\Users\Will\Downloads\Anathema - Anyone Anywhere (Pro).gp4
2014-09-24 19:37 - 2014-09-24 19:37 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YGOPro
2014-09-24 19:37 - 2014-09-24 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YGOPro
2014-09-24 19:35 - 2014-09-24 19:38 - 00000000 ____D () C:\Program Files (x86)\YGOPro
2014-09-24 18:08 - 2014-09-24 18:23 - 3319478272 _____ () C:\Users\Will\Downloads\X17-24395.iso
2014-09-24 17:19 - 2014-09-24 17:21 - 419716974 _____ () C:\Users\Will\Downloads\YGOPro 1.033.1.exe
2014-09-24 16:45 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 16:45 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-24 01:23 - 2014-09-24 01:23 - 716259154 _____ () C:\Windows\MEMORY.DMP
2014-09-24 01:23 - 2014-09-24 01:23 - 00292552 _____ () C:\Windows\Minidump\092414-6832-01.dmp
2014-09-24 01:23 - 2014-09-24 01:23 - 00000000 ____D () C:\Windows\Minidump
2014-09-24 00:06 - 2014-09-24 00:06 - 00000000 ____D () C:\Users\Will\AppData\Local\Glyph
2014-09-24 00:06 - 2014-09-24 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-09-24 00:06 - 2014-09-24 00:06 - 00000000 ____D () C:\ProgramData\Glyph
2014-09-24 00:06 - 2014-09-24 00:06 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-09-24 00:05 - 2014-09-24 00:05 - 31912560 _____ (Trion Worlds Inc.) C:\Users\Will\Downloads\GlyphInstall-0-120.exe
2014-09-23 20:21 - 2014-10-07 00:51 - 00000000 ____D () C:\Users\Will\AppData\Roaming\vlc
2014-09-23 20:21 - 2014-09-23 20:21 - 24743106 _____ () C:\Users\Will\Downloads\vlc-2.1.5-win32.exe
2014-09-23 20:21 - 2014-09-23 20:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-23 20:21 - 2014-09-23 20:21 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-09-23 16:21 - 2014-09-23 16:21 - 00028492 _____ () C:\Users\Will\Downloads\Alkaline Trio - Radio (Pro).gp4
2014-09-23 16:00 - 2014-09-23 16:02 - 00000000 ____D () C:\Users\Will\Desktop\Anathema
2014-09-23 01:49 - 2014-09-23 17:33 - 00000000 ____D () C:\Users\Will\AppData\Local\League_of_Legends_Preping
2014-09-22 12:20 - 2014-09-22 12:20 - 00720384 _____ () C:\Users\Will\Desktop\LoL ping check.exe
2014-09-21 14:16 - 2014-09-21 14:16 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-09-21 14:01 - 2014-09-21 14:01 - 00003902 _____ () C:\Users\Will\AppData\Roaming\LTspiceIV.ini
2014-09-21 13:36 - 2014-09-21 13:36 - 00001199 _____ () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\LTspice IV.lnk
2014-09-21 13:36 - 2014-09-21 13:36 - 00001175 _____ () C:\Users\Will\Desktop\LTspice IV.lnk
2014-09-21 13:36 - 2014-09-21 13:36 - 00000000 ____D () C:\Program Files (x86)\LTC
2014-09-21 13:34 - 2014-09-21 13:34 - 15544320 _____ (Linear Technology Corporation) C:\Users\Will\Downloads\LTspiceIV.exe
2014-09-20 23:51 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-20 23:51 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-20 21:35 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-09-20 21:35 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-09-20 21:35 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-09-20 21:35 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-09-20 21:35 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-09-20 21:35 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-09-20 21:35 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-09-20 21:35 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-09-20 21:35 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-09-20 21:35 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-09-20 21:35 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-09-20 21:35 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-09-20 21:35 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-09-20 21:35 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-09-20 21:35 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-09-20 21:35 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-09-20 21:35 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-09-20 21:35 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-09-20 21:35 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-09-20 21:35 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-09-20 21:35 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-09-20 21:35 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-09-20 21:35 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-09-20 21:35 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-09-20 21:35 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-09-20 21:35 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-09-20 21:35 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-09-20 21:35 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-09-20 21:35 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-09-20 21:35 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-09-20 21:35 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-09-20 21:35 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-09-20 21:35 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-09-20 21:35 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-09-20 21:35 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-09-20 21:35 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-09-20 21:35 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-09-20 21:35 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-09-20 21:35 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-09-20 21:35 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-09-20 21:35 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-09-20 21:35 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-09-20 21:35 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-09-20 21:35 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-09-20 21:35 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-09-20 21:35 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-09-20 21:35 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-09-20 21:35 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-09-20 21:35 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-09-20 21:35 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-09-20 21:35 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-09-20 21:35 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-09-20 21:35 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-09-20 21:35 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-09-20 21:35 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-09-20 21:35 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-09-20 21:35 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-09-20 21:35 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-09-20 21:35 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-09-20 21:35 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-09-20 21:35 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-09-20 21:35 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-09-20 21:35 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-09-20 21:35 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-09-20 21:35 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-09-20 21:35 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-09-20 21:35 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-09-20 21:35 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-09-20 21:35 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-09-20 21:35 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-09-20 21:35 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-09-20 21:35 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-09-20 21:35 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-09-20 21:35 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-09-20 21:35 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-09-20 21:35 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-09-20 21:35 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-09-20 21:35 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-09-20 21:35 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-09-20 21:35 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-09-20 21:35 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-09-20 21:35 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-09-20 21:35 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-09-20 21:35 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-09-20 21:35 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-09-20 21:35 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-09-20 21:35 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-09-20 21:35 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-09-20 21:35 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-09-20 21:35 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-09-20 21:35 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-09-20 21:35 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-09-20 21:35 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-09-20 21:35 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-09-20 21:35 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-09-20 21:35 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-09-20 21:35 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-09-20 21:35 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-09-20 21:35 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-09-20 21:35 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-09-20 21:35 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-09-20 21:35 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-09-20 21:35 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-09-20 21:35 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-09-20 21:35 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-09-20 21:35 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-09-20 21:35 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-09-20 21:35 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-09-20 21:35 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-09-20 21:35 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-09-20 21:35 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-09-20 21:35 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-09-20 21:35 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-09-20 21:35 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-09-20 21:35 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-09-20 21:35 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-09-20 21:35 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-09-20 21:35 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-09-20 21:35 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-09-20 21:35 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-09-20 21:35 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-09-20 21:35 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-09-20 21:35 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-09-20 21:35 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-09-20 21:35 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-09-20 21:35 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-09-20 21:35 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-09-20 21:35 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-09-20 21:35 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-09-20 21:35 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-09-20 21:35 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-09-20 21:35 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-09-20 21:35 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-09-20 21:35 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-09-20 21:35 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-09-20 21:35 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-09-20 21:35 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-09-20 21:35 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-09-20 21:35 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-09-20 21:35 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-09-20 21:35 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-09-20 21:35 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-09-20 21:35 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-09-20 21:35 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-09-20 21:35 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-09-20 21:35 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-09-20 21:35 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-09-20 21:35 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-09-20 21:35 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-09-20 21:35 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-09-20 21:35 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-09-20 21:35 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-09-20 21:35 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-09-20 21:35 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-09-20 21:35 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-09-20 21:35 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-09-20 21:35 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-09-20 21:35 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-09-20 21:35 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-09-20 21:35 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-09-20 21:35 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-09-20 21:35 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-09-20 21:35 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-09-20 17:51 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-20 17:51 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-20 17:51 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-09-20 17:51 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-09-20 17:51 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-09-20 17:51 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-09-20 17:51 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-09-20 17:51 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-09-20 17:51 - 2012-02-11 07:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-09-20 17:51 - 2012-02-11 07:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-09-20 17:51 - 2011-03-11 07:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-09-20 17:51 - 2011-03-11 07:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-09-20 17:51 - 2011-03-11 07:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-09-20 17:51 - 2011-03-11 07:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-09-20 17:51 - 2011-03-11 07:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-09-20 17:51 - 2011-03-11 07:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-09-20 17:51 - 2011-03-11 07:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-09-20 17:51 - 2011-03-11 06:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-09-20 17:51 - 2011-03-11 06:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-09-20 17:51 - 2011-03-11 05:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-09-20 17:51 - 2011-02-25 07:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-20 17:51 - 2011-02-25 06:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-09-20 15:53 - 2014-09-20 15:53 - 00000000 ____D () C:\Users\Will\Desktop\pairing
2014-09-20 15:52 - 2014-09-20 15:52 - 05312793 _____ () C:\Users\Will\Downloads\pairing_utility_1.00.009.zip
2014-09-20 15:29 - 2014-10-16 07:51 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-20 15:13 - 2014-09-20 15:17 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll
2014-09-20 15:13 - 2014-09-20 15:17 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-09-20 15:13 - 2014-09-20 15:13 - 06544080 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL664.SYS
2014-09-20 15:13 - 2014-09-20 15:13 - 04395520 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2014-09-20 15:13 - 2014-09-20 15:13 - 03659264 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2014-09-20 15:13 - 2014-09-20 15:13 - 00096560 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlcoi.dll
2014-09-20 15:13 - 2014-09-20 15:13 - 00022736 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcmvwl64.sys
2014-09-20 15:13 - 2014-09-20 15:13 - 00000000 ____D () C:\Users\Will\AppData\Roaming\InstallShield
2014-09-20 15:13 - 2014-09-20 15:13 - 00000000 ____D () C:\Program Files\Broadcom
2014-09-20 00:24 - 2014-09-20 00:24 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-09-20 00:24 - 2014-09-20 00:24 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-09-20 00:24 - 2014-09-20 00:24 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-20 00:24 - 2014-09-20 00:24 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-09-20 00:24 - 2014-09-20 00:24 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-09-20 00:24 - 2014-09-20 00:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-09-20 00:24 - 2014-09-20 00:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-09-20 00:24 - 2014-09-20 00:24 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-20 00:24 - 2014-09-20 00:24 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-20 00:23 - 2014-09-20 00:23 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-09-20 00:23 - 2014-09-20 00:23 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-09-18 19:49 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-09-18 19:45 - 2014-09-20 00:27 - 00022341 _____ () C:\Windows\IE11_main.log
2014-09-18 19:12 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-18 19:12 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-18 19:12 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-18 19:12 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-18 19:12 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-18 19:12 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-18 19:12 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-18 19:12 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-18 11:10 - 2014-09-18 11:10 - 00042311 _____ () C:\Users\Will\Downloads\TS3MusicBot-plugin.rar
2014-09-18 10:17 - 2014-09-22 12:22 - 00000000 ____D () C:\Users\Will\Desktop\dragonforce
2014-09-18 10:17 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-09-18 10:17 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-09-18 10:17 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-09-18 10:17 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-09-18 10:17 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-09-18 10:17 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-09-18 10:17 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-09-18 10:17 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-09-18 10:17 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-09-18 10:17 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-09-18 10:17 - 2011-06-16 06:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-09-18 10:17 - 2011-06-16 05:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2014-09-18 10:17 - 2011-06-15 11:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-09-18 10:17 - 2011-06-15 11:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-09-18 10:17 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-09-18 10:17 - 2011-06-15 11:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-09-18 10:17 - 2011-06-15 09:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2014-09-18 10:17 - 2011-06-15 09:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2014-09-18 10:17 - 2011-06-15 09:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2014-09-18 10:17 - 2011-06-15 09:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2014-09-18 10:17 - 2011-06-15 09:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2014-09-18 10:16 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-18 10:16 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-18 10:16 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-09-18 10:16 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-09-18 10:16 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-18 10:16 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-18 10:16 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-18 10:16 - 2014-03-26 15:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-18 10:16 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-09-18 10:16 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-09-18 10:16 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-18 10:16 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-18 10:16 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-09-18 10:16 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-09-18 10:16 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-09-18 10:16 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-09-18 10:16 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-09-18 10:16 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-09-18 10:16 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-09-18 10:16 - 2013-07-09 06:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-09-18 10:16 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-09-18 10:16 - 2013-02-15 07:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-18 10:16 - 2013-02-15 07:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-09-18 10:16 - 2013-02-15 04:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-18 10:16 - 2012-03-01 07:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-09-18 10:16 - 2012-03-01 07:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-09-18 10:16 - 2012-03-01 06:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-09-18 10:16 - 2012-01-04 11:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-09-18 10:16 - 2012-01-04 09:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2014-09-18 10:16 - 2011-12-30 07:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-09-18 10:16 - 2011-12-30 06:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-09-18 10:16 - 2011-11-17 07:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-09-18 10:16 - 2011-11-17 06:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-09-18 10:16 - 2011-07-09 03:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-09-18 10:16 - 2011-05-04 06:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-09-18 10:16 - 2011-05-04 06:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-09-18 10:16 - 2011-05-04 06:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-09-18 10:16 - 2011-05-04 06:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-09-18 10:16 - 2011-05-04 06:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-09-18 10:16 - 2011-05-04 06:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-09-18 10:16 - 2011-05-04 06:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-09-18 10:16 - 2011-05-04 06:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-09-18 10:16 - 2011-05-04 06:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-09-18 10:16 - 2011-05-04 05:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-09-18 10:16 - 2011-05-04 05:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-09-18 10:16 - 2011-05-04 05:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-09-18 10:16 - 2011-05-04 05:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-09-18 10:16 - 2011-05-04 05:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-09-18 10:16 - 2011-05-04 05:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2014-09-18 10:16 - 2011-05-04 05:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-09-18 10:16 - 2011-05-04 05:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-09-18 10:16 - 2011-05-04 05:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-09-18 10:16 - 2011-04-27 03:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-09-18 10:16 - 2011-04-27 03:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-18 10:16 - 2010-12-23 11:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-09-18 10:16 - 2010-12-23 11:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-09-18 10:16 - 2010-12-23 11:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-09-18 10:16 - 2010-12-23 06:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-09-18 10:16 - 2010-12-23 06:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-09-18 10:16 - 2010-12-23 06:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-09-18 10:15 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-18 10:15 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-18 10:15 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-18 10:15 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-18 10:15 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-18 10:15 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-18 10:15 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-18 10:15 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-18 10:15 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-18 10:15 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-18 10:15 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-09-18 10:15 - 2014-03-04 10:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-18 10:15 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-09-18 10:15 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-09-18 10:15 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-09-18 10:15 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-09-18 10:15 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-09-18 10:15 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-09-18 10:15 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-09-18 10:15 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-09-18 10:15 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-09-18 10:15 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-09-18 10:15 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-09-18 10:15 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-09-18 10:15 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-09-18 10:15 - 2014-03-04 10:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-18 10:15 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-09-18 10:15 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-09-18 10:15 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-09-18 10:15 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-09-18 10:15 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-09-18 10:15 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-09-18 10:15 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-09-18 10:15 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-09-18 10:15 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-09-18 10:15 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-09-18 10:15 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-09-18 10:15 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-09-18 10:15 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-09-18 10:15 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-09-18 10:15 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-09-18 10:15 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-09-18 10:15 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-09-18 10:15 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-09-18 10:15 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-18 10:15 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-09-18 10:15 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-18 10:15 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-09-18 10:15 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-09-18 10:15 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-09-18 10:15 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-09-18 10:15 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-09-18 10:15 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-09-18 10:15 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-09-18 10:15 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-09-18 10:15 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-09-18 10:15 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-09-18 10:15 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-09-18 10:15 - 2013-08-02 03:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-09-18 10:15 - 2013-08-02 03:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-09-18 10:15 - 2013-08-02 02:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-09-18 10:15 - 2013-08-02 01:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-09-18 10:15 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-09-18 10:15 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-09-18 10:15 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-09-18 10:15 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-09-18 10:15 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-18 10:15 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-09-18 10:15 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-09-18 10:15 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-09-18 10:15 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-09-18 10:15 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-09-18 10:15 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-09-18 10:15 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-09-18 10:15 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-09-18 10:15 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-09-18 10:15 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-09-18 10:15 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-09-18 10:15 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-09-18 10:15 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-09-18 10:15 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-09-18 10:15 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-09-18 10:15 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-09-18 10:15 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-09-18 10:15 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-09-18 10:15 - 2013-03-31 23:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-09-18 10:15 - 2013-02-27 06:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-18 10:15 - 2013-02-12 05:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-09-18 10:15 - 2012-11-02 06:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-09-18 10:15 - 2012-11-02 06:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-09-18 10:15 - 2012-10-03 18:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-09-18 10:15 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-09-18 10:15 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-09-18 10:15 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-09-18 10:15 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-09-18 10:15 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-18 10:15 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-09-18 10:15 - 2012-10-03 17:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-09-18 10:15 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-09-18 10:15 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-09-18 10:15 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-09-18 10:15 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-09-18 10:15 - 2012-05-01 06:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-18 10:15 - 2012-04-26 06:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-09-18 10:15 - 2012-04-26 06:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-09-18 10:15 - 2012-01-13 08:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-09-18 10:15 - 2011-03-11 07:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-09-18 10:15 - 2011-03-11 07:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-09-18 10:15 - 2011-03-11 06:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-09-18 10:15 - 2011-03-11 06:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-09-18 10:15 - 2011-03-03 07:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-09-18 10:15 - 2011-03-03 07:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-09-18 10:15 - 2011-03-03 07:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-09-18 10:15 - 2011-03-03 06:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-09-18 10:15 - 2011-03-03 06:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-09-18 10:14 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-18 10:14 - 2014-05-30 09:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-18 10:14 - 2014-05-30 09:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-18 10:14 - 2014-05-30 09:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-18 10:14 - 2014-05-30 09:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-18 10:14 - 2014-05-30 08:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-18 10:14 - 2014-05-30 08:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-18 10:14 - 2014-05-30 08:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-18 10:14 - 2014-05-30 08:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-18 10:14 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-09-18 10:14 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-09-18 10:14 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-09-18 10:14 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-09-18 10:14 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-09-18 10:14 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-09-18 10:14 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-09-18 10:14 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-18 10:14 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-09-18 10:14 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-09-18 10:14 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-09-18 10:14 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-09-18 10:14 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-09-18 10:14 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-09-18 10:14 - 2012-12-07 14:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-09-18 10:14 - 2012-12-07 14:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-09-18 10:14 - 2012-12-07 13:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-09-18 10:14 - 2012-12-07 13:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-09-18 10:14 - 2012-12-07 12:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-09-18 10:14 - 2012-12-07 12:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-09-18 10:14 - 2012-12-07 12:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-09-18 10:14 - 2012-12-07 12:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-09-18 10:14 - 2012-12-07 12:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-09-18 10:14 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-09-18 10:14 - 2012-12-07 12:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-09-18 10:14 - 2012-12-07 12:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-09-18 10:14 - 2012-12-07 12:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-09-18 10:14 - 2012-12-07 12:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-09-18 10:14 - 2012-12-07 12:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-09-18 10:14 - 2012-12-07 12:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-09-18 10:14 - 2012-12-07 12:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-09-18 10:14 - 2012-12-07 12:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-09-18 10:14 - 2012-12-07 11:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-09-18 10:14 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-09-18 10:14 - 2012-03-17 08:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-09-18 10:14 - 2011-08-17 06:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-09-18 10:14 - 2011-08-17 06:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-09-18 10:14 - 2011-08-17 05:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-09-18 10:14 - 2011-08-17 05:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-09-18 10:14 - 2011-04-29 04:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-09-18 10:14 - 2011-04-29 04:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-18 10:14 - 2011-04-29 04:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-18 10:14 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-09-18 10:13 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-18 10:13 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-18 10:13 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-18 10:13 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-18 10:13 - 2014-07-07 03:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-18 10:13 - 2014-07-07 03:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-18 10:13 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-18 10:13 - 2014-07-07 02:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-18 10:13 - 2014-07-07 02:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-18 10:13 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-18 10:13 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-18 10:13 - 2014-04-12 03:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-18 10:13 - 2014-04-12 03:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-18 10:13 - 2014-04-12 03:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-18 10:13 - 2014-04-12 03:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-18 10:13 - 2014-04-12 03:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-18 10:13 - 2014-04-12 03:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-18 10:13 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-09-18 10:13 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-09-18 10:13 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-09-18 10:13 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-09-18 10:13 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-09-18 10:13 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-09-18 10:13 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-09-18 10:13 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-09-18 10:13 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-09-18 10:13 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-09-18 10:13 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-09-18 10:13 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-18 10:13 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-09-18 10:13 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-09-18 10:13 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-09-18 10:13 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-09-18 10:13 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-09-18 10:13 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-09-18 10:13 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-09-18 10:13 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-09-18 10:13 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-09-18 10:13 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-09-18 10:13 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-09-18 10:13 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-09-18 10:13 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-09-18 10:13 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-09-18 10:13 - 2013-08-02 03:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 03:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 02:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-09-18 10:13 - 2013-08-02 01:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 01:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 01:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-09-18 10:13 - 2013-08-02 01:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-09-18 10:13 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-09-18 10:13 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-09-18 10:13 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-09-18 10:13 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-09-18 10:13 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-09-18 10:13 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-09-18 10:13 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-09-18 10:13 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-09-18 10:13 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-09-18 10:13 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-09-18 10:13 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-09-18 10:13 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-09-18 10:13 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-09-18 10:13 - 2013-01-24 07:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-09-18 10:13 - 2012-11-23 04:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-09-18 10:13 - 2012-09-25 23:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-09-18 10:13 - 2012-09-25 23:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-09-18 10:13 - 2012-07-04 23:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-09-18 10:13 - 2012-07-04 23:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-09-18 10:13 - 2012-07-04 23:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-09-18 10:13 - 2012-07-04 22:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-09-18 10:13 - 2012-07-04 22:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-09-18 10:13 - 2012-06-06 07:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-09-18 10:13 - 2012-06-06 06:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-09-18 10:13 - 2012-05-14 06:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-18 10:13 - 2011-12-16 09:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-09-18 10:13 - 2011-12-16 08:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-09-18 10:13 - 2011-10-15 07:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-09-18 10:13 - 2011-10-15 06:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-09-18 10:13 - 2011-08-27 06:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-09-18 10:13 - 2011-08-27 06:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-09-18 10:13 - 2011-08-27 05:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-09-18 10:13 - 2011-08-27 05:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-09-18 10:13 - 2011-05-24 12:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-09-18 10:13 - 2011-05-24 11:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2014-09-18 10:13 - 2011-05-24 11:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2014-09-18 10:13 - 2011-05-24 11:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2014-09-18 10:13 - 2011-05-24 11:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-09-18 10:13 - 2011-05-03 06:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-09-18 10:13 - 2011-05-03 05:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-09-18 10:13 - 2011-02-23 05:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-09-18 10:13 - 2011-02-18 11:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-09-18 10:13 - 2011-02-18 06:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2014-09-18 10:13 - 2011-02-12 12:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-09-18 10:13 - 2011-02-05 18:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-09-18 10:13 - 2011-02-05 18:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-09-18 10:13 - 2011-02-05 18:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-09-18 10:04 - 2012-02-17 07:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-09-18 10:04 - 2012-02-17 06:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-09-18 10:04 - 2012-02-17 05:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-09-18 10:01 - 2014-09-18 10:01 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-09-18 10:00 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-18 10:00 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-18 10:00 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-18 10:00 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-18 10:00 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-18 10:00 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-18 10:00 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-18 10:00 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-18 10:00 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-18 10:00 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-18 09:59 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-18 09:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-18 09:59 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-18 09:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-17 00:40 - 2014-09-17 00:40 - 00000000 ____D () C:\Windows\system32\SPReview
2014-09-17 00:06 - 2014-09-17 00:06 - 00000000 _____ () C:\Users\Will\Downloads\vTIIMJ9tUc8.swf
2014-09-16 15:34 - 2014-09-16 15:34 - 00154749 _____ () C:\Users\Will\Downloads\Dragonforce - Through The Fire And Flames (Pro).gp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 07:58 - 2009-07-14 05:45 - 00020272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 07:58 - 2009-07-14 05:45 - 00020272 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 07:57 - 2014-09-06 22:22 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Spotify
2014-10-16 07:57 - 2009-07-14 06:13 - 00006214 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 07:54 - 2014-09-06 21:50 - 01550064 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 07:52 - 2009-07-14 05:51 - 00040470 _____ () C:\Windows\setupact.log
2014-10-16 07:51 - 2014-09-06 23:01 - 00000000 ___RD () C:\Users\Will\Dropbox
2014-10-16 07:51 - 2014-09-06 22:57 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Dropbox
2014-10-16 07:51 - 2014-09-06 22:21 - 00159024 _____ () C:\Windows\PFRO.log
2014-10-16 07:51 - 2014-09-06 22:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-16 07:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-15 22:44 - 2014-09-06 23:30 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Adobe
2014-10-15 22:18 - 2014-09-06 21:50 - 00000000 ____D () C:\Users\Will
2014-10-15 21:13 - 2014-09-06 22:34 - 00000000 ____D () C:\Users\Will\AppData\Roaming\TS3Client
2014-10-15 15:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 13:30 - 2009-07-14 05:45 - 00269128 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 13:29 - 2014-09-06 23:09 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 13:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 13:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 08:37 - 2014-09-06 22:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 08:35 - 2014-09-06 22:49 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-15 07:49 - 2014-09-06 22:23 - 00000000 ____D () C:\Users\Will\AppData\Local\Spotify
2014-10-15 00:45 - 2014-09-08 02:09 - 00000000 ____D () C:\Users\Will\AppData\Roaming\uTorrent
2014-10-13 20:05 - 2014-09-08 14:24 - 00013134 _____ () C:\Windows\DPINST.LOG
2014-10-13 17:24 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\security
2014-10-13 17:04 - 2010-02-15 21:01 - 00016256 _____ () C:\Windows\system32\Drivers\dualshock3_x64.sys
2014-10-13 16:57 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-11 15:59 - 2014-09-06 22:33 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Skype
2014-10-11 11:56 - 2014-09-06 22:10 - 00000000 ____D () C:\Users\Will\AppData\Local\Deployment
2014-10-11 11:56 - 2014-09-06 22:10 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-10 18:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-09 19:34 - 2013-05-10 11:57 - 01661440 _____ (Slackerhome Productions) C:\Users\Will\Desktop\Better DS3.exe
2014-10-06 23:16 - 2014-09-06 21:50 - 00000000 ____D () C:\Users\Will\AppData\Local\VirtualStore
2014-10-06 00:09 - 2009-07-14 08:46 - 00000000 ____D () C:\Windows\CSC
2014-10-04 22:34 - 2014-09-06 22:34 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-10-03 21:39 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-10-03 19:56 - 2013-06-27 12:30 - 10821938 _____ (Adobe Systems, Inc.) C:\Users\Will\Desktop\Nv2-PC.exe
2014-10-01 23:23 - 2014-09-06 22:44 - 00000000 ____D () C:\Users\Will\Documents\my games
2014-09-28 18:48 - 2014-09-06 22:33 - 00000000 ____D () C:\Users\Will\AppData\Local\Overwolf
2014-09-28 18:47 - 2014-09-06 21:56 - 00058408 _____ () C:\Users\Will\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-20 21:35 - 2014-09-13 14:38 - 00010330 _____ () C:\Windows\DirectX.log
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\th-TH
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\he-IL
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\et-EE
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-09-20 15:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-09-20 12:36 - 2014-09-06 21:50 - 00001417 _____ () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-20 12:22 - 2009-07-14 08:46 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-20 12:22 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-20 12:22 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-20 12:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-09-20 12:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-09-20 12:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-20 12:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-20 00:07 - 2014-09-06 22:15 - 00766336 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-19 11:10 - 2014-09-06 23:00 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 09:57 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-09-18 09:55 - 2009-07-14 08:46 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2014-09-18 09:55 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-18 09:55 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-09-18 09:55 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-18 09:55 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-18 09:55 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-09-18 09:55 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-09-18 09:55 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\sppui
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\manifeststore
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\AdvancedInstallers
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sppui
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Setup
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\migwiz
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\manifeststore
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2014-09-18 09:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\servicing
2014-09-17 00:41 - 2009-07-14 03:36 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2014-09-17 00:41 - 2009-07-14 03:36 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2014-09-16 01:17 - 2014-09-15 01:30 - 00000000 ____D () C:\a841045ef50fed4d90
2014-09-16 01:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration

Some content of TEMP:
====================
C:\Users\Will\AppData\Local\Temp\8188336.exe
C:\Users\Will\AppData\Local\Temp\8189210.exe
C:\Users\Will\AppData\Local\Temp\baecabebbcae.exe
C:\Users\Will\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxtvby0.dll
C:\Users\Will\AppData\Local\Temp\installer_x64.exe
C:\Users\Will\AppData\Local\Temp\installer_x86.exe
C:\Users\Will\AppData\Local\Temp\install_reader11_uk_mssd_aaa_aih.exe
C:\Users\Will\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Will\AppData\Local\Temp\tmp4a1da071.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 20:21

==================== End Of Log ============================

Attached Files



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:25 AM

Posted 18 October 2014 - 12:03 PM

Hi,

 

I am sorry about the delay. I was out of town for a couple of days so I couldn't reply earlier.
 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Also can you please temporary disable Windows Defender real-time protection. Check here how:

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then go to C:\FRST\Quarantine and right click on the folder, select send to compressed(zip) folder that will make a zipped copy of this folder.

Then please upload it to http://www.bleepingcomputer.com/submit-malware.php?channel=122 so we can examine the files and submit to antivirus companies if needed.
After that please delete the zip file you just created and re-enable Windows Defender.

 

 

Also since Windows Defender is not an antivirus program Download and install an antivirus program of your choice, and make sure that you keep it updated.
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

You can find many freeware alternatives in the list below:

 

http://www.comss.ru/list.php?c=utils

http://www.techsupportalert.com/best-free-anti-virus-software.htm

http://freebies.about.com/od/computerfreebies/tp/best-free-antivirus.htm

http://www.pcmag.com/article2/0,2817,2388652,00.asp

http://www.techradar.com/news/software/applications/best-free-antivirus-9-reviewed-and-rated-1057786

https://www.raymond.cc/blog/comprehensive-list-of-free-anti-virus/

 

You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

 

As for which antivirus to install this is really a matter of personal choice depending on what your needs, computer skills, computer resources and comfort level. All antivirus programs have advantages and disadvantages.You should try and decide what is best for you based on your experience level and computer knowledge.

 

You can look the results here:

http://chart.av-comparatives.org/chart1.php

but keep in mind that there is no antivirus that catches everything. You still should be very careful when surfing and having good browsing habits...

 

Also let me know if the problem still persists...

 

 

Regards,

Georgi


cXfZ4wS.png


#5 Willsor

Willsor
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 19 October 2014 - 07:47 AM

Hi there, submitted the malware sample and got a fixlog:

 

I'm still having a problem with unwanted processes taking up a ton of ram. it's mostly just random named processes like "efakpye.exe" and "odbcconf.exe" They all seem to be coming from appdata\roaming and I can't manually delete anything. Anything else I can try?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-10-2014 01
Ran by Will at 2014-10-19 01:08:50 Run:1
Running from C:\Users\Will\Desktop
Loaded Profile: Will (Available profiles: Will)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\...\Run: [Ikldsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Will\AppData\Local\YlqPack\GdHelpLib.dll
C:\Users\Will\AppData\Local\YlqPack
HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\...\Run: [Ozdrics Update] => regsvr32.exe C:\Users\Will\AppData\Local\Ozdrics\UXDPOST.dll
C:\Users\Will\AppData\Local\Ozdrics
C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\diskpart.lnk
C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Magnify.lnk
C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskeng.lnk
Folder: C:\Users\Will\AppData\Roaming\Microsoft\Windows\IEUpdate
File: C:\Windows\System32\drivers\CORM45.sys
File: C:\Users\Will\AppData\Roaming\msregsvv.dll
2014-10-05 23:18 - 2014-10-06 00:08 - 00000000 ____D () C:\Users\Will\AppData\Roaming\Ucruahza
AlternateDataStreams: C:\ProgramData\TEMP:BC359956
emptytemp:
end
*****************

HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ikldsoft => value deleted successfully.
C:\Users\Will\AppData\Local\YlqPack => Moved successfully.
HKU\S-1-5-21-1293443630-3657240947-3547776181-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ozdrics Update => value deleted successfully.
C:\Users\Will\AppData\Local\Ozdrics => Moved successfully.
"C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\diskpart.lnk" => File/Directory not found.
"C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Magnify.lnk" => File/Directory not found.
"C:\Users\Will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskeng.lnk" => File/Directory not found.

========================= Folder: C:\Users\Will\AppData\Roaming\Microsoft\Windows\IEUpdate ========================


====== End of Folder: ======


========================= File: C:\Windows\System32\drivers\CORM45.sys ========================

MD5: 84951FFCD403DCA9EA2252B79C8770F0
Creation and modification date: 2014-09-08 14:24 - 2013-11-28 16:54
Size: 0025600
Attributes: ----A
Company Name:  
Internal Name: CORM45.sys
Original Name: CORM45.sys
Product Name:
Description:
File Version: 1.0.0.0.7600.16385 built by: WinDDK
Product Version: 1.0.0.0.7600.16385
Copyright:

====== End Of File: ======


========================= File: C:\Users\Will\AppData\Roaming\msregsvv.dll ========================

MD5: C56A272D347DBEB7BFA30361E5A3D3B6
Creation and modification date: 2014-10-07 16:05 - 2014-10-14 23:35
Size: 0000016
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

C:\Users\Will\AppData\Roaming\Ucruahza => Moved successfully.
C:\ProgramData\TEMP => ":BC359956" ADS removed successfully.
EmptyTemp: => Removed 23.7 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:25 AM

Posted 19 October 2014 - 09:48 AM

Hello,

 

Please re-run FRST (make sure that Addition.txt is checked before you press the Scan button) and post both logs in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 Willsor

Willsor
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 22 October 2014 - 02:25 AM

Hi, thanks for the reply

I tried AVG free and I was having the problems I listed in my last post.

I uninstalled that and installed Avast and that seems to have cleaned up the majority of the issues, however I'm still getting the odd redirect in my Firefox and Chrome.

 

 

Attached Files



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:25 AM

Posted 22 October 2014 - 05:46 AM

Hi,

 

 

Please don't do things on your own but wait for instructions.

 

Download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Let me know if the problem still persists after the fix above.

 

 

Regards,

Georgi

 


cXfZ4wS.png


#9 Willsor

Willsor
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 22 October 2014 - 06:00 PM

Hi Georgi,

 

I didn't think I was doing things by myself, you instructed me to download and run an antivirus software, and that's what I thought I did. Did I download the wrong one?

Anyway, here is the fixlist attached

Thanks very much

Attached Files



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:25 AM

Posted 22 October 2014 - 06:43 PM

Hello,

 

My apologies...somehow I missed that part, maybe due to tired eyes. You're doing great job so far. :)

 

Next I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#11 Willsor

Willsor
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 23 October 2014 - 12:00 PM

Hi again

 

I have run the scans:

pastebin for roguekiller:  http://pastebin.com/Xza1eNT4

 

 

paste of RKill, followed by malwarebytes, followed by hitman:

 

 

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/23/2014 05:27:04 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost
  198.100.156.140 www.google-analytics.com.
  198.100.156.140 google-analytics.com.
  198.100.156.140 connect.facebook.net.
  193.107.16.138 www.google-analytics.com.
  193.107.16.138 google-analytics.com.
  193.107.16.138 connect.facebook.net.

Program finished at: 10/23/2014 05:27:25 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)









Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/10/2014
Scan Time: 17:46:29
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.23.06
Rootkit Database: v2014.10.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Will

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312573
Time Elapsed: 3 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent, C:\Users\Will\AppData\Roaming\Adobe\AcorIEHelper.dll, Quarantined, [c3fec156bac2c37389f68994709359a7],

Physical Sectors: 0
(No malicious items detected)


(end)









HitmanPro 3.7.9.225
www.hitmanpro.com

   Computer name . . . . : WILL-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Will-PC\Will
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-10-23 17:53:29
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 36s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 42

   Objects scanned . . . : 2,000,790
   Files scanned . . . . : 70,260
   Remnants scanned  . . : 633,357 files / 1,297,173 keys

Malware _____________________________________________________________________

   C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
      Size . . . . . . . : 183,296 bytes
      Age  . . . . . . . : 7.9 days (2014-10-15 20:18:17)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 446D9DB1A2F1B28E0D139757F07CBF1F9C099617FA308083F3ABD7DD06458F4E
    > Kaspersky  . . . . : Trojan.Win32.Yakes.gqvc
      Fuzzy  . . . . . . : 99.0
      Forensic Cluster
         -0.3s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.tmp
         -0.3s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.tmp
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          0.0s C:\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2E48AE55-8FBD-4910-8C3E-6794C2B12D16}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}
         10.7s C:\ProgramData\Microsoft\Secure\Icons\temp\{1C2B09AF-81EE-DF0A-CBC8-BB5F86767114}


Suspicious files ____________________________________________________________

   C:\Users\Will\AppData\Local\Temp\tm20C9.tmp
      Size . . . . . . . : 2,403,104 bytes
      Age  . . . . . . . : 4.2 days (2014-10-19 14:06:35)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : CE492EFBEBC0AC76B15A23D6C79594BB33FDDA61C529932047E8BABCAFBDBA4D
      Product  . . . . . : NVIDIA GeForce Experience
      Publisher  . . . . : NVIDIA Corporation
      Description  . . . : NVIDIA GeForce Experience Backend
      Version  . . . . . : 15.3.33.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 9
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 26.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         The file name extension of this program is not common.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\places.sqlite-shm
      Size . . . . . . . : 32,768 bytes
      Age  . . . . . . . : 0.0 days (2014-10-23 17:32:05)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : 334A7AD9638252ED337F9651C62DE5646388EE6DEB5CA3B7160F880AB0E9D74F
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
      Forensic Cluster
          0.0s C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\places.sqlite-wal
          0.0s C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\places.sqlite-shm
          3.4s C:\Users\Will\AppData\Local\Mozilla\Firefox\Profiles\4sfbcmxe.default\cache2\entries\EF4846EF53EACED5934DB2AB0CEA4CE9965E52E3
          3.5s C:\Users\Will\AppData\Local\Mozilla\Firefox\Profiles\4sfbcmxe.default\cache2\entries\03A43091DBD528E0F3A8574459F811C42ED02246
          3.6s C:\Users\Will\AppData\Local\Mozilla\Firefox\Profiles\4sfbcmxe.default\cache2\entries\F2DBCAE58F38288132B02F933C31E3D6FD72303A
          3.6s C:\Users\Will\AppData\Local\Mozilla\Firefox\Profiles\4sfbcmxe.default\cache2\entries\D9F3EE7360B2CE555A9582974A4830DAB86C18B0
          4.3s C:\Users\Will\AppData\Local\Mozilla\Firefox\Profiles\4sfbcmxe.default\cache2\entries\E7AA24D26072032336FDEA9D905CB2584117F1C8
          5.4s C:\Users\Will\AppData\Local\Mozilla\Firefox\Profiles\4sfbcmxe.default\cache2\entries\578EE9C25E80555E59BBA3E614771E2B9A06CE66
         19.1s C:\Users\Will\AppData\Local\Mozilla\Firefox\Profiles\4sfbcmxe.default\cache2\entries\BDDEAF2B036AC1F39A616521A81578BE30445394

   C:\Users\Will\Desktop\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,110,976 bytes
      Age  . . . . . . . : 7.4 days (2014-10-16 08:22:08)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : FD7C4C392929EE281A6A98AA1440A5EBBE723225220F46256E92CDF0C7AC788C
      Needs elevation  . : Yes
      Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/0c720387b3cc4437dc8319d58c8fb9cd/54475b58/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe
      Fuzzy  . . . . . . : 26.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Will\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,112,000 bytes
      Age  . . . . . . . : 0.7 days (2014-10-22 23:58:24)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72679FB698B7CD4953301187341D71DB2B7A0AFBC20A75D87C8A0632DC1644A1
      Needs elevation  . : Yes
      Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/567d2fcbe0b0eded1cdcb914d7bff0b3/54483697/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe
      Fuzzy  . . . . . . : 27.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.5s C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJP4G03K\up64[1]
         -0.1s C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\XMYX00H5.txt
         -0.1s C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSAPQFO6\82[1].htm
          0.0s C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQWLVUK9\FRST64[1].exe
          0.0s C:\Users\Will\Desktop\FRST-OlderVersion\FRST64.exe
          1.2s C:\Users\Will\AppData\Local\Spotify\Storage\b0\b02b8d5f89c990f30d650d60697b0c48c93b51d2.file
         16.5s C:\Users\Will\Desktop\FRST-OlderVersion\Fixlog.txt
         16.5s C:\FRST\Quarantine\C\Users\Will\AppData\Roaming\Microsoft\Windows\
         16.5s C:\FRST\Quarantine\C\Users\Will\AppData\Roaming\Microsoft\
         16.5s C:\Users\Will\AppData\Local\Temp\BTN%Copy%1\BTN%Copy%2\
         16.5s C:\Users\Will\AppData\Local\Temp\BTN%Copy%1\
         16.6s C:\FRST\Quarantine\C\Users\Will\AppData\Local\Temp\
         19.8s C:\FRST\Logs\Fixlog_22-10-2014_23-58-43.txt

   C:\Users\Will\Downloads\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 13.9 days (2014-10-09 19:06:34)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 55ADA329F40AC0E0F13EC464E56D09C12078ADEF021A934F059BCD3E962EC46E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Will\Downloads\MiniToolBox.exe
          3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5BAD6B3C-680A-4CEA-9B9C-05CC87BB49F4}
          8.2s C:\Users\Will\Downloads\Result.txt


Repairs _____________________________________________________________________

   hosts
   C:\Windows\system32\drivers\etc\


Cookies _____________________________________________________________________

   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\44D3DPCR.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\67TF8H3Z.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\6C1F4K7E.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\6K5O0TEB.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\6UFH1I00.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\743CY82D.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\7HIZTPW7.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\8945OBDX.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\8G1SUZWP.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\B2MOVJHK.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\C0IDYEEH.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\DU601U98.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\FYRK43Z1.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\FZ9EU9C3.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\I0OGTQ3I.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\IW3OIL8Q.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\KLLVAT60.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\NQR6M5Z5.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\OFQY3A28.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\OX4K4GQ3.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\Q32XCYFI.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\QYMZ96X9.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\TXFG1UO2.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\VYOCWXWX.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\XLO08EE6.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\YE6RRKI2.txt
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:7search.com
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:clickbank.net
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:doubleclick.net
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:pcworldcommunication.122.2o7.net
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:serving-sys.com
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:survey.g.doubleclick.net
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:www.googleadservices.com
 

#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:25 AM

Posted 24 October 2014 - 02:17 AM

Hello,

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Also can you please temporary disable Windows Defender real-time protection. Check here how:

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then go to C:\FRST\Quarantine and right click on the folder, select send to compressed(zip) folder that will make a zipped copy of this folder.

Then please upload it to http://www.bleepingcomputer.com/submit-malware.php?channel=122 so we can examine the files and submit to antivirus companies if needed.
After that please delete the zip file you just created and re-enable Windows Defender.

 

 

Next please re-run HitmanPro and post the log as well.

 

Also you forgot to paste the link to the TDSSKiller log too.

 

 

 

Regards,

Georgi

 

 


cXfZ4wS.png


#13 Willsor

Willsor
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 24 October 2014 - 06:51 AM

Hi Georgi,

I didn't include the TDSSKiller log originally because the scan came up with nothing found.

 

I was running FRST and it was taking a while so I left my computer. Windows update ( I presume) then restarted my computer half way through. I ran FRST again but it was taking about an hour to complete, so I had to end the process, as I had to leave the house. The log is below. The hitman log is below also.

 

The quarantine.zip is too large for your uploader, its 20MB, and the maximum size is 5MB supposedly.

Cheeers

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-10-2014
Ran by Will at 2014-10-24 12:03:17 Run:4
Running from C:\Users\Will\Desktop\FRST-OlderVersion
Loaded Profile: Will (Available profiles: Will)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\ProgramData\Microsoft\Secure
Hosts:
Emptytemp:
end

*****************

"C:\ProgramData\Microsoft\Secure" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 

HitmanPro 3.7.9.225
www.hitmanpro.com

   Computer name . . . . : WILL-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Will-PC\Will
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-10-24 12:47:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 28s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 38

   Objects scanned . . . : 1,566,698
   Files scanned . . . . : 54,601
   Remnants scanned  . . : 610,103 files / 901,994 keys

Suspicious files ____________________________________________________________

   C:\Users\Will\AppData\Local\Temp\tm20C9.tmp
      Size . . . . . . . : 2,403,104 bytes
      Age  . . . . . . . : 4.9 days (2014-10-19 14:06:35)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : CE492EFBEBC0AC76B15A23D6C79594BB33FDDA61C529932047E8BABCAFBDBA4D
      Product  . . . . . : NVIDIA GeForce Experience
      Publisher  . . . . : NVIDIA Corporation
      Description  . . . : NVIDIA GeForce Experience Backend
      Version  . . . . . : 15.3.33.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 9
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 26.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         The file name extension of this program is not common.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Will\Desktop\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,110,976 bytes
      Age  . . . . . . . : 8.2 days (2014-10-16 08:22:08)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : FD7C4C392929EE281A6A98AA1440A5EBBE723225220F46256E92CDF0C7AC788C
      Needs elevation  . : Yes
      Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/0c720387b3cc4437dc8319d58c8fb9cd/54475b58/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe
      Fuzzy  . . . . . . : 26.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Will\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,112,000 bytes
      Age  . . . . . . . : 1.5 days (2014-10-22 23:58:24)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 72679FB698B7CD4953301187341D71DB2B7A0AFBC20A75D87C8A0632DC1644A1
      Needs elevation  . : Yes
      Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/567d2fcbe0b0eded1cdcb914d7bff0b3/54483697/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe
      Fuzzy  . . . . . . : 27.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is downloaded from the Internet to this computer.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.1s C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\XMYX00H5.txt
         -0.1s C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSAPQFO6\82[1].htm
          0.0s C:\Users\Will\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQWLVUK9\FRST64[1].exe
          0.0s C:\Users\Will\Desktop\FRST-OlderVersion\FRST64.exe
          1.2s C:\Users\Will\AppData\Local\Spotify\Storage\b0\b02b8d5f89c990f30d650d60697b0c48c93b51d2.file
         16.5s C:\Users\Will\Desktop\FRST-OlderVersion\Fixlog.txt
         16.5s C:\$Recycle.Bin\S-1-5-21-1293443630-3657240947-3547776181-1000\$RLBEK8P.txt
         16.5s C:\$Recycle.Bin\S-1-5-21-1293443630-3657240947-3547776181-1000\$RFN6P7P.txt
         16.5s C:\FRST\Quarantine\C\Users\Will\AppData\Roaming\Microsoft\Windows\
         16.5s C:\FRST\Quarantine\C\Users\Will\AppData\Roaming\Microsoft\
         16.6s C:\FRST\Quarantine\C\Users\Will\AppData\Local\Temp\
         19.8s C:\FRST\Logs\Fixlog_22-10-2014_23-58-43.txt

   C:\Users\Will\Downloads\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 14.7 days (2014-10-09 19:06:34)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 55ADA329F40AC0E0F13EC464E56D09C12078ADEF021A934F059BCD3E962EC46E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 23.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Will\Downloads\MiniToolBox.exe
          3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5BAD6B3C-680A-4CEA-9B9C-05CC87BB49F4}
          8.2s C:\Users\Will\Downloads\Result.txt


Cookies _____________________________________________________________________

   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\44D3DPCR.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\67TF8H3Z.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\6C1F4K7E.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\6K5O0TEB.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\6UFH1I00.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\743CY82D.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\7HIZTPW7.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\8945OBDX.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\8G1SUZWP.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\B2MOVJHK.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\C0IDYEEH.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\DU601U98.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\FYRK43Z1.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\FZ9EU9C3.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\I0OGTQ3I.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\IW3OIL8Q.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\KLLVAT60.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\NQR6M5Z5.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\OFQY3A28.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\OX4K4GQ3.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\Q32XCYFI.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\QYMZ96X9.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\TXFG1UO2.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\VYOCWXWX.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\XLO08EE6.txt
   C:\Users\Will\AppData\Roaming\Microsoft\Windows\Cookies\YE6RRKI2.txt
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:7search.com
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:clickbank.net
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:doubleclick.net
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:pcworldcommunication.122.2o7.net
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:serving-sys.com
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:statse.webtrendslive.com
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:survey.g.doubleclick.net
   C:\Users\Will\AppData\Roaming\Mozilla\Firefox\Profiles\4sfbcmxe.default\cookies.sqlite:www.googleadservices.com

Edited by Willsor, 24 October 2014 - 06:52 AM.


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:03:25 AM

Posted 24 October 2014 - 07:37 AM

Hi,

 

It seems it worked. Can you please zip the folder and upload it here => http://zippyshare.com/.

Next please send me the download link via Personal Message and then delete the zip file you just created (and Empty the Recycle Bin).

 

 

STEP 1

 

Also before I let you free I'd like us to scan your machine with ESET OnlineScan to be completely sure your pc is malware free.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

STEP 2

 

Also let's check for outdated and vulnerable software on your pc:

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe to run it.
  • A notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Regards,

Georgi


cXfZ4wS.png


#15 Willsor

Willsor
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 25 October 2014 - 09:51 AM

Hi

 

Here is the output of the first program:

 

C:\$Recycle.Bin\S-1-5-21-1293443630-3657240947-3547776181-1000\$RGZD41G.zip    multiple threats
C:\FRST\Quarantine.zip    multiple threats
C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll    a variant of Win64/Sathurbot.A trojan
C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\temp\tmp13.exe    a variant of Win32/Kryptik.CNQK trojan
C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\temp\tmp4292.exe    a variant of Win32/Kryptik.CNVY trojan
C:\FRST\Quarantine\C\Users\Will\AppData\Local\Ozdrics\UXDPOST.dll    a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\Users\Will\AppData\Local\YlqPack\ArcIde.dll    a variant of Win32/Sefnit.DD trojan
C:\FRST\Quarantine\C\Users\Will\AppData\Local\YlqPack\GdHelpLib.dll    a variant of Win32/Sefnit.DD trojan
C:\Program Files (x86)\IDA PRO Advanced Edition\ida6x.dll    Win32/HackTool.IDA.A trojan
C:\Users\Will\Downloads\ida pro\Ida Pro v6.1\Ida Pro Adv EditionTDM.exe    Win32/HackTool.IDA.A trojan
 

 

 

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpyHunter 4    
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox 32.0.3 Firefox out of Date!  
 Google Chrome 38.0.2125.101  
 Google Chrome 38.0.2125.104  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 28% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users